Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware and Cleaning Programs won't run


  • Please log in to reply

#1
dlwtechquest

dlwtechquest

    Member

  • Member
  • PipPip
  • 21 posts

I'm working on my father's pc.

Windows 10 home 64-bit

Gateway dx4860

8 g RAM

Intel Core i5-2300 2.8gHz

 

CCleaner link on the Desktop ihas been disabled, or delinked. It does not open CCleaner and is a generic link rather than the ccleaner icon.  This happened again, about a day after I reinstalled it.

 

PcMatic is not opening. It is giving me a "Cannot reach this page" error. saying make sure this  website is correct. http://utilities.pcpitstop.com

 

Wifi has been disabled, this was a few days ago, and I have been using a wired connection since then.

 

Hijackthis has been removed.

 

I did, however run malwarebytes and esi emergency scanner, but malwarebytes found nothing, and esi emergency scanner found something rather benign. I removed what it found to no benefit. II also ran COMODO CCE, it found nothing.

 

I was able to download FRST64, but I haven't run it yet. I have never used it before, but I saw it as probably necessary.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,797 posts
  • MVP

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


 


  • 0

#3
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

frst text

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by sadd (administrator) on JOJO (03-07-2018 18:50:57)
Running from C:\Users\sadd\Desktop
Loaded Profiles: sadd & PCPitstopSVC (Available Profiles: sadd & jojo & NeroMediaHomeUser.4 & PCPitstopSVC)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cheetah Mobile,Inc.) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(PC Pitstop ) C:\ProgramData\PCPitstopDat\Installs\pcmaticrt-setup_3.0.5.0.exe
() C:\Windows\Temp\is-UCDN6.tmp\pcmaticrt-setup_3.0.5.0.tmp
(PC Pitstop) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE
(Cisco) C:\Users\sadd\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(PC Pitstop) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.10228.20096.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-03-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [CCE] => C:\Program Files (x86)\Comodo\cce_2.5.242177.201_x64\cce_x64\CCE.exe [8689344 2018-06-27] (COMODO)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2017-11-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2017-11-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296008 2014-02-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PC Matic] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2116864 2018-06-28] (PC Pitstop)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 2018\AudialsNotifier.exe [4293528 2017-11-06] ()
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [5404872 2018-06-24] (Link64 GmbH)
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [16309736 2017-09-25] (Plex, Inc.)
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Run: [VideoGuardMonitor] => C:\Users\sadd\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2017-06-20] (Cisco)
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1861271705-2052905311-3892416565-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll [309680 2018-05-04] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [262576 2018-05-04] (Jaksta Technologies Pty Ltd)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1861271705-2052905311-3892416565-1000] => http=127.0.0.1:8082;https=127.0.0.1:8082
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3c35cc45-0d3d-4ac6-b96c-9bbcb28eb686}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9c928f7e-d776-42ff-b617-3a3e9bacd6b8}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9c928f7e-d776-42ff-b617-3a3e9bacd6b8}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5DDF&PC=SL5D&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000 -> {B512F36A-2014-4B64-992F-0B8F8D849F98} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-11] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-11] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-11] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-11] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\.DEFAULT -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxps://files.pcpitstop.com/cab/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File

Edge:
======
Edge Extension: (Evernote Web Clipper) -> 9nblggh4x0qw_EvernoteEvernoteWebClipper_q4d96b2w5wcc2 => C:\Program Files\WindowsApps\Evernote.EvernoteWebClipper_6.13.2.0_neutral__q4d96b2w5wcc2 [2018-03-27]
Edge Extension: (No Name) -> EdgeExtension_texthelpcomReadWriteforMicrosoftEdge_68je7kza8j96w => C:\Program Files\WindowsApps\texthelp.com.ReadWriteforMicrosoftEdge_1.2.13.0_neutral__68je7kza8j96w [2018-06-18]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.47.0_neutral__8wekyb3d8bbwe [2018-06-06]

FireFox:
========
FF DefaultProfile: f29tllzm.default
FF ProfilePath: C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default [2017-06-20]
FF Extension: (7digital Music Store) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2012-12-29] [Legacy] [not signed]
FF Extension: (Amazon Music Store) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (Last.fm) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (CD Rip Support) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (Concerts) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2012-12-29] [Legacy] [not signed]
FF Extension: (Philips GoGear Device Manager) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (Gracenote Metadata Lookup Provider) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (Grooveshark Search) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2017-12-31] [Legacy] [not signed]
FF Extension: (mashTape) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (MSC Device Support) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (MTP Device Support) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (QuickTime Playback) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (Rubberducky Dependencies) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2012-08-19] [Legacy] [not signed]
FF Extension: (Media Sharing) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (SHOUTcast Radio) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (Songbird.me) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (Windows Media Playback) - C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\Extensions\[email protected] [2013-06-12] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\[email protected] [not found]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\searchplugins\08a274d8-cfae-4947-9afc-4fbf62049161.xml [2012-05-23]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\searchplugins\1306b267-e28f-4a4b-a4e3-1fbe5ba214a1.xml [2012-06-05]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\searchplugins\15607231-3900-4530-8980-e078bbeba148.xml [2012-05-21]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\searchplugins\1b19fbd9-57e1-4599-a5b6-f0aa313c1287.xml [2012-06-23]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\searchplugins\25916eff-9468-48f2-a528-b269747e19cf.xml [2012-05-23]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Songbird2\Profiles\wf8896v6.default\searchplugins\7digital.xml [2012-04-29]
FF ProfilePath: C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default [2018-07-03]
FF user.js: detected! => C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\user.js [2017-02-04]
FF Homepage: Mozilla\Firefox\Profiles\wiou2cmm.default -> hxxps://www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\wiou2cmm.default -> type", 0
FF Extension: (DownThemAll! AntiContainer) - C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\Extensions\[email protected] [2016-04-22] [Legacy]
FF Extension: (Embedded Objects) - C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\Extensions\[email protected] [2013-02-20] [Legacy] [not signed]
FF Extension: (Groove Shredder) - C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\Extensions\[email protected] [2016-05-07] [Legacy]
FF Extension: (Google Translator for Firefox) - C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\Extensions\[email protected] [2018-02-18]
FF Extension: (FlashGot) - C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-11] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-06-28]
FF Extension: (DownThemAll!) - C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-06] [Legacy]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\searchplugins\bing-.xml [2016-01-15]
FF SearchPlugin: C:\Users\sadd\AppData\Roaming\Mozilla\Firefox\Profiles\wiou2cmm.default\searchplugins\safeguard-secure-search.xml [2013-11-22]
FF ProfilePath: C:\Users\sadd\AppData\Roaming\Comodo\IceDragon\Profiles\f29tllzm.default [2018-07-03]
FF Homepage: Comodo\IceDragon\Profiles\f29tllzm.default -> hxxps://www.yahoo.com?fr=fp-comodo&type=id_hp
FF ProfilePath: C:\Users\sadd\AppData\Roaming\Avant Profiles\.default\gecko\Profiles\sr4zs3no.default [2012-06-11]
FF NetworkProxy: Avant Profiles\.default\gecko\Profiles\sr4zs3no.default -> type", 0
FF ProfilePath: C:\Users\sadd\AppData\Roaming\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\k0kpkt1r.default [2017-03-25]
FF NetworkProxy: Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\k0kpkt1r.default -> type", 0
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2018-07-02] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{10E4285F-D79B-4147-9447-81DFF109A394}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-11-15] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\AllMyTube\[email protected]_xpi
FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\[email protected]_xpi [2016-03-28] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2018-02-09] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2018-05-14] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll [2016-02-29] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=17.0.4.61 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.7.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-12-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.7.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-12-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.7.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-12-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.4.61 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-08] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-12-14] (RealDownloader)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\nppl3260.dll [2014-02-08] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\npqtplugin.dll [2014-03-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\npqtplugin2.dll [2014-03-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\npqtplugin3.dll [2014-03-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\npqtplugin4.dll [2014-03-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\npqtplugin5.dll [2014-03-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\npqtplugin6.dll [2012-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\npqtplugin7.dll [2012-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadd\AppData\Roaming\mozilla\plugins\nprpplugin.dll [2014-02-08] (RealPlayer)

Chrome:
=======
CHR DefaultProfile: Profile 3
CHR NewTab: Profile 3 -> "active": false,
            "entry": "chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html"
          
CHR Profile: C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default [2018-07-03]
CHR Extension: (Google Translate) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-05-11]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-08-27]
CHR Extension: (YouTube) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-11-03]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-11]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-11-22]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-08]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2014-11-11]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlelfeaeehmpkbcfjmjcbilahepgcjgk [2015-02-19]
CHR Extension: (Google Wallet) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-23]
CHR Extension: (Trend Micro Toolbar) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-05-19]
CHR Extension: (Gmail) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (No Name) - C:\Users\sadd\Documents\GroovesharkDownloader [2015-02-12] [UpdateUrl: hxxp://groovesharkdownload.net/Download/updates.xml] <==== ATTENTION
CHR Profile: C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-07-03]
CHR Profile: C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-07-03]
CHR Extension: (RealPlayer Downloader) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-02]
CHR Extension: (Trend Micro Toolbar) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2017-01-02]
CHR Extension: (Chrome Media Router) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-02]
CHR Profile: C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-07-03]
CHR Extension: (Google Slides) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Google Docs) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-17]
CHR Extension: (YouTube) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-17]
CHR Extension: (Google Search) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-14]
CHR Extension: (Google Sheets) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-17]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-17]
CHR Extension: (Gmail) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-17]
CHR Profile: C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-07-03]
CHR Extension: (Google Drive) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (Google Search) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-02]
CHR Extension: (No Name) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-25]
CHR Profile: C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-03]
CHR Extension: (Songbird Toolbar) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aaaanekkkbebcnpimficmalklgjoahpn [2015-05-23] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-23]
CHR Extension: (Google Docs) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-23]
CHR Extension: (Google Drive) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-23]
CHR Extension: (YouTube) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-23]
CHR Extension: (Google Search) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-23]
CHR Extension: (Google Sheets) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-23]
CHR Extension: (Bookmark Manager) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-07]
CHR Extension: (RealPlayer Downloader) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-23]
CHR Extension: (Trend Micro Toolbar) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-05-23]
CHR Extension: (Gmail) - C:\Users\sadd\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23]
CHR HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [397936 2017-12-28] (Cheetah Mobile,Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [444640 2014-07-28] ()
S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [143648 2018-01-08] (Maxthon International ltd.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [852736 2018-06-28] (PC Pitstop)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [198456 2018-01-28] (PC Pitstop LLC)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2092008 2017-09-25] (Plex, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-12-14] ()
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-02-08] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2013-12-16] () [File not signed]
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
S3 BrSerIf; C:\WINDOWS\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [19584 2006-09-03] (Brother Industries Ltd.) [File not signed]
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-07-11] (Cypress Semiconductor, Inc.) [File not signed]
R1 epp; C:\EEK\bin64\epp.sys [142448 2018-06-29] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-06-08] (Malwarebytes)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-14] (REALiX™)
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
S3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [39792 2017-09-28] (IObit.com)
R3 jakstaVA; C:\WINDOWS\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [89776 2017-12-28] (Kingsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-28] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-07-02] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-02] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-07-03] (Malwarebytes)
S3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-11] (MediaTek Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 RrNetCapFilterDriver; C:\WINDOWS\system32\DRIVERS\RrNetCapFilterDriver.sys [25256 2015-07-09] (Audials AG)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-05-19] (Realtek )
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SndTAudio; C:\WINDOWS\system32\drivers\SndTAudio.sys [34528 2013-03-28] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2016-02-02] (Wondershare)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-03 18:50 - 2018-07-03 18:52 - 000045165 _____ C:\Users\sadd\Desktop\FRST.txt
2018-07-03 18:50 - 2018-07-03 18:50 - 000000000 ____D C:\FRST
2018-07-03 17:24 - 2018-07-03 17:24 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-02 18:08 - 2018-07-02 18:08 - 000092014 _____ C:\Users\sadd\Documents\cc_20180702_180831.reg
2018-07-02 17:55 - 2018-07-02 17:55 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-02 17:55 - 2018-07-02 17:55 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-02 17:55 - 2018-07-02 17:55 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-30 00:48 - 2018-06-30 00:48 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-06-28 22:09 - 2018-06-28 22:09 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-28 22:04 - 2018-06-28 22:04 - 002412544 _____ (Farbar) C:\Users\sadd\Desktop\FRST64.exe
2018-06-28 21:11 - 2018-06-28 21:11 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-28 21:11 - 2018-06-28 21:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-06-28 20:47 - 2018-06-28 20:48 - 005660124 _____ (Swearware) C:\Users\sadd\Downloads\ComboFix.exe
2018-06-28 20:32 - 2018-06-30 00:51 - 000000000 ____D C:\Program Files\CCleaner
2018-06-28 20:32 - 2018-06-29 12:20 - 000000872 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-28 20:32 - 2018-06-28 20:32 - 000002846 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-06-28 20:32 - 2018-06-28 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-28 20:30 - 2018-06-28 20:37 - 340451880 _____ C:\Users\sadd\Downloads\EmsisoftEmergencyKit.exe
2018-06-27 22:00 - 2018-06-27 22:01 - 034688252 _____ C:\Users\sadd\Downloads\cce_public_x64 (3).zip
2018-06-27 19:22 - 2018-06-27 19:22 - 000002406 _____ C:\Users\sadd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-26 21:07 - 2018-06-26 21:07 - 000002523 _____ C:\Users\Public\Desktop\Smart View.lnk
2018-06-25 23:48 - 2018-06-25 23:48 - 000000000 ____D C:\Users\sadd\AppData\Roaming\OneLoupe
2018-06-25 23:47 - 2018-06-25 23:47 - 000105442 _____ C:\Users\sadd\Documents\OneLoupe_x64(1).zip
2018-06-25 23:46 - 2018-06-25 23:46 - 000105442 _____ C:\Users\sadd\Documents\OneLoupe_x64.zip
2018-06-25 23:33 - 2018-06-25 23:40 - 000001325 _____ C:\Users\sadd\Desktop\Magnify - Shortcut.lnk
2018-06-25 22:45 - 2018-06-25 22:45 - 000000000 ____D C:\Users\sadd\AppData\LocalLow\Cisco
2018-06-25 22:45 - 2018-06-25 22:45 - 000000000 ____D C:\Users\sadd\AppData\Local\Cisco
2018-06-24 22:48 - 2018-06-24 22:48 - 000000860 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2018-06-24 22:48 - 2018-06-24 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2018-06-24 22:45 - 2018-06-24 22:46 - 043210016 _____ C:\Users\sadd\Downloads\smplayer-18.6.0-x64.exe
2018-06-21 00:53 - 2018-06-21 00:53 - 000000124 _____ C:\Users\sadd\Documents\Two Hands.txt
2018-06-15 09:57 - 2018-06-15 09:57 - 000002269 _____ C:\Users\sadd\Desktop\Free Online Alien Hunter Games - Play Alien Hunter Games.lnk
2018-06-14 09:58 - 2018-06-14 09:58 - 000000000 ____D C:\ProgramData\Packages
2018-06-13 08:17 - 2018-06-08 14:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-13 08:17 - 2018-06-08 04:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-13 08:17 - 2018-06-08 04:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-13 08:17 - 2018-06-08 04:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-13 08:17 - 2018-06-08 04:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-13 08:17 - 2018-05-20 14:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-13 08:17 - 2018-05-20 11:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-13 08:17 - 2018-05-20 06:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-13 08:17 - 2018-05-20 06:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-13 08:17 - 2018-05-20 06:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-13 08:16 - 2018-06-08 14:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-13 08:16 - 2018-06-08 14:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-13 08:16 - 2018-06-08 13:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-13 08:16 - 2018-06-08 13:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-13 08:16 - 2018-06-08 13:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-13 08:16 - 2018-06-08 13:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-13 08:16 - 2018-06-08 13:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-13 08:16 - 2018-06-08 13:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-13 08:16 - 2018-06-08 13:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-13 08:16 - 2018-06-08 13:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-13 08:16 - 2018-06-08 11:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-13 08:16 - 2018-06-08 11:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-13 08:16 - 2018-06-08 11:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-13 08:16 - 2018-06-08 11:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-13 08:16 - 2018-06-08 11:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-13 08:16 - 2018-06-08 11:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-13 08:16 - 2018-06-08 11:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-13 08:16 - 2018-06-08 05:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-13 08:16 - 2018-06-08 05:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-13 08:16 - 2018-06-08 05:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-13 08:16 - 2018-06-08 05:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-13 08:16 - 2018-06-08 05:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-13 08:16 - 2018-06-08 05:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-13 08:16 - 2018-06-08 05:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-13 08:16 - 2018-06-08 04:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-13 08:16 - 2018-06-08 04:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-13 08:16 - 2018-06-08 04:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-13 08:16 - 2018-06-08 04:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-13 08:16 - 2018-06-08 04:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-13 08:16 - 2018-06-08 04:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-13 08:16 - 2018-06-08 04:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-13 08:16 - 2018-06-08 04:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-13 08:16 - 2018-06-08 04:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-13 08:16 - 2018-06-08 04:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-13 08:16 - 2018-06-08 04:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-13 08:16 - 2018-06-08 04:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-13 08:16 - 2018-06-08 04:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-13 08:16 - 2018-06-08 04:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-13 08:16 - 2018-06-08 04:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-13 08:16 - 2018-06-08 04:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-13 08:16 - 2018-06-08 04:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-13 08:16 - 2018-06-08 04:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-13 08:16 - 2018-06-08 04:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-13 08:16 - 2018-06-08 04:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-13 08:16 - 2018-06-08 04:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-13 08:16 - 2018-06-08 04:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-13 08:16 - 2018-06-08 04:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-13 08:16 - 2018-06-08 04:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-13 08:16 - 2018-06-08 04:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-13 08:16 - 2018-06-08 04:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-13 08:16 - 2018-06-08 04:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-13 08:16 - 2018-06-08 03:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-13 08:16 - 2018-06-08 03:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-13 08:16 - 2018-06-08 03:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-13 08:16 - 2018-06-08 03:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-13 08:16 - 2018-06-08 03:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-13 08:16 - 2018-06-08 03:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-13 08:16 - 2018-06-08 03:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-13 08:16 - 2018-06-08 03:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-13 08:16 - 2018-06-08 03:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-13 08:16 - 2018-06-08 03:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-13 08:16 - 2018-06-08 03:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-13 08:16 - 2018-06-08 03:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-13 08:16 - 2018-06-08 03:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-13 08:16 - 2018-06-08 03:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-13 08:16 - 2018-06-08 03:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-13 08:16 - 2018-06-08 03:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-13 08:16 - 2018-06-08 03:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-13 08:16 - 2018-06-08 03:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-13 08:16 - 2018-06-08 03:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-13 08:16 - 2018-06-08 03:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-13 08:16 - 2018-06-08 03:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-13 08:16 - 2018-06-08 03:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-13 08:16 - 2018-06-08 03:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-13 08:16 - 2018-06-06 13:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-13 08:16 - 2018-06-05 23:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-13 08:16 - 2018-05-20 14:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-13 08:16 - 2018-05-20 14:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-13 08:16 - 2018-05-20 14:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-13 08:16 - 2018-05-20 14:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-13 08:16 - 2018-05-20 14:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-13 08:16 - 2018-05-20 13:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-13 08:16 - 2018-05-20 13:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-13 08:16 - 2018-05-20 13:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-13 08:16 - 2018-05-20 12:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-13 08:16 - 2018-05-20 11:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-13 08:16 - 2018-05-20 06:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-13 08:16 - 2018-05-20 06:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-13 08:16 - 2018-05-20 06:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-13 08:16 - 2018-05-20 06:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-13 08:16 - 2018-05-20 06:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-13 08:16 - 2018-05-20 06:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-13 08:16 - 2018-05-20 06:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-13 08:16 - 2018-05-20 06:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-13 08:16 - 2018-05-20 06:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-13 08:16 - 2018-05-20 06:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-13 08:16 - 2018-05-20 06:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-13 08:16 - 2018-05-20 06:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-13 08:16 - 2018-05-20 06:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-13 08:16 - 2018-05-20 06:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-13 08:16 - 2018-05-20 06:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-13 08:16 - 2018-05-20 06:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-13 08:16 - 2018-05-20 06:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-13 08:16 - 2018-05-20 06:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-13 08:16 - 2018-05-20 06:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-13 08:16 - 2018-05-20 06:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-13 08:16 - 2018-05-20 06:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-13 08:16 - 2018-05-20 06:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-13 08:16 - 2018-05-20 06:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-13 08:16 - 2018-05-20 06:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-13 08:16 - 2018-05-20 06:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-13 08:15 - 2018-06-08 14:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-13 08:15 - 2018-06-08 14:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-13 08:15 - 2018-06-08 14:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-13 08:15 - 2018-06-08 14:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-13 08:15 - 2018-06-08 13:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-13 08:15 - 2018-06-08 13:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-13 08:15 - 2018-06-08 13:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-13 08:15 - 2018-06-08 13:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-13 08:15 - 2018-06-08 13:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-13 08:15 - 2018-06-08 13:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-13 08:15 - 2018-06-08 13:44 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2018-06-13 08:15 - 2018-06-08 13:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-13 08:15 - 2018-06-08 13:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-13 08:15 - 2018-06-08 13:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-13 08:15 - 2018-06-08 13:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-13 08:15 - 2018-06-08 13:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-13 08:15 - 2018-06-08 13:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-13 08:15 - 2018-06-08 13:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-13 08:15 - 2018-06-08 13:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-13 08:15 - 2018-06-08 13:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-13 08:15 - 2018-06-08 13:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-13 08:15 - 2018-06-08 13:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-13 08:15 - 2018-06-08 13:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-13 08:15 - 2018-06-08 13:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-13 08:15 - 2018-06-08 13:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-13 08:15 - 2018-06-08 13:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-13 08:15 - 2018-06-08 13:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-13 08:15 - 2018-06-08 12:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-13 08:15 - 2018-06-08 11:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-13 08:15 - 2018-06-08 11:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-13 08:15 - 2018-06-08 11:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-13 08:15 - 2018-06-08 11:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-13 08:15 - 2018-06-08 11:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-13 08:15 - 2018-06-08 11:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-13 08:15 - 2018-06-08 11:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-13 08:15 - 2018-06-08 11:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-13 08:15 - 2018-06-08 11:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-13 08:15 - 2018-06-08 11:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-13 08:15 - 2018-06-08 11:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-13 08:15 - 2018-06-08 11:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-13 08:15 - 2018-06-08 09:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-13 08:15 - 2018-06-08 09:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-13 08:15 - 2018-06-08 05:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-13 08:15 - 2018-06-08 05:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-13 08:15 - 2018-06-08 05:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-13 08:15 - 2018-06-08 04:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-13 08:15 - 2018-06-08 04:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-13 08:15 - 2018-06-08 04:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-13 08:15 - 2018-06-08 04:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-13 08:15 - 2018-06-08 04:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-13 08:15 - 2018-06-08 04:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-13 08:15 - 2018-06-08 04:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-13 08:15 - 2018-06-08 04:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-13 08:15 - 2018-06-08 04:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-13 08:15 - 2018-06-08 04:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-13 08:15 - 2018-06-08 04:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-13 08:15 - 2018-06-08 04:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-13 08:15 - 2018-06-08 04:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-13 08:15 - 2018-06-08 04:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-13 08:15 - 2018-06-08 04:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-13 08:15 - 2018-06-08 04:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-13 08:15 - 2018-06-08 04:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-13 08:15 - 2018-06-08 04:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-13 08:15 - 2018-06-08 04:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-13 08:15 - 2018-06-08 04:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-13 08:15 - 2018-06-08 04:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-13 08:15 - 2018-06-08 04:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-13 08:15 - 2018-06-08 04:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-13 08:15 - 2018-06-08 04:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-13 08:15 - 2018-06-08 04:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-13 08:15 - 2018-06-08 04:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-13 08:15 - 2018-06-08 04:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-13 08:15 - 2018-06-08 04:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-13 08:15 - 2018-06-08 04:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-13 08:15 - 2018-06-08 04:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-13 08:15 - 2018-06-08 04:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-13 08:15 - 2018-06-08 04:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-13 08:15 - 2018-06-08 04:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-13 08:15 - 2018-06-08 04:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-13 08:15 - 2018-06-08 04:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-13 08:15 - 2018-06-08 04:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-13 08:15 - 2018-06-08 04:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-13 08:15 - 2018-06-08 04:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-13 08:15 - 2018-06-08 04:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-13 08:15 - 2018-06-08 04:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-13 08:15 - 2018-06-08 04:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-13 08:15 - 2018-06-08 04:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-13 08:15 - 2018-06-08 04:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-13 08:15 - 2018-06-08 04:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-13 08:15 - 2018-06-08 04:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-13 08:15 - 2018-06-08 04:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-13 08:15 - 2018-06-08 04:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-13 08:15 - 2018-06-08 04:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-13 08:15 - 2018-06-08 04:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-13 08:15 - 2018-06-08 03:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-13 08:15 - 2018-06-08 03:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-13 08:15 - 2018-06-08 03:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-13 08:15 - 2018-06-08 03:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-13 08:15 - 2018-06-08 03:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-13 08:15 - 2018-06-08 03:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-13 08:15 - 2018-06-08 03:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-13 08:15 - 2018-06-08 03:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-13 08:15 - 2018-06-08 03:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-13 08:15 - 2018-06-08 03:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-13 08:15 - 2018-06-08 03:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-13 08:15 - 2018-06-08 03:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-13 08:15 - 2018-06-08 03:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-13 08:15 - 2018-06-08 03:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-13 08:15 - 2018-06-08 03:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-13 08:15 - 2018-06-08 03:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-13 08:15 - 2018-06-08 03:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-13 08:15 - 2018-06-08 03:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-13 08:15 - 2018-06-08 03:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-13 08:15 - 2018-06-08 03:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-13 08:15 - 2018-06-08 03:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-13 08:15 - 2018-06-08 03:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-13 08:15 - 2018-06-08 03:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-13 08:15 - 2018-06-08 03:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-13 08:15 - 2018-06-08 03:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-13 08:15 - 2018-06-08 03:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-13 08:15 - 2018-06-08 03:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-13 08:15 - 2018-06-08 03:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-13 08:15 - 2018-06-08 03:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-13 08:15 - 2018-06-08 02:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-13 08:15 - 2018-06-01 18:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-13 08:15 - 2018-06-01 17:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-13 08:15 - 2018-05-24 22:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-13 08:15 - 2018-05-20 14:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-13 08:15 - 2018-05-20 14:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-13 08:15 - 2018-05-20 14:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-13 08:15 - 2018-05-20 14:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-13 08:15 - 2018-05-20 14:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-13 08:15 - 2018-05-20 14:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-13 08:15 - 2018-05-20 13:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-13 08:15 - 2018-05-20 13:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-13 08:15 - 2018-05-20 12:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-13 08:15 - 2018-05-20 11:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-13 08:15 - 2018-05-20 11:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-13 08:15 - 2018-05-20 11:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-13 08:15 - 2018-05-20 09:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-13 08:15 - 2018-05-20 07:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-13 08:15 - 2018-05-20 06:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-13 08:15 - 2018-05-20 06:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-13 08:15 - 2018-05-20 06:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-13 08:15 - 2018-05-20 06:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-13 08:15 - 2018-05-20 06:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-13 08:15 - 2018-05-20 06:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-13 08:15 - 2018-05-20 06:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-13 08:15 - 2018-05-20 06:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-13 08:15 - 2018-05-20 06:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-13 08:15 - 2018-05-20 06:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-13 08:15 - 2018-05-20 06:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-13 08:15 - 2018-05-20 06:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-13 08:15 - 2018-05-20 06:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-13 08:15 - 2018-05-20 06:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-13 08:15 - 2018-05-20 06:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-13 08:15 - 2018-05-20 06:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-13 08:15 - 2018-05-20 06:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-13 08:15 - 2018-05-20 06:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-13 08:15 - 2018-05-20 06:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-13 08:15 - 2018-05-20 06:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-13 08:15 - 2018-05-20 06:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-13 08:15 - 2018-05-20 06:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-13 08:15 - 2018-05-20 06:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-13 08:15 - 2018-05-20 06:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-13 08:15 - 2018-05-20 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-13 08:15 - 2018-05-20 06:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-13 08:15 - 2018-05-20 06:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-13 08:15 - 2018-05-20 06:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-13 08:15 - 2018-05-20 06:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-13 08:15 - 2018-05-20 06:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-13 08:15 - 2018-05-20 06:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-13 08:15 - 2018-05-20 06:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-13 08:15 - 2018-05-20 06:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-13 08:15 - 2018-05-20 06:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-13 08:15 - 2018-05-20 06:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-13 08:15 - 2018-05-20 06:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-13 08:15 - 2018-05-20 06:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-13 08:15 - 2018-05-20 06:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-13 08:15 - 2018-05-20 03:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-13 08:15 - 2018-05-18 12:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-07 22:15 - 2018-06-08 11:13 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-07 22:15 - 2018-06-07 22:15 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-07 22:15 - 2018-06-07 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-07 20:49 - 2018-06-05 18:29 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-07 20:49 - 2018-06-05 18:29 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-06 16:57 - 2018-06-06 16:57 - 042602256 _____ (Jaksta Technologies) C:\Users\sadd\Downloads\JMR7-7.0.1.13.exe
2018-06-06 16:37 - 2018-06-06 16:38 - 043075296 _____ C:\Users\sadd\Downloads\smplayer-18.5.0-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-03 18:49 - 2018-05-22 03:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-03 18:49 - 2018-01-28 23:29 - 000000000 ____D C:\ProgramData\PCPitstopDat
2018-07-03 18:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-07-03 16:28 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-03 15:44 - 2018-05-22 21:59 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2018-07-03 14:02 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-03 14:02 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-03 09:22 - 2018-01-28 23:10 - 000000000 ____D C:\ProgramData\PCPitstop
2018-07-02 18:26 - 2017-03-18 10:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-02 18:26 - 2017-01-02 20:35 - 000000000 ____D C:\Users\sadd\AppData\LocalLow\Mozilla
2018-07-02 18:04 - 2012-05-07 09:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-02 18:04 - 2012-04-17 12:53 - 000001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-02 18:04 - 2012-04-17 12:27 - 000003213 _____ C:\WINDOWS\wininit.ini
2018-07-02 17:54 - 2018-05-22 21:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-02 17:53 - 2018-04-11 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-07-02 00:28 - 2015-07-04 20:25 - 000000000 ____D C:\Users\sadd\.smplayer
2018-07-02 00:28 - 2012-04-26 00:23 - 000000000 ____D C:\Users\sadd\AppData\Roaming\vlc
2018-07-02 00:18 - 2013-04-29 00:05 - 000000000 ____D C:\Users\sadd\AppData\Roaming\Jaksta Media Player
2018-06-29 12:18 - 2017-07-30 20:55 - 000000000 ____D C:\Users\sadd\AppData\Roaming\Audio Recorder for Free New Version Available
2018-06-29 12:18 - 2016-02-23 21:38 - 000000000 ____D C:\EEK
2018-06-28 21:40 - 2017-11-01 20:14 - 000001456 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-06-28 02:00 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Downloaded Program Files
2018-06-28 02:00 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-27 22:04 - 2013-05-03 20:51 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-06-27 20:49 - 2018-01-28 23:10 - 000002034 _____ C:\Users\sadd\Desktop\PC Matic.lnk
2018-06-27 17:54 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-26 14:43 - 2012-04-18 00:16 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 14:43 - 2012-04-18 00:16 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-26 00:53 - 2012-04-19 00:08 - 000000000 ____D C:\Users\sadd\AppData\Local\CrashDumps
2018-06-25 22:19 - 2018-05-31 08:26 - 000000000 ____D C:\Users\sadd\AppData\Local\D3DSCache
2018-06-25 21:48 - 2018-05-22 03:16 - 000000000 ____D C:\Users\sadd\AppData\Local\Windows Live
2018-06-25 21:48 - 2018-05-16 09:16 - 000000000 ___DC C:\WINDOWS\Panther
2018-06-25 21:48 - 2015-01-23 18:32 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-06-25 21:48 - 2012-04-18 00:18 - 000000000 ____D C:\Users\sadd\AppData\Roaming\MediaMonkey
2018-06-25 21:48 - 2011-03-29 02:45 - 000000000 ____D C:\Intel
2018-06-24 22:49 - 2017-06-08 22:52 - 000000000 ____D C:\Program Files\SMPlayer
2018-06-24 00:36 - 2013-02-20 11:05 - 000000000 ____D C:\Users\sadd\dwhelper
2018-06-24 00:24 - 2016-09-17 01:18 - 000000952 _____ C:\Users\sadd\Desktop\Video Downloader Ultimate.lnk
2018-06-24 00:23 - 2016-09-17 01:16 - 000000000 ____D C:\ProgramData\VideoDownloaderUltimateWinApp
2018-06-23 09:54 - 2018-05-22 03:11 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-22 01:09 - 2012-04-24 23:23 - 000000000 ____D C:\Users\sadd\AppData\Local\Nero
2018-06-19 18:26 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-18 00:24 - 2018-05-22 03:16 - 000000000 ____D C:\Users\sadd
2018-06-18 00:24 - 2018-05-22 03:16 - 000000000 ____D C:\Users\PCPitstopSVC
2018-06-14 09:57 - 2018-01-27 09:27 - 000000000 ___RD C:\Users\sadd\3D Objects
2018-06-14 09:57 - 2016-04-27 01:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-14 09:12 - 2018-05-25 08:31 - 000286128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-14 09:09 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-14 09:09 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-14 09:09 - 2018-04-11 16:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-13 08:45 - 2013-08-12 23:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-13 08:40 - 2012-04-26 21:21 - 000000083 _____ C:\WINDOWS\SysWOW64\gpupdate.bin
2018-06-13 08:37 - 2012-12-13 21:35 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-06-13 08:36 - 2017-10-11 22:00 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-13 08:36 - 2012-04-19 23:12 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-07 21:30 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 20:44 - 2018-05-22 21:59 - 000004638 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 20:44 - 2018-05-22 21:59 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-06-07 20:44 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-06 16:58 - 2017-11-02 22:30 - 000001394 _____ C:\Users\Public\Desktop\Jaksta Media Recorder 7.lnk

==================== Files in the root of some directories =======

2012-05-17 21:44 - 2012-05-17 04:55 - 024673592 _____ (Maxthon International ltd.) C:\Users\jojo\mx3.3.8.2000.exe
2017-08-18 22:38 - 2017-08-18 22:41 - 000000077 _____ () C:\Users\sadd\AppData\Roaming\Rim.Desktop.Exception.log
2017-08-18 22:29 - 2017-08-18 22:29 - 000001111 _____ () C:\Users\sadd\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-08-18 22:38 - 2017-08-18 22:38 - 000000000 _____ () C:\Users\sadd\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-19 11:27 - 2014-06-19 11:27 - 000000024 _____ () C:\Users\sadd\AppData\Roaming\temp.ini
2012-04-18 01:57 - 2018-02-05 21:58 - 000127488 _____ () C:\Users\sadd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-15 10:22 - 2017-04-10 23:42 - 000000036 _____ () C:\Users\sadd\AppData\Local\housecall.guid.cache
2012-07-05 00:43 - 2012-07-05 00:43 - 000000017 _____ () C:\Users\sadd\AppData\Local\resmon.resmoncfg
2015-05-19 01:51 - 2017-06-19 13:32 - 000000010 _____ () C:\Users\sadd\AppData\Local\sponge.last.runtime.cache

ZeroAccess:
C:\Windows\Installer\{ce776b1c-cb66-0fea-e32b-dbbc34bb51f8}

ZeroAccess:
C:\Users\sadd\AppData\Local\{ce776b1c-cb66-0fea-e32b-dbbc34bb51f8}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 03:04

==================== End of FRST.txt ============================


  • 0

#4
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Addition text

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by sadd (03-07-2018 18:53:26)
Running from C:\Users\sadd\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-23 03:01:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1861271705-2052905311-3892416565-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1861271705-2052905311-3892416565-503 - Limited - Disabled)
Guest (S-1-5-21-1861271705-2052905311-3892416565-501 - Limited - Disabled)
jojo (S-1-5-21-1861271705-2052905311-3892416565-1003 - Limited - Enabled) => C:\Users\jojo
NeroMediaHomeUser.4 (S-1-5-21-1861271705-2052905311-3892416565-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
PCPitstopSVC (S-1-5-21-1861271705-2052905311-3892416565-1005 - Administrator - Enabled) => C:\Users\PCPitstopSVC
sadd (S-1-5-21-1861271705-2052905311-3892416565-1000 - Administrator - Enabled) => C:\Users\sadd
WDAGUtilityAccount (S-1-5-21-1861271705-2052905311-3892416565-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Matic Super Shield (Disabled - Up to date) {4FA50ECA-6D1E-553A-06EB-C13191BCA12A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: PC Matic Super Shield (Disabled - Up to date) {F4C4EF2E-4B24-5AB4-3C5B-FA43EA3BEB97}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 30.0.0.107 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{80CA011C-2CED-4BF5-A02A-CA0DD09117EC}) (Version: 12.3.3.203 - Adobe Systems, Inc)
AnyMedia Player 4.5.4 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 4.5.4 - cyan soft ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audials (HKLM-x32\...\{A3D8060F-ACB0-4C73-B25B-72582A0B6402}) (Version: 17.1.86.8500 - Audials AG)
Audials (HKLM-x32\...\{E07879C5-600C-4CD5-B3EB-DDE7A35AA0F2}) (Version: 18.1.27400.0 - Audials AG)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AVG Zen (HKLM\...\{6DDF7DAF-58CC-44EC-B172-22CC5886E472}) (Version: 1.111.9 - AVG Technologies) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
Canon PowerShot SX500 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX500IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CheckerBoard 1.721 (HKLM-x32\...\CheckerBoard_is1) (Version:  - Martin Fierz)
Checkers-7 2.5 (HKLM-x32\...\Checkers - 7_is1) (Version:  - Style-7) <==== ATTENTION
Cisco VideoGuard Player (HKLM-x32\...\{eb841aaa-19f5-40db-93af-850cf64f61c3}) (Version: 6.8 - Cisco Systems, Inc)
Clean Master (HKLM-x32\...\cmpc) (Version: 6.0 - Cheetah Mobile)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.30.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{29F4F2C2-CB73-418D-BA99-7BB5ECD9F7BF}) (Version: 4.4.6 - Seiko Epson Corporation)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FMW 1 (HKLM\...\{1C3364DF-40B5-4DA4-9810-652A9A792FB1}) (Version: 1.132.1 - AVG Technologies) Hidden
Free Audio Recorder 6.6.6 (HKLM-x32\...\EE9C4A93-0E83-4C66-9802-5DC13C189C12_is1) (Version:  - Accmeware Corporation)
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Gateway Incorporated)
Google Chrome (HKLM\...\{D872E073-2DCD-3B16-9539-2F2F53A48A8C}) (Version: 67.0.3396.99 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.1.0.19 - IObit)
IQmango Endless Music Player 4.5.4 (HKLM-x32\...\{B1B2E29B-683A-BA20-AB0D-A97ECE1E2045}_is1) (Version: 4.5.4 - cyan soft ltd)
IQmango Player 4.5.4 (HKLM-x32\...\{E3BBBD39-FA75-427A-8FF4-F414FF789B42}_is1) (Version: 4.5.4 - cyan soft ltd)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Jaksta Media Player (3.2.0.3) (HKLM-x32\...\Jaksta Media Player) (Version: 3.2.0.3 - Jaksta Technologies)
Jaksta Media Recorder 6 (6.0.1.64) (HKLM-x32\...\Jaksta Media Recorder 6) (Version: 6.0.1.64 - Jaksta Technologies)
Jaksta Media Recorder 7 (7.0.1.13) (HKLM-x32\...\Jaksta Media Recorder 7) (Version: 7.0.1.13 - Jaksta Technologies)
Jaksta Streaming Media Recorder (4.4.5) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.5 - Jaksta Technologies)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Miro (HKLM-x32\...\Miro) (Version: 5.0.4 - Participatory Culture Foundation)
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.0.6746 - Mozilla)
MP3jam 1.1.3.0 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.3.0 - MP3jam)
MPC-HC 1.7.3 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Music Recorder (HKLM-x32\...\{33A90233-3F26-4121-9245-5AEB098A6705}) (Version: 14.1.15600.0 - Audials AG)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Musictube (HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Musictube) (Version:  - )
Muziic Player (HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\Muziic Player) (Version:  - )
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.0.1.500 - Maxthon International Limited)
NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
Nero 2016 (HKLM-x32\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
OpenOffice 4.1.4 Language Pack (English (United Kingdom)) (HKLM-x32\...\{2308666F-37AB-4A09-8644-8A5C1E73A063}) (Version: 4.14.9788 - Apache Software Foundation)
OpenOffice 4.1.4 Language Pack (French) (HKLM-x32\...\{138D8072-CA7E-4C81-9805-9B0D6FC7F4C6}) (Version: 4.14.9788 - Apache Software Foundation)
OpenOffice 4.1.4 Language Pack (German) (HKLM-x32\...\{D94A17B2-76EA-4736-861E-804D924487B3}) (Version: 4.14.9788 - Apache Software Foundation)
OpenOffice 4.1.4 Language Pack (Italian) (HKLM-x32\...\{A02D39A1-45D3-4C0A-B0B7-E44B6C0513E4}) (Version: 4.14.9788 - Apache Software Foundation)
OpenOffice 4.1.4 Language Pack (Japanese) (HKLM-x32\...\{FA08F27C-B22F-47A6-96BC-16C083AA2592}) (Version: 4.14.9788 - Apache Software Foundation)
OpenOffice 4.1.4 Language Pack (Portuguese (Brazil)) (HKLM-x32\...\{3888F9CD-9908-402F-8B9B-AB9D746CEB20}) (Version: 4.14.9788 - Apache Software Foundation)
OpenOffice 4.1.4 Language Pack (Spanish) (HKLM-x32\...\{E24C6E0F-37E5-49ED-9C82-359E365EC021}) (Version: 4.14.9788 - Apache Software Foundation)
PC Matic 1.1.0.33 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.33 - PC Pitstop LLC)
PC Matic Super Shield 3.0.4.0 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 3.0.4.0 - PC Pitstop)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{66263041-84c1-4c6d-ad3f-70c1e5fd8c75}) (Version: 1.9.2.4285 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{EAE03C2C-C259-4609-B5AD-D3A8D2E6F604}) (Version: 1.9.4285 - Plex, Inc.) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RadioGet 3.4.3 (HKLM-x32\...\{F6C84ED7-9CAC-423b-9E00-C9BFAFBD0593}_is1) (Version: 3.4.3 - cyan soft ltd)
RadioSure (HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\RadioSure) (Version:  - )
Readon TV Movie Radio Player 7.5.0.0 (HKLM-x32\...\{03840E8D-A75E-4C49-ADFC-09A867C7F943}) (Version: 7.5.0 - Readon Technology)
RealDownloader (HKLM-x32\...\{0765012B-51F6-4868-875E-9C14755B338C}) (Version: 1.7.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
RegEditX (HKLM-x32\...\RegEditX) (Version:  - )
RipTiger 4.5.4 (HKLM-x32\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.4 - cyan soft ltd)
RipTiger Extras 4.5.4 (HKLM-x32\...\{2EE6D53B-957E-48d1-801B-0B7DE81BACED}_is1) (Version: 4.5.4 - cyan soft ltd)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Smart View (HKLM-x32\...\{110B183E-0D44-49D6-B4C0-33D3296DAE84}) (Version: 1.0.0.0 - Samsung )
SMPlayer 18.6.0 (x64) (HKLM\...\SMPlayer) (Version: 18.6.0 - Ricardo Villalba)
SoundTaxi 4.4.3 (HKLM-x32\...\SoundTaxi_is1) (Version: 4.4.3 - cyan soft ltd)
SoundTaxi Media Suite 4.4.3 (HKLM-x32\...\{EF4C657F-632F-4CED-A220-F4C1C724241C}_is1) (Version: 4.4.3 - cyan soft ltd)
Sp5 (HKLM-x32\...\{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}) (Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (HKLM-x32\...\{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}) (Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (HKLM-x32\...\{E415C943-37E5-473F-8BAE-043C56734124}) (Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (HKLM-x32\...\{6C3959C6-943E-44B3-BAAD-570B04B134E5}) (Version: 5.1.4324.0 - Microsoft) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpPhones (HKLM-x32\...\{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}) (Version: 6.0.3122.0 - Microsoft) Hidden
Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
Stopping Plex (HKLM-x32\...\{22F64911-9B44-42E7-A3A5-43490846841F}) (Version: 1.9.4285 - Plex, Inc.) Hidden
Street View Download 360 2.0.1 (only current user) (HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\75277b3b-5bf6-5e75-94b1-fe52d294096d) (Version: 2.0.1 - Thomas Orlita)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TubeBox (HKLM-x32\...\{66DC853F-1905-4ACA-97CC-48F54E9C65B5}) (Version: 5.2.0.0 - Freetec) Hidden
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
TuneGet 4.5.4 (HKLM-x32\...\{050A0D31-6B33-4137-ADE5-C0896E5FA98D}_is1) (Version: 4.5.4 - cyan soft ltd)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UltraSearch V2.1.2 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.1.2 - JAM Software)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VideoDownloaderUltimate (HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.117 - Link64)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wondershare AllMyTube(Build 4.9.0.9) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 4.9.0.9 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-31] ()
ContextMenuHandlers1-x32: [cm_32bit] -> {D84432AF-3514-45a1-BD9C-1D6767EACD2E} => c:\program files (x86)\cmcm\Clean Master\cmmenu.dll [2017-12-28] (Cheetah Mobile,Inc.)
ContextMenuHandlers1-x32: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => c:\program files (x86)\cmcm\Clean Master\cmmenu64.dll [2017-12-28] (Cheetah Mobile,Inc.)
ContextMenuHandlers1-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers2-x32: [cm_32bit] -> {D84432AF-3514-45a1-BD9C-1D6767EACD2E} => c:\program files (x86)\cmcm\Clean Master\cmmenu.dll [2017-12-28] (Cheetah Mobile,Inc.)
ContextMenuHandlers2-x32: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => c:\program files (x86)\cmcm\Clean Master\cmmenu64.dll [2017-12-28] (Cheetah Mobile,Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [cm_32bit] -> {D84432AF-3514-45a1-BD9C-1D6767EACD2E} => c:\program files (x86)\cmcm\Clean Master\cmmenu.dll [2017-12-28] (Cheetah Mobile,Inc.)
ContextMenuHandlers4-x32: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => c:\program files (x86)\cmcm\Clean Master\cmmenu64.dll [2017-12-28] (Cheetah Mobile,Inc.)
ContextMenuHandlers4-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AD3B1C5-3F48-4D2E-A987-DDB174BC95AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {1D8ED45F-ECAE-48EE-8B63-EB1B30D8EF60} - System32\Tasks\EPSON WF-3640 Series Invitation {44809D71-3A3D-43CD-9958-22E81CE1C49B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {227EE210-72CF-493E-B3E7-11891CEACC5F} - System32\Tasks\Uninstaller_SkipUac_sadd => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-10-24] (IObit)
Task: {269D9CB1-8E02-4941-A8CC-2DF98B0F25EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {29C04D2E-F9D5-4D8D-B976-ABA948AB2661} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2DD372FB-3368-433E-868C-EC0E08ED6738} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1861271705-2052905311-3892416565-1000 => C:\Users\sadd\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {3968715D-E876-42BA-B055-FDACEC4624FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {3C5F275D-AB31-446D-985D-2562143815A3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (AVAST Software)
Task: {40B644F3-82D1-40B6-B22F-162E43C30888} - System32\Tasks\EPSON WF-3640 Series Update {52B39F48-E8FD-4B09-9082-3988EADD0D06} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {40CE862F-ED34-4659-B485-9F0845A55E29} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {425BBE3C-3543-4210-9EDB-7FEACC59E207} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {44E01695-1175-4715-82EC-C93F64D7A6A4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1861271705-2052905311-3892416565-1003 => C:\Users\sadd\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {455DCEC1-32F2-4C0B-8BAB-C5EEBB6D69FA} - \SoftUpdateDaily -> No File <==== ATTENTION
Task: {4F0E1C6C-2744-4543-A089-66998EDD3778} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {50320079-DE44-4186-9AEB-9132D87D661D} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {5118EFF5-5913-4DF0-B14A-C11374DE1517} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {61BF7520-C16B-4166-8930-42210D86AE68} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {67ADA188-C5FF-44A2-B0F3-849C11357B4F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {72E18827-3B12-467A-A39D-C919B9AD103E} - System32\Tasks\EPSON WF-3640 Series Update {44809D71-3A3D-43CD-9958-22E81CE1C49B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {83540179-731C-4D89-A499-A70D33B7DA43} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {91622DF3-F31E-4324-89B0-39B873C49341} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {93077BC1-2C01-4C1A-B482-136E3DF618ED} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\bin\Maxthon.exe [2018-01-08] (Maxthon International ltd.)
Task: {A0431CB0-373D-4AC4-B229-22C7E16E81E1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AA5A3FAF-A7EE-4FE5-B57A-189291D2D5A2} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {B0573790-CAC6-4365-BAD7-5177D0F101C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {B655193F-D2E5-44D1-B40E-EA4C09D44300} - System32\Tasks\Microsoft\Windows\PLA\RPT8C8.tmp
Task: {BC6F8937-9E46-4775-9A04-99F51831B117} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BE69CB86-8FCC-4504-BC4C-825A9BEFA234} - System32\Tasks\EPSON WF-3620 Series Update {F83C5965-D57E-49D8-9210-E5D59D0EF4B7} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CD522E93-D15E-4000-9881-6DEF552AC43B} - System32\Tasks\EPSON WF-3620 Series Invitation {F83C5965-D57E-49D8-9210-E5D59D0EF4B7} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CFA42A98-A12B-4291-A0F1-B12E45B94380} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D538BDF3-A4C2-49EB-B32A-C3500598149A} - System32\Tasks\EPSON WF-3640 Series Invitation {52B39F48-E8FD-4B09-9082-3988EADD0D06} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D92B9361-F4E9-47FE-8C0E-BF8BCDC4DBCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DBDECFD2-0757-4E84-AE7E-3D07D4CF46D3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E02C1086-4D99-403A-897C-9DA5950F5EE0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ED530240-656A-4DAA-A56D-A8636E23EBB6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F8C34B71-F4F5-4FF1-9AF0-360CC03BD6D4} - \SoftUpdateLogon -> No File <==== ATTENTION
Task: {FCCC9C5F-DAA0-41BB-9537-844A7D2E2C7A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {F83C5965-D57E-49D8-9210-E5D59D0EF4B7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {F83C5965-D57E-49D8-9210-E5D59D0EF4B7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{F83C5965-D57E-49D8-9210-E5D59D0EF4B7} /F:UpdateWORKGROUP\JOJO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {44809D71-3A3D-43CD-9958-22E81CE1C49B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {52B39F48-E8FD-4B09-9082-3988EADD0D06}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {44809D71-3A3D-43CD-9958-22E81CE1C49B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{44809D71-3A3D-43CD-9958-22E81CE1C49B} /F:UpdateWORKGROUP\JOJO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {52B39F48-E8FD-4B09-9082-3988EADD0D06}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{52B39F48-E8FD-4B09-9082-3988EADD0D06} /F:UpdateWORKGROUP\JOJO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_sadd.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\sadd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Fluffy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\sadd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-06-07 22:15 - 2018-06-08 11:13 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-07 22:15 - 2018-06-08 11:13 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-07-02 22:02 - 2018-07-02 22:02 - 001179352 _____ () C:\WINDOWS\TEMP\is-UCDN6.tmp\pcmaticrt-setup_3.0.5.0.tmp
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-12-31 20:07 - 2017-12-31 20:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-06-13 08:16 - 2018-06-08 03:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-06-07 21:49 - 2018-06-07 21:50 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-07 21:49 - 2018-06-07 21:50 - 067230720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-01-27 21:48 - 2018-01-27 21:53 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 11:11 - 2018-05-30 11:13 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-04-26 09:07 - 2018-04-26 09:09 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 11:11 - 2018-05-30 11:12 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-30 11:11 - 2018-05-30 11:14 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 09:09 - 2018-04-05 09:12 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-07 21:49 - 2018-06-07 21:50 - 014850560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 11:11 - 2018-05-30 11:12 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-07 21:49 - 2018-06-07 21:49 - 003265536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 11:11 - 2018-05-30 11:13 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 11:11 - 2018-05-30 11:13 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 11:11 - 2018-05-30 11:14 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-07 21:49 - 2018-06-07 21:50 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-30 11:11 - 2018-05-30 11:12 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-04-05 09:09 - 2018-04-05 09:12 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-06-22 09:54 - 2018-06-22 09:55 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-06-22 09:54 - 2018-06-22 09:55 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-22 09:54 - 2018-06-22 09:55 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-06-25 19:53 - 2018-06-25 19:55 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-06-25 19:53 - 2018-06-25 19:54 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-25 19:53 - 2018-06-25 19:54 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 08:50 - 2017-09-26 08:50 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-17 08:38 - 2018-04-17 08:38 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.10228.20096.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2018-07-02 22:02 - 2014-04-15 13:02 - 000524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2018-06-24 06:26 - 2018-06-24 06:26 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-07-02 22:02 - 2018-06-28 22:05 - 000187136 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-09-25 04:49 - 2017-09-25 04:49 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\mswinsck32.ocx:rsrc [34]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\1-se.com -> 1-se.com

There are 11393 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-12-29 02:34 - 2017-12-29 02:34 - 000000821 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sadd\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bingwallpaper-2013-12-26.jpg
HKU\S-1-5-21-1861271705-2052905311-3892416565-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: iTunesHelper =>
MSCONFIG\startupreg: Persistence => c:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RtHDVCpl => "c:\program files\realtek\audio\hda\ravcpl64.exe" -s
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "CCE"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "emsisoft anti-malware"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\StartupApproved\Run: => "AudialsNotifier"
HKU\S-1-5-21-1861271705-2052905311-3892416565-1000\...\StartupApproved\Run: => "VideoDownloaderUltimate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{8AC8DC51-F679-45F9-B047-15B151411E75}C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe] => (Allow) C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe
FirewallRules: [TCP Query User{B36E5C49-E025-4309-816D-6F1C1A104FB6}C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe] => (Allow) C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe
FirewallRules: [UDP Query User{34F9CB3F-4C4D-479A-954E-FC2F50FE8157}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [TCP Query User{B5DE6521-A326-4716-8ACE-562D223D294C}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [{0DD2920B-B7B3-4305-B2E4-08811FF6551E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{FDED88E7-FE59-4005-9123-BAF7268D1EFB}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{06CBDBB7-5B27-481C-95F3-11435F7A16BF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [UDP Query User{1B5C0495-C49B-4F34-AD6F-1D11D8662D3F}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [TCP Query User{5F223C20-287C-47F3-BF7A-353746EBCE50}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [{7691DDD1-A31C-4602-80E0-5844315B4305}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{BC1A2EB8-DAD7-4D0D-9395-C884691E6FAA}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{40191B81-0D94-4FD5-994B-ADD3468C8751}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{A1684ACD-500C-40A2-9845-8BE3CAF65848}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{DA8EEE6A-6B51-4807-9DC7-3C0F9A760D53}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\qtCopy.exe
FirewallRules: [{9E716246-4237-4E47-91E7-B7C1E6DF8AC8}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\qtCopy.exe
FirewallRules: [{72CD2B26-23E1-46D1-9ADD-1E0705A9AB27}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\aria2c.exe
FirewallRules: [{A2339060-D8E3-4AE8-B915-FD691FD50400}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\aria2c.exe
FirewallRules: [{3F1339FE-6F6B-4974-81CB-A320C1DFCC90}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\dl.exe
FirewallRules: [{0CD0F64C-4E23-4D62-913A-3294FF145758}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\dl.exe
FirewallRules: [{449EF282-2381-45F1-A019-A66EBBBD2E34}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\ffmpeg.exe
FirewallRules: [{8D01ADB3-72F2-4E71-8F34-CCDAECB5E29F}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\ffmpeg.exe
FirewallRules: [{EA43924F-2165-4EA7-BC02-A4607D62AAFF}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbaxp.exe
FirewallRules: [{5A5A15A8-01E7-4A17-8179-EE911B89E4A1}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbaxp.exe
FirewallRules: [{D2B4D5E0-940F-41B3-AC04-E2A787C698F7}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbp.exe
FirewallRules: [{0434D75D-30F9-4261-8EB5-3C824B207832}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbp.exe
FirewallRules: [{5E066C4F-EB50-4A14-816F-42D611539074}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jmrp.exe
FirewallRules: [{FEC5BA21-445C-4D43-807E-BD82F3C0DCCD}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jmrp.exe
FirewallRules: [UDP Query User{5596962B-2059-4117-B3A7-DC07146DC04C}C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe
FirewallRules: [TCP Query User{FBB5CA56-C10A-4EF3-B57A-A9DFB34F1DD5}C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\urlreqservice.exe
FirewallRules: [UDP Query User{DF520A8C-9CFB-43D1-B35A-D4C37E09024F}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [TCP Query User{1629F320-216B-4F43-9221-FD5E994F7680}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [{6CD0E897-B1B0-4997-A734-58C9E979B9C1}] => (Allow) C:\Program Files (x86)\RipTiger\MMSDownloaderApp.exe
FirewallRules: [{0DE8E449-4B45-4483-878A-4CEEA7FDDDE4}] => (Allow) C:\Program Files (x86)\RipTiger\VideoDownloadApp_RTMP.exe
FirewallRules: [{EB6D8D5A-3FA1-46D8-8379-6399CC1C1D15}] => (Allow) C:\Program Files (x86)\RipTiger\RTMPDownloaderApp.exe
FirewallRules: [{A6953692-6486-4BE3-8A82-C8F3C59DD36A}] => (Allow) C:\Program Files (x86)\RipTiger\HTTPDownloaderApp.exe
FirewallRules: [{021C59E0-45A8-4087-91F4-9664B2CB7B17}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{DE9D76CA-3801-45B0-A992-5E2E751BD6D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7403842C-F9D9-4C40-94F1-7966C3261E70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A147FEB1-CC06-4AD4-A264-E9A595A68103}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [UDP Query User{DC7AD69F-CBA7-4ACB-A545-24BABB7EF9ED}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{062037F8-A305-46E1-AE92-DE222EA7BC8F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{C2FB16B0-FC46-4220-B697-7864D4E002B4}] => (Allow) LPort=5675
FirewallRules: [{2A476461-0383-43C3-BF11-92EDFE1F1D5A}] => (Allow) LPort=5676
FirewallRules: [UDP Query User{C861E412-A504-4CA5-9025-BCB2E07E674B}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [TCP Query User{32066F7B-75BF-41BF-96E8-AE78BA7127DB}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [UDP Query User{0C687905-990C-411C-B27A-7E969C53D1BE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{BC69431D-B289-4374-94A2-BA8BD08FBEF8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{63DE2AB9-AAAF-4462-80A7-116BA892B1B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19B28F25-8092-4DA1-8F1B-A9C339213CB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B300ED0A-AB10-4986-8D34-908CBDA2EF9B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90AE5A36-744E-4139-80EA-F06876AC34DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2D7E835-F6E4-4D03-88DB-10B0D421023D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9FC4E34D-1305-4B11-B125-095A9D026DFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1368E4A-7064-4AC0-AE7E-36D0A4C26DBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B0D82876-6CD3-4539-B0DB-5607EC501334}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [UDP Query User{D86762D7-8E5F-49DC-B759-E35DCA5D8D8A}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [TCP Query User{A5A3E0E1-89B4-41A7-B960-00FD9CEA3504}C:\program files (x86)\readon technology\readon tv movie radio player 7.5.0.0\internettv.exe] => (Allow) C:\program files (x86)\readon technology\readon tv movie radio player 7.5.0.0\internettv.exe
FirewallRules: [UDP Query User{54369669-1966-4A55-805F-2CAE395F96BC}C:\program files (x86)\readon technology\readon tv movie radio player 7.5.0.0\internettv.exe] => (Allow) C:\program files (x86)\readon technology\readon tv movie radio player 7.5.0.0\internettv.exe
FirewallRules: [{0B1BF194-D553-46E4-AB8B-45C258488789}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\JakstaNM.exe
FirewallRules: [{F44EF3A2-9C69-4DD9-993B-54C16DB0032E}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\JakstaNM.exe
FirewallRules: [{C8E22DB1-8A5E-4AE1-979A-E60F9A80AD18}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\JakstaNM.exe
FirewallRules: [{DB4EF95A-1ADF-48EB-A845-81B62995D47B}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\JakstaNM.exe
FirewallRules: [TCP Query User{B27A67DD-2F9E-4F6B-8386-22B7F38C1131}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [UDP Query User{4A437808-1866-4F2F-8231-FA7C395E0AD5}C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\youtube-downloader\allmytube.exe
FirewallRules: [TCP Query User{26EC37C6-66DC-45B6-A59E-C6A4B7414774}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{585962AF-5222-42CE-BBA1-4D94A85E28EB}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{64239AF1-64D5-44C8-9C2D-441601854E2F}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [UDP Query User{AF1302D9-D348-44F4-A640-376E1A9CF39A}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [TCP Query User{153436B1-1943-4054-A97F-0F68C5E6A7AB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{21075AAD-09E0-44F9-B536-6BAD40CBFEA8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{80163A0A-891B-4627-8E05-5BAF79A4DD62}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{43FC8ECF-00ED-4211-BD7D-F986F0992F97}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jmrp.exe
FirewallRules: [{5E1B9AE5-6B0B-4B67-9D7F-64B9A67EAAA1}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jmrp.exe
FirewallRules: [{41311636-F5C1-4D46-AAB9-6F0EE710E038}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbp.exe
FirewallRules: [{EB655A10-BF5D-4123-A82F-4E13922A87A9}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbp.exe
FirewallRules: [{B587F0CA-3EF4-4B1E-9528-1AED54CAA419}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbaxp.exe
FirewallRules: [{6988E5B3-C93B-4B58-8CF6-91E782785C1A}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\jbaxp.exe
FirewallRules: [{DA05E4C9-4EB4-47BD-BE02-046D238C09C5}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\ffmpeg.exe
FirewallRules: [{57FF3702-9ADB-461B-AA83-F6E2901CB497}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\ffmpeg.exe
FirewallRules: [{8A1FB7CC-E973-4863-8D4D-567BE387647D}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\dl.exe
FirewallRules: [{D4D45422-EF25-4518-BF7E-C87A804B6796}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\dl.exe
FirewallRules: [{80554DF5-96DB-4D55-950F-A5D4F58D5A0A}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\aria2c.exe
FirewallRules: [{28EBADDD-912F-4735-80A9-CF95622B76CD}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\aria2c.exe
FirewallRules: [{48D119EF-F534-4458-9277-301C96419955}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\qtCopy.exe
FirewallRules: [{41EE15CE-9397-4438-A96D-3182A60AEF6A}] => (Allow) C:\Program Files (x86)\Jaksta Technologies\Jaksta Media Recorder 6\qtCopy.exe
FirewallRules: [{465297E7-5217-498D-B887-A37F02F261F5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{36005DE9-376F-4F16-AC16-8EB5353EA93A}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{86218FED-ED5A-4A40-8919-675CD528B30E}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe
FirewallRules: [{5266B0D5-D60B-490E-9993-63A32DA9C2BB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{7A888BD9-F6D5-4D88-9720-347C963786E5}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8F8A7E7F-E85E-475D-9860-AD290646B8A8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{DEAC43E1-570F-40D5-9BB3-068F1F059B48}] => (Allow) LPort=4481
FirewallRules: [{D7066135-097B-4035-BDF8-9C0562CAC11D}] => (Allow) LPort=4481
FirewallRules: [{35404D73-F6A3-44E4-B3B8-9C8119A406DD}] => (Allow) LPort=4482
FirewallRules: [{58275330-A1B8-4D47-BDA5-65B743357096}] => (Allow) LPort=4482
FirewallRules: [{184212AA-F73D-4690-97BD-BBF187C27A7E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{14025CC7-0D1C-4373-9D44-9E7A3ED6DBE9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{2C9856D0-F17A-4B47-A2B8-D8E616279CA8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{1AE0CAFE-810A-49A8-B456-A178E31FA246}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [TCP Query User{BF659B63-61EC-43A9-8735-A81EE14EF256}C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe] => (Allow) C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe
FirewallRules: [UDP Query User{713467AB-9C8F-4118-BB5E-785F047FCA15}C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe] => (Allow) C:\program files (x86)\jaksta technologies\jaksta media recorder 7\jmrp.exe
FirewallRules: [{E7FF2F1E-2CCD-4C0A-AF92-A6A55AD55032}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{C953D3F3-6085-4AE6-9C9B-DB57E0815EAE}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{E4E62EEB-9D1E-44CC-A8E7-D81441517C95}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{4A3ACD36-8AAC-493B-804D-635654AAB32A}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{98444A4F-DFF9-4B37-B589-26E77E372460}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{34D8C8C8-F2F2-4F35-A45D-A9C2FED954A7}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{568DCDC8-BAD0-49BC-96E1-B60EBF603D2E}] => (Allow) C:\Program Files (x86)\stashimi\stashimi 2016\Audials.exe
FirewallRules: [{794503F4-6942-4569-9CF2-441649BF57A6}] => (Allow) C:\Program Files (x86)\Audials\Audials 11\Audials.exe
FirewallRules: [{62036B6F-71B3-4789-B06D-7F78FBD385E9}] => (Allow) C:\Program Files (x86)\Audials\Audials 2017\Audials.exe
FirewallRules: [{8362655A-0FA6-47AD-BF3A-E4058196FFEA}] => (Allow) LPort=12972
FirewallRules: [{A528F88B-07AF-4875-B70F-2FB8C47999FC}] => (Allow) LPort=14714
FirewallRules: [{62FC0BEF-185E-449D-AEFD-8E4F8B0B0B13}] => (Allow) LPort=31931
FirewallRules: [{E07E6693-01F8-4A20-8397-7E38EEC06E78}] => (Allow) C:\Users\sadd\Downloads\Audials_One-Setup.exe
FirewallRules: [{56F5F40A-EBC3-4972-90DA-422163BB6C4E}] => (Allow) C:\Users\sadd\Downloads\Audials_One-Setup.exe
FirewallRules: [{E7917050-69B4-4920-BB85-FCD287A0CF20}] => (Allow) C:\Users\sadd\Downloads\Audials_One-Setup.exe
FirewallRules: [{921E6E1D-3F68-42EF-8C19-986BE5A75104}] => (Allow) C:\Users\sadd\Downloads\Audials_One-Setup.exe
FirewallRules: [{C6CC95B1-C0B7-4543-AC50-25BEC69F65FA}] => (Allow) C:\Program Files (x86)\Audials\Audials 2018\Audials.exe
FirewallRules: [{EF498CF8-DBDF-4043-8B4A-875C2CD5C87B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6168AB39-D682-4CDF-A96B-966BF7D6E25C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1A244B74-D8B3-4412-A7C6-D35E49020D62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{62D39F1B-D60F-48C1-9003-A9F2030A71A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{CE5CFB86-1284-48F1-8E61-883B0950DB82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{96C96EC6-7CD2-49C0-B8D5-0687411EC222}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{50CB0084-D0CE-44CB-AB52-1CCB81F57FB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6CBEA935-1381-4D2F-B65E-A20BCF438E90}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F8D66F8D-3C4D-4E1F-A3F9-095E458581F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3062BEDF-B335-43DA-A5F9-F5D83A0AED92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B0BA365F-11B4-4C40-8D96-2D1B26B7EAA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{514F61B4-EDA6-4E5D-B21B-7E2C59A3C36B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

14-06-2018 12:13:29 Windows Modules Installer
19-06-2018 18:25:18 Windows Modules Installer
29-06-2018 23:21:05 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2018 06:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 0.0.0.0, time stamp: 0x52afac92
Faulting module name: ntdll.dll, version: 10.0.17134.112, time stamp: 0xcfe5bd82
Exception code: 0xc0000005
Fault offset: 0x00092be4
Faulting process id: 0x1ce4
Faulting application start time: 0x01d412583454c1e0
Faulting application path: C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1611032b-3471-4a1c-b1d2-4b75942bdedd
Faulting package full name:
Faulting package-relative application ID:

Error: (07/02/2018 05:46:32 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {00000000-0002-0000-0000-000010010000}. The error code was 0x80010114.

Error: (07/02/2018 08:49:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (4600,R,98) {336681C9-D65D-484D-9FF5-4BA7ED90A3C6}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb00004.log.

Error: (07/02/2018 01:17:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578

Error: (07/02/2018 01:17:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15578

Error: (07/02/2018 01:17:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/30/2018 08:47:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2018 09:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 0.0.0.0, time stamp: 0x52afac92
Faulting module name: ntdll.dll, version: 10.0.17134.112, time stamp: 0xcfe5bd82
Exception code: 0xc0000005
Fault offset: 0x00092be4
Faulting process id: 0x20a4
Faulting application start time: 0x01d41012170f2ea5
Faulting application path: C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 84329cea-d684-4fdf-bde6-3f584df121b3
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (07/03/2018 03:22:51 PM) (Source: DCOM) (EventID: 10016) (User: JOJO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user jojo\sadd SID (S-1-5-21-1861271705-2052905311-3892416565-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 01:22:13 PM) (Source: DCOM) (EventID: 10010) (User: JOJO)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (07/03/2018 01:22:13 PM) (Source: DCOM) (EventID: 10010) (User: JOJO)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (07/03/2018 09:59:40 AM) (Source: DCOM) (EventID: 10010) (User: JOJO)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (07/03/2018 09:59:40 AM) (Source: DCOM) (EventID: 10010) (User: JOJO)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (07/03/2018 09:22:19 AM) (Source: DCOM) (EventID: 10016) (User: JOJO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user jojo\sadd SID (S-1-5-21-1861271705-2052905311-3892416565-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 09:21:28 AM) (Source: DCOM) (EventID: 10016) (User: JOJO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user jojo\sadd SID (S-1-5-21-1861271705-2052905311-3892416565-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 12:44:41 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5


CodeIntegrity:
===================================

Date: 2018-07-03 13:34:55.396
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-03 13:34:55.391
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-03 13:34:55.389
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-03 13:34:55.361
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-03 13:27:36.662
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-03 13:27:06.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-03 13:26:35.649
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-03 13:22:30.707
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 48%
Total physical RAM: 8104.49 MB
Available physical RAM: 4166.23 MB
Total Virtual: 23104.49 MB
Available Virtual: 18984.25 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:916.97 GB) (Free:334.37 GB) NTFS
Drive k: (FreeAgent GoFlex) (Fixed) (Total:2794.51 GB) (Free:2064.71 GB) NTFS

\\?\Volume{0bde0b72-88bc-11e1-b0c9-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{0bde0b71-88bc-11e1-b0c9-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:14 GB) (Free:5.32 GB) NTFS
\\?\Volume{efc7910a-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EFC7910A)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================


  • 0

#5
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Thank you for taking the time Rkinner.


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,797 posts
  • MVP

Uninstall:

 

Bonjour (this version doesn't work on Win 10.  If you need it get or update itunes and it should install the latest version.)

 

Malwarebytes (It seems to have an unsigned driver in this version and Windows is blocking it from loading)

 

RealPlayer Cloud (errors - perhaps a new install would help)

 

 

 

This PC has had Spybot S&D installed.  If Spybot was allowed to "immunize" the system the permissions may be messed. 

 

I'm not seeing any malware.  The proxy appears to be from Ultimate Video Downloader.

 

Let's check some basic stuff:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0

#7
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I haven't disappeared. I will get things things done tonight after I get off of work.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,797 posts
  • MVP

No hurry.  I don't keep track.  Just answer posts when they appear in my inbox.


  • 0

#9
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I have uninstalled the three: Bonjour, Malwarebytes, and Realplayer Cloud.

 

When I try to run the DISM /Cleanup-Imgage /RestoreHelth in command promp, I get this response.
"Error: 87

The cleanup image option is unkown. For more information, refer to the help by runing DISM.exe /? The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

"

 

I did run the sfc /scannow and it gave me a "Windows did  not find any integrity violations," response.


  • 0

#10
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

VIEW.exe *system *error *warning *log query system  "20"

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2018 3:16:45 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/07/2018 10:54:23 PM
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Microsoft Visual Studio Location Simulator Sensor (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 02/07/2018 10:54:23 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 30/06/2018 1:26:12 AM
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Microsoft Visual Studio Location Simulator Sensor (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 30/06/2018 1:26:12 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 29/06/2018 1:56:11 AM
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Microsoft Visual Studio Location Simulator Sensor (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 29/06/2018 1:56:11 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 28/06/2018 3:17:14 AM
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Microsoft Visual Studio Location Simulator Sensor (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 28/06/2018 3:17:14 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 27/06/2018 1:24:13 PM
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Microsoft Visual Studio Location Simulator Sensor (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 27/06/2018 1:24:13 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2018 7:15:17 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user jojo\sadd SID (S-1-5-21-1861271705-2052905311-3892416565-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 6:49:41 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:41 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:38 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:21 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:49:21 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:42:22 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user jojo\sadd SID (S-1-5-21-1861271705-2052905311-3892416565-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 6:11:13 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:11:13 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:04:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:04:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:03:00 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:03:00 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:02:50 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/07/2018 6:02:50 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2018 5:18:45 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2018 4:32:14 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/07/2018 12:44:51 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/07/2018 9:00:28 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/07/2018 2:58:37 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/07/2018 1:47:05 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 04/07/2018 1:35:28 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 04/07/2018 2:49:04 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.sinnandskinn.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 03/07/2018 5:10:46 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 02/07/2018 10:54:17 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 02/07/2018 10:53:38 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\WPD\0000.
 
Log: 'System' Date/Time: 02/07/2018 2:10:56 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name findmeatune.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 01/07/2018 7:18:59 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 01/07/2018 3:27:47 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name costaricaticas.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 30/06/2018 5:31:42 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name sexyebony.org timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 30/06/2018 1:43:29 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 30/06/2018 3:08:16 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 30/06/2018 1:26:17 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 30/06/2018 1:25:43 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\WPD\0000.
 
Log: 'System' Date/Time: 29/06/2018 2:10:51 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

  • 0

Advertisements


#11
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

VIEW.exe *applications *error *warning *log query system  "20"

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2018 3:18:20 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/07/2018 7:09:48 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 08/07/2018 7:06:22 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:20 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:19 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:19 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:18 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:18 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:18 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:18 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:18 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:17 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:06:17 PM
Type: Error Category: 0
Event: 11500 Source: MsiInstaller
Product: BlackBerry Desktop Software 7.1 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Log: 'Application' Date/Time: 08/07/2018 7:03:56 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 08/07/2018 6:16:03 PM
Type: Error Category: 3
Event: 455 Source: ESENT
taskhostw (13036,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\sadd\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Log: 'Application' Date/Time: 08/07/2018 6:16:03 PM
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (13036,R,98) WebCacheLocal: An attempt to open the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Log: 'Application' Date/Time: 08/07/2018 5:01:24 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2 Faulting module name: NotificationController.dll, version: 10.0.17134.1, time stamp: 0x498118f8 Exception code: 0xc0000005 Fault offset: 0x000000000007c636 Faulting process id: 0x3b28 Faulting application start time: 0x01d4160df7a45786 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: C:\Windows\System32\NotificationController.dll Report Id: a444fcf4-24c3-49dd-a7d0-c81e82eea50e Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 07/07/2018 4:16:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2 Faulting module name: NotificationController.dll, version: 10.0.17134.1, time stamp: 0x498118f8 Exception code: 0xc0000005 Fault offset: 0x000000000007a25d Faulting process id: 0x28e8 Faulting application start time: 0x01d415fabb827b25 Faulting application path: c:\windows\system32\svchost.exe Faulting module path: C:\Windows\System32\NotificationController.dll Report Id: 5966426f-46ea-49e8-9294-a8f187cce19e Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 07/07/2018 4:08:44 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{0765012B-51F6-4868-875E-9C14755B338C}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
Log: 'Application' Date/Time: 07/07/2018 2:00:18 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Explorer.EXE, version: 10.0.17134.1, time stamp: 0x425b30b2 Faulting module name: twinui.pcshell.dll, version: 10.0.17134.1, time stamp: 0xd973997c Exception code: 0x80270233 Fault offset: 0x0000000000305fc3 Faulting process id: 0x3d28 Faulting application start time: 0x01d415fad1da8fc3 Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll Report Id: a30c65f0-6ad5-4a9b-8c8f-2d26cc39398e Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 07/07/2018 4:44:04 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/07/2018 7:13:46 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-1861271705-2052905311-3892416565-1000}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
An internal error occurred in the Microsoft Windows HTTP Services  (HRESULT : 0x80072ee4) (0x80072ee4)
 
 
Log: 'Application' Date/Time: 06/07/2018 12:51:04 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (15140,R,98) WebCacheLocal: The shadow header page of file C:\Users\sadd\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.
 
Log: 'Application' Date/Time: 03/07/2018 3:02:51 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe' (pid 11324) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 02/07/2018 1:50:34 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4600,D,0) {46639B5A-0E7B-4E99-8576-2F115E5B1571}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.log" at offset 0 (0x0000000000000000) for 393216 (0x00060000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 30/06/2018 5:49:50 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-1861271705-2052905311-3892416565-1000}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
An internal error occurred in the Microsoft Windows HTTP Services  (HRESULT : 0x80072ee4) (0x80072ee4)
 
 
Log: 'Application' Date/Time: 30/06/2018 5:47:56 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <iehistory://{S-1-5-21-1861271705-2052905311-3892416565-1000}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
An internal error occurred in the Microsoft Windows HTTP Services  (HRESULT : 0x80072ee4) (0x80072ee4)
 
 
Log: 'Application' Date/Time: 30/06/2018 1:38:01 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (10796,D,0) {4B6345A2-28A2-468E-ADFD-4D8CD7810A85}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edbtmp.log" at offset 0 (0x0000000000000000) for 393216 (0x00060000) bytes succeeded, but took an abnormally long time (17 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 30/06/2018 1:34:47 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (10796,D,0) {A899B3B0-E303-4CCE-A5CB-8122A74C69A7}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.log" at offset 0 (0x0000000000000000) for 393216 (0x00060000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 30/06/2018 1:24:57 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 30/06/2018 1:24:57 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 29/06/2018 2:11:10 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 29/06/2018 2:02:28 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1500,D,0) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 659456 (0x00000000000a1000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (18 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:23:03 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (7536,T,0) {D6C36AF5-9B0D-4809-AC62-41C032EE7901}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.jfm" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:22:51 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (7536,T,0) {D6C36AF5-9B0D-4809-AC62-41C032EE7901}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.jfm" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:15:07 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (7536,T,0) {AB5E0B95-B4E2-46AA-9F6C-446F7862C4CA}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.jfm" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (19 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:14:02 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (7536,T,0) {AB5E0B95-B4E2-46AA-9F6C-446F7862C4CA}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1622016 (0x000000000018c000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (21 seconds) to be serviced by the OS. In addition, 5 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 166 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:11:39 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (7536,D,0) {AB5E0B95-B4E2-46AA-9F6C-446F7862C4CA}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" at offset 143360 (0x0000000000023000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (22 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 74 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:11:06 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (7536,D,0) {AB5E0B95-B4E2-46AA-9F6C-446F7862C4CA}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 983040 (0x00000000000f0000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (36 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:11:06 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (7536,D,0) {AB5E0B95-B4E2-46AA-9F6C-446F7862C4CA}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 983040 (0x00000000000f0000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 27/06/2018 11:11:06 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (7536,D,0) {D6C36AF5-9B0D-4809-AC62-41C032EE7901}: A request to write to the file "C:\Users\sadd\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb.log" at offset 53248 (0x000000000000d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (36 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

  • 0

#12
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Process Explorer txt, with the options you said to select, selected

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ApplicationFrameHost.exe 26,384 K 44,904 K 15416 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 4,956 K 9,148 K 8052 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
browser_broker.exe 1,920 K 9,180 K 9840 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 4,112 K 10,304 K 7848 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,020 K 10,604 K 15500 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 20,592 K 24,152 K 8760 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 20,144 K 23,740 K 15544 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,200 K 25,492 K 5244 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 20,160 K 24,328 K 12636 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 20,116 K 24,408 K 804 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,184 K 24,704 K 15948 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 20,872 K 23,972 K 6668 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 36,060 K 30,176 K 11704 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 32,052 K 26,996 K 17380 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 41,924 K 42,172 K 3268 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 12,860 K 21,580 K 12100 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 78,096 K 48,176 K 9884 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 57,336 K 40,136 K 16328 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,724 K 26,724 K 11160 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,012 K 25,028 K 16516 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,964 K 28,684 K 8868 Google Chrome Google Inc. (Verified) Google Inc
conhost.exe 1,456 K 5,188 K 4568 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,700 K 6,456 K 4916 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 2,104 K 2,084 K 544 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ctfmon.exe 8,924 K 19,024 K 15244 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,296 K 9,452 K 5200 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,852 K 7,784 K 7540 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
EPCP.exe 13,836 K 17,224 K 3948 Epson Customer Research Participation SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
escsvc64.exe 1,888 K 4,360 K 3532 Epson Scanner Service (64bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
fontdrvhost.exe 1,484 K 3,284 K 16584 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 3,580 K 1,316 K 892 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 2,588 K 5,456 K 11036 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe 2,280 K 212 K 7052 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 2,028 K 232 K 4656 Google Crash Handler Google Inc. (Verified) Google Inc
hkcmd.exe 1,776 K 7,684 K 2176 hkcmd Module Intel Corporation (Verified) Intel® pGFX
igfxpers.exe 2,444 K 10,416 K 11260 persistence Module Intel Corporation (Verified) Intel® pGFX
igfxtray.exe 1,816 K 7,828 K 4472 igfxTray Module Intel Corporation (Verified) Intel® pGFX
LogonUI.exe 1,624 K 7,396 K 12560 Windows Logon User Interface Host Microsoft Corporation (Verified) Microsoft Windows
Magnify.exe 4,156 K 14,916 K 17652 Microsoft Screen Magnifier Microsoft Corporation (Verified) Microsoft Windows
Memory Compression 1,496 K 475,872 K 1864
Microsoft.Photos.exe Suspended 301,632 K 364,544 K 18120 (No signature was present in the subject)
MicrosoftEdge.exe Suspended 24,272 K 49,896 K 5756 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 46,088 K 73,012 K 12764 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 5,652 K 23,712 K 14060 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 6,108 K 25,200 K 6032 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 6,052 K 24,996 K 17056 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
mqsvc.exe 4,792 K 3,656 K 2624 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
NASvc.exe 3,084 K 2,480 K 8328 NeroUpdate Nero AG (Verified) Nero AG
PCMaticRT.exe 1,972 K 10,404 K 11176 PC Matic Super Shield PC Pitstop (Verified) P.C. Pitstop LLC
pcmaticrt-setup_3.0.5.0.exe 4,136 K 1,708 K 7784 Install PC Matic Super Shield 0000                          PC Pitstop                                                  (Verified) P.C. Pitstop LLC
pcmaticrt-setup_3.0.5.0.tmp 13,668 K 2,640 K 6504 Setup/Uninstall (Verified) P.C. Pitstop LLC
PCPitstopScheduleService.exe 1,724 K 2,376 K 2448 PC Pitstop Scheduler Service PC Pitstop LLC (Verified) P.C. Pitstop LLC
Plex Tuner Service.exe 4,192 K 9,392 K 11912 Plex Tuner Service Plex (Verified) Plex
Plex Update Service.exe 2,304 K 2,032 K 4628 Plex Update Service Plex, Inc. (Verified) Plex
procexp.exe 3,120 K 10,436 K 15440 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RAVCpl64.exe 7,684 K 11,868 K 13796 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
realsched.exe 2,184 K 444 K 7352
Registry 2,232 K 38,336 K 96
RemindersServer.exe Suspended 12,780 K 31,980 K 1176 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,152 K 14,044 K 8980 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 12,604 K 36,416 K 4032 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,156 K 16,920 K 11364 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,220 K 15,280 K 2852 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,428 K 27,640 K 7236 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 20,628 K 44,080 K 15044 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,092 K 21,432 K 5280 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 64,456 K 59,916 K 4620 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 125,832 K 193,732 K 2876 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 3,828 K 7,728 K 4484 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 5,864 K 6,120 K 700 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
sethc.exe 1,592 K 6,404 K 4104 Accessibility shortcut keys Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 14,924 K 10,720 K 11040 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 4,608 K 4,500 K 1640 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 43,248 K 94,700 K 8876 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 8,492 K 27,848 K 540 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 28,464 K 10,724 K 15836 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 504 K 436 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
sqlwriter.exe 2,312 K 2,728 K 6340 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 2,760 K 2,196 K 4744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,932 K 2,184 K 7508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,836 K 6,900 K 8828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,432 K 2,284 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,224 K 2,384 K 9280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,808 K 3,496 K 6224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,888 K 21,912 K 15868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,288 K 5,400 K 12668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 27,152 K 13,904 K 3052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,620 K 1,528 K 928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,720 K 5,124 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,048 K 6,224 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,292 K 2,480 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,332 K 3,832 K 2032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,672 K 5,008 K 1952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,508 K 3,336 K 2384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,628 K 6,744 K 2000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,484 K 3,500 K 2336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,536 K 9,748 K 2716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,328 K 2,304 K 2940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,300 K 10,728 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,472 K 5,728 K 2952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,428 K 3,492 K 3648 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,608 K 13,176 K 3524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,064 K 1,812 K 3632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,800 K 2,416 K 3588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,208 K 14,572 K 4128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,952 K 4,908 K 4440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,600 K 5,824 K 5608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,296 K 6,816 K 3560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,360 K 4,276 K 5232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,956 K 3,700 K 3664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,316 K 8,484 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,220 K 6,776 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,296 K 3,308 K 644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,836 K 2,096 K 1764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,204 K 4,208 K 1848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,448 K 4,640 K 3580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,140 K 6,104 K 7404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 16,736 K 12,144 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,740 K 5,216 K 1504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,720 K 4,088 K 2028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,728 K 14,480 K 2552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,896 K 4,244 K 3252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,952 K 14,392 K 2772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 21,880 K 30,032 K 3656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,084 K 7,236 K 3684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,812 K 6,032 K 616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,984 K 5,304 K 1212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,636 K 4,004 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,728 K 13,888 K 6884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,012 K 3,584 K 7332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,916 K 7,220 K 7528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,476 K 7,456 K 2888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,980 K 12,932 K 3624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,124 K 33,244 K 15864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,680 K 6,356 K 500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 41,476 K 31,924 K 3544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,548 K 4,300 K 1856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,704 K 6,700 K 3616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,048 K 8,060 K 12260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,260 K 7,060 K 2100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,636 K 14,488 K 14504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,856 K 11,532 K 8080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,652 K 10,432 K 6480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SystemSettings.exe Suspended 19,136 K 45,636 K 1684 Settings Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,944 K 16,080 K 13036 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,536 K 2,612 K 8404 User Notification Service Intel Corporation (Verified) Intel Corporation
unsecapp.exe 2,252 K 8,276 K 10504 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe 1,684 K 1,820 K 7500 Updater Service Acer Incorporated (Verified) Acer Incorporated
Video.UI.exe Suspended 16,300 K 31,476 K 9612 (No signature was present in the subject)
wininit.exe 1,576 K 3,044 K 620 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 1,956 K 7,204 K 2116 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,580 K 9,172 K 8872 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 31,996 K 61,928 K 18080 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe 2,480 K 8,788 K 18180 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 11,516 K 2,588 K 552 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 2,332 K 2,036 K 4300 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 2,584 K 3,140 K 2652 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,584 K 4,112 K 2224 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 8,680 K 21,344 K 17340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
FUFAXSTM.exe < 0.01 9,136 K 15,028 K 18360 Fax Transmission SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
FUFAXRCV.exe < 0.01 5,892 K 12,540 K 1560 Fax Reception SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
svchost.exe < 0.01 4,160 K 7,168 K 812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 21,240 K 26,264 K 18396 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 3,592 K 4,808 K 2132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 117,796 K 100,380 K 6096 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 23,300 K 29,056 K 1000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,120 K 6,120 K 2196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe < 0.01 10,940 K 14,868 K 4112 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 11,512 K 14,344 K 488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 16,608 K 11,192 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 52,040 K 51,876 K 6536 Google Chrome Google Inc. (Verified) Google Inc
EEventManager.exe < 0.01 2,796 K 10,696 K 336 EEventManager Application SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
chrome.exe 0.01 35,292 K 51,072 K 15696 Google Chrome Google Inc. (Verified) Google Inc
lsass.exe 0.01 18,124 K 15,492 K 712 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
cmcore.exe 0.01 28,880 K 5,060 K 2752 Cheetah Mobile,Inc. (Verified) Cheetah Mobile Inc.
spoolsv.exe 0.01 12,092 K 13,288 K 3276 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 34,276 K 46,496 K 16840 Google Chrome Google Inc. (Verified) Google Inc
CCleaner.exe 0.01 18,304 K 29,768 K 17252 CCleaner Piriform Ltd (Verified) Piriform Ltd
svchost.exe 0.01 7,124 K 11,632 K 4048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
E_YATIKDE.EXE 0.01 4,736 K 9,452 K 912 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
KHALMNPR.exe 0.02 4,244 K 11,084 K 17804 Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
PCPitstopRTService.exe 0.02 244,532 K 15,084 K 3572 PC Matic Super Shield Service PC Pitstop (Verified) P.C. Pitstop LLC
dwm.exe 0.02 23,128 K 25,616 K 7668 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 3,384 K 4,428 K 4404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CiscoVideoGuardMonitor.exe 0.02 2,712 K 10,136 K 11236 CiscoVideoGuardMonitor Cisco (Verified) Cisco Video Technologies Israel Ltd.
AppleMobileDeviceService.exe 0.02 3,820 K 3,876 K 3516 MobileDeviceService Apple Inc. (Verified) Apple Inc.
LMS.exe 0.02 5,728 K 5,436 K 8060 Local Manageability Service Intel Corporation (Verified) Intel Corporation
chrome.exe 0.03 25,820 K 32,936 K 6880 Google Chrome Google Inc. (Verified) Google Inc
PlexScriptHost.exe 0.03 28,236 K 28,180 K 17244 Python Python Software Foundation (Verified) Plex
Magnify.exe 0.03 5,060 K 24,260 K 14988 Microsoft Screen Magnifier Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.04 118,632 K 161,040 K 18372 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.04 81,600 K 151,788 K 1144 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.09 66,460 K 88,880 K 14164 Google Chrome Google Inc. (Verified) Google Inc
SetPoint.exe 0.11 19,476 K 26,200 K 16808 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech Inc
svchost.exe 0.18 10,176 K 16,140 K 2520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.19 2,732 K 5,300 K 1404 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
SpeechRuntime.exe 0.22 17,588 K 22,296 K 13224 Speech Runtime Executable Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.23 82,752 K 74,184 K 17600 Google Chrome Google Inc. (Verified) Google Inc
Plex DLNA Server.exe 0.39 783,332 K 239,720 K 13908 Plex Media Server DLNA Service Plex, Inc. (Verified) Plex
audiodg.exe 0.53 10,200 K 16,204 K 4180 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
UninstallMonitor.exe 0.56 27,556 K 2,852 K 6820 UninstallerMonitor IObit (Verified) IObit Information Technology
dwm.exe 0.66 59,236 K 58,336 K 1236 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.92 99,520 K 101,164 K 1756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 0.94 8,416 K 15,932 K 10888 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
System 1.05 228 K 19,412 K 4
Interrupts 1.16 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 2.47 55,784 K 87,700 K 10388 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Plex Media Server.exe 7.57 74,804 K 67,076 K 10484 Plex Media Server Plex, Inc. (Verified) Plex
System Idle Process 82.33 52 K 8 K 0

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,797 posts
  • MVP

Expect you are typing it wrong.

Copy the next line:

 

DISM  /Online  /Cleanup-Image  /RestoreHealth

 

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter

 

Once that runs copy the next line:

FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 

and paste it into an Elevated Command Prompt

and hit Enter.  This will give a few errors but it will clean out the event logs so that we only see new stuff.

 

Reboot and run vew again as before.


  • 0

#14
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Lines copied and pasted into command promp, response text below...

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        96 N/A                                         
smss.exe                       376 N/A                                         
csrss.exe                      544 N/A                                         
wininit.exe                    620 N/A                                         
services.exe                   700 N/A                                         
lsass.exe                      712 KeyIso, SamSs, VaultSvc                     
fontdrvhost.exe                892 N/A                                         
svchost.exe                    928 PlugPlay                                    
svchost.exe                   1000 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                    488 RpcEptMapper, RpcSs                         
svchost.exe                    616 LSM                                         
svchost.exe                   1212 TermService                                 
svchost.exe                   1296 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   1328 NcbService                                  
svchost.exe                   1456 Schedule                                    
svchost.exe                   1464 EventLog                                    
svchost.exe                   1504 TimeBrokerSvc                               
svchost.exe                   1512 ProfSvc                                     
svchost.exe                   1540 hidserv                                     
svchost.exe                   1660 UserManager                                 
svchost.exe                   1756 SysMain                                     
svchost.exe                   1764 Themes                                      
svchost.exe                   1848 nsi                                         
svchost.exe                   1856 EventSystem                                 
Memory Compression            1864 N/A                                         
svchost.exe                   1952 SENS                                        
svchost.exe                   2008 lfsvc                                       
svchost.exe                   2032 AudioEndpointBuilder                        
svchost.exe                   2028 Dhcp                                        
svchost.exe                   2000 FontCache                                   
svchost.exe                   2100 NlaSvc                                      
svchost.exe                   2132 Dnscache                                    
svchost.exe                   2196 netprofm                                    
svchost.exe                   2336 LanmanWorkstation                           
svchost.exe                   2384 SessionEnv                                  
svchost.exe                   2716 Audiosrv                                    
svchost.exe                   2772 StateRepository                             
svchost.exe                   2940 DusmSvc                                     
svchost.exe                   2952 Wcmsvc                                      
svchost.exe                   1044 WlanSvc                                     
svchost.exe                   2520 Winmgmt                                     
cmcore.exe                    2752 cmcore                                      
svchost.exe                   2888 ShellHWDetection                            
spoolsv.exe                   3276 Spooler                                     
AppleMobileDeviceService.     3516 Apple Mobile Device Service                 
svchost.exe                   3524 CryptSvc                                    
escsvc64.exe                  3532 EpsonScanSvc                                
svchost.exe                   3544 DPS                                         
svchost.exe                   3560 iphlpsvc                                    
svchost.exe                   3580 FDResPub                                    
svchost.exe                   3588 TrkWks                                      
svchost.exe                   3616 stisvc                                      
svchost.exe                   3624 WpnService                                  
svchost.exe                   3632 SstpSvc                                     
svchost.exe                   3648 AppHostSvc                                  
svchost.exe                   3656 DiagTrack                                   
svchost.exe                   3664 DeviceAssociationService                    
EPCP.exe                      3948 EpsonCustomerResearchParticipation          
svchost.exe                   3252 LanmanServer                                
mqsvc.exe                     2624 MSMQ                                        
WUDFHost.exe                  2652 N/A                                         
dasHost.exe                   4112 N/A                                         
svchost.exe                   4128 WdiServiceHost                              
WUDFHost.exe                  4300 N/A                                         
svchost.exe                   4404 SSDPSRV                                     
svchost.exe                   4440 RasMan                                      
SecurityHealthService.exe     4484 SecurityHealthService                       
SearchIndexer.exe             4620 WSearch                                     
Plex Update Service.exe       4628 PlexUpdateService                           
PCPitstopScheduleService.     2448 PCPitstop Scheduling                        
svchost.exe                   5232 PolicyAgent                                 
svchost.exe                   6884 TokenBroker                                 
wmpnetwk.exe                   552 WMPNetworkSvc                               
svchost.exe                    644 TabletInputService                          
svchost.exe                   6480 CDPSvc                                      
GoogleCrashHandler.exe        7052 N/A                                         
GoogleCrashHandler64.exe      4656 N/A                                         
svchost.exe                   2552 LicenseManager                              
svchost.exe                    812 upnphost                                    
svchost.exe                   3684 PcaSvc                                      
svchost.exe                   7332 Appinfo                                     
armsvc.exe                    8052 AdobeARMservice                             
svchost.exe                   8080 BITS                                        
svchost.exe                   3052 UsoSvc                                      
svchost.exe                   4048 DoSvc                                       
svchost.exe                   4744 RmSvc                                       
UpdaterService.exe            7500 Live Updater Service                        
LMS.exe                       8060 LMS                                         
SgrmBroker.exe                1640 SgrmBroker                                  
sqlwriter.exe                 6340 SQLWriter                                   
svchost.exe                   7404 wscsvc                                      
svchost.exe                   7508 Netman                                      
NASvc.exe                     8328 NAUpdate                                    
UNS.exe                       8404 UNS                                         
svchost.exe                   8828 StorSvc                                     
pcmaticrt-setup_3.0.5.0.e     7784 N/A                                         
pcmaticrt-setup_3.0.5.0.t     6504 N/A                                         
PCPitstopRTService.exe        3572 PCPitstop Realtime                          
svchost.exe                   5032 SensorService                               
svchost.exe                   9280 DsSvc                                       
svchost.exe                   6224 BthAvctpSvc                                 
svchost.exe                  14504 wlidsvc                                     
csrss.exe                     2224 N/A                                         
winlogon.exe                  2116 N/A                                         
fontdrvhost.exe              16584 N/A                                         
dwm.exe                       7668 N/A                                         
LogonUI.exe                  12560 N/A                                         
sethc.exe                     4104 N/A                                         
Magnify.exe                  17652 N/A                                         
csrss.exe                     1404 N/A                                         
winlogon.exe                  8872 N/A                                         
fontdrvhost.exe              11036 N/A                                         
dwm.exe                       1236 N/A                                         
svchost.exe                   7528 WinHttpAutoProxySvc                         
svchost.exe                  17340 CDPUserSvc_221b2386                         
svchost.exe                  15864 WpnUserService_221b2386                     
svchost.exe                    500 lmhosts                                     
sihost.exe                     540 N/A                                         
taskhostw.exe                13036 N/A                                         
svchost.exe                  12260 NcdAutoSetup                                
SettingSyncHost.exe          11040 N/A                                         
explorer.exe                  1144 N/A                                         
ctfmon.exe                   15244 N/A                                         
SkypeHost.exe                15836 N/A                                         
svchost.exe                  15868 OneSyncSvc_221b2386,                        
                                   PimIndexMaintenanceSvc_221b2386,            
                                   UnistoreSvc_221b2386, UserDataSvc_221b2386  
RAVCpl64.exe                 13796 N/A                                         
SetPoint.exe                 16808 N/A                                         
igfxtray.exe                  4472 N/A                                         
hkcmd.exe                     2176 N/A                                         
igfxpers.exe                 11260 N/A                                         
Plex Media Server.exe        10484 N/A                                         
E_YATIKDE.EXE                  912 N/A                                         
KHALMNPR.exe                 17804 N/A                                         
CiscoVideoGuardMonitor.ex    11236 N/A                                         
FUFAXRCV.exe                  1560 N/A                                         
FUFAXSTM.exe                 18360 N/A                                         
EEventManager.exe              336 N/A                                         
CCleaner.exe                 17252 N/A                                         
realsched.exe                 7352 N/A                                         
PlexScriptHost.exe           17244 N/A                                         
PCMaticRT.exe                11176 N/A                                         
conhost.exe                   4916 N/A                                         
Plex DLNA Server.exe         13908 N/A                                         
Plex Tuner Service.exe       11912 N/A                                         
conhost.exe                   4568 N/A                                         
WmiPrvSE.exe                 10888 N/A                                         
Microsoft.Photos.exe         18120 N/A                                         
unsecapp.exe                 10504 N/A                                         
RuntimeBroker.exe            15044 N/A                                         
RuntimeBroker.exe             2852 N/A                                         
RuntimeBroker.exe             7236 N/A                                         
ShellExperienceHost.exe       8876 N/A                                         
RuntimeBroker.exe             5280 N/A                                         
SearchUI.exe                  2876 N/A                                         
RuntimeBroker.exe             4032 N/A                                         
ApplicationFrameHost.exe     15416 N/A                                         
SpeechRuntime.exe            13224 N/A                                         
audiodg.exe                   4180 N/A                                         
RemindersServer.exe           1176 N/A                                         
UninstallMonitor.exe          6820 N/A                                         
svchost.exe                  12668 seclogon                                    
chrome.exe                   18372 N/A                                         
chrome.exe                    7848 N/A                                         
chrome.exe                   15500 N/A                                         
chrome.exe                    6096 N/A                                         
chrome.exe                   18396 N/A                                         
chrome.exe                    3268 N/A                                         
chrome.exe                   14164 N/A                                         
chrome.exe                    8868 N/A                                         
chrome.exe                    6880 N/A                                         
chrome.exe                   16840 N/A                                         
chrome.exe                   17600 N/A                                         
chrome.exe                   16328 N/A                                         
chrome.exe                    5244 N/A                                         
chrome.exe                   11704 N/A                                         
chrome.exe                    8760 N/A                                         
chrome.exe                   15948 N/A                                         
chrome.exe                   15544 N/A                                         
chrome.exe                   17380 N/A                                         
chrome.exe                    9884 N/A                                         
chrome.exe                    6668 N/A                                         
chrome.exe                   12636 N/A                                         
chrome.exe                     804 N/A                                         
chrome.exe                   16516 N/A                                         
chrome.exe                   15696 N/A                                         
chrome.exe                   11160 N/A                                         
chrome.exe                    6536 N/A                                         
dllhost.exe                   5200 N/A                                         
dllhost.exe                   7540 N/A                                         
WinStore.App.exe             18080 N/A                                         
RuntimeBroker.exe             8980 N/A                                         
MicrosoftEdge.exe             5756 N/A                                         
browser_broker.exe            9840 N/A                                         
RuntimeBroker.exe            11364 N/A                                         
MicrosoftEdgeCP.exe          12764 N/A                                         
MicrosoftEdgeCP.exe          14060 N/A                                         
MicrosoftEdgeCP.exe           6032 N/A                                         
MicrosoftEdgeCP.exe          17056 N/A                                         
Video.UI.exe                  9612 N/A                                         
SystemSettings.exe            1684 N/A                                         
chrome.exe                   12100 N/A                                         
svchost.exe                   5608 WdiSystemHost                               
Magnify.exe                  14988 N/A                                         
WmiPrvSE.exe                 18180 N/A                                         
smartscreen.exe               3928 N/A                                         
notepad.exe                  15788 N/A                                         
PlexScriptHost.exe           17376 N/A                                         
conhost.exe                  15184 N/A                                         
PlexScriptHost.exe            4228 N/A                                         
conhost.exe                   6036 N/A                                         
svchost.exe                    276 ClipSVC                                     
svchost.exe                  13624 camsvc                                      
svchost.exe                  11980 AppXSvc                                     
backgroundTaskHost.exe        8756 N/A                                         
WmiPrvSE.exe                 12756 N/A                                         
SearchProtocolHost.exe       16448 N/A                                         
SearchFilterHost.exe         16344 N/A                                         
dllhost.exe                  15924 N/A                                         
dllhost.exe                   7612 N/A                                         
cmd.exe                      16436 N/A                                         
conhost.exe                  17548 N/A                                         
tasklist.exe                 17844 N/A                                         

  • 0

#15
dlwtechquest

dlwtechquest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Lines copied and pasted into command promp, response text below...

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        96 N/A                                         
smss.exe                       376 N/A                                         
csrss.exe                      544 N/A                                         
wininit.exe                    620 N/A                                         
services.exe                   700 N/A                                         
lsass.exe                      712 KeyIso, SamSs, VaultSvc                     
fontdrvhost.exe                892 N/A                                         
svchost.exe                    928 PlugPlay                                    
svchost.exe                   1000 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                    488 RpcEptMapper, RpcSs                         
svchost.exe                    616 LSM                                         
svchost.exe                   1212 TermService                                 
svchost.exe                   1296 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   1328 NcbService                                  
svchost.exe                   1456 Schedule                                    
svchost.exe                   1464 EventLog                                    
svchost.exe                   1504 TimeBrokerSvc                               
svchost.exe                   1512 ProfSvc                                     
svchost.exe                   1540 hidserv                                     
svchost.exe                   1660 UserManager                                 
svchost.exe                   1756 SysMain                                     
svchost.exe                   1764 Themes                                      
svchost.exe                   1848 nsi                                         
svchost.exe                   1856 EventSystem                                 
Memory Compression            1864 N/A                                         
svchost.exe                   1952 SENS                                        
svchost.exe                   2008 lfsvc                                       
svchost.exe                   2032 AudioEndpointBuilder                        
svchost.exe                   2028 Dhcp                                        
svchost.exe                   2000 FontCache                                   
svchost.exe                   2100 NlaSvc                                      
svchost.exe                   2132 Dnscache                                    
svchost.exe                   2196 netprofm                                    
svchost.exe                   2336 LanmanWorkstation                           
svchost.exe                   2384 SessionEnv                                  
svchost.exe                   2716 Audiosrv                                    
svchost.exe                   2772 StateRepository                             
svchost.exe                   2940 DusmSvc                                     
svchost.exe                   2952 Wcmsvc                                      
svchost.exe                   1044 WlanSvc                                     
svchost.exe                   2520 Winmgmt                                     
cmcore.exe                    2752 cmcore                                      
svchost.exe                   2888 ShellHWDetection                            
spoolsv.exe                   3276 Spooler                                     
AppleMobileDeviceService.     3516 Apple Mobile Device Service                 
svchost.exe                   3524 CryptSvc                                    
escsvc64.exe                  3532 EpsonScanSvc                                
svchost.exe                   3544 DPS                                         
svchost.exe                   3560 iphlpsvc                                    
svchost.exe                   3580 FDResPub                                    
svchost.exe                   3588 TrkWks                                      
svchost.exe                   3616 stisvc                                      
svchost.exe                   3624 WpnService                                  
svchost.exe                   3632 SstpSvc                                     
svchost.exe                   3648 AppHostSvc                                  
svchost.exe                   3656 DiagTrack                                   
svchost.exe                   3664 DeviceAssociationService                    
EPCP.exe                      3948 EpsonCustomerResearchParticipation          
svchost.exe                   3252 LanmanServer                                
mqsvc.exe                     2624 MSMQ                                        
WUDFHost.exe                  2652 N/A                                         
dasHost.exe                   4112 N/A                                         
svchost.exe                   4128 WdiServiceHost                              
WUDFHost.exe                  4300 N/A                                         
svchost.exe                   4404 SSDPSRV                                     
svchost.exe                   4440 RasMan                                      
SecurityHealthService.exe     4484 SecurityHealthService                       
SearchIndexer.exe             4620 WSearch                                     
Plex Update Service.exe       4628 PlexUpdateService                           
PCPitstopScheduleService.     2448 PCPitstop Scheduling                        
svchost.exe                   5232 PolicyAgent                                 
svchost.exe                   6884 TokenBroker                                 
wmpnetwk.exe                   552 WMPNetworkSvc                               
svchost.exe                    644 TabletInputService                          
svchost.exe                   6480 CDPSvc                                      
GoogleCrashHandler.exe        7052 N/A                                         
GoogleCrashHandler64.exe      4656 N/A                                         
svchost.exe                   2552 LicenseManager                              
svchost.exe                    812 upnphost                                    
svchost.exe                   3684 PcaSvc                                      
svchost.exe                   7332 Appinfo                                     
armsvc.exe                    8052 AdobeARMservice                             
svchost.exe                   8080 BITS                                        
svchost.exe                   3052 UsoSvc                                      
svchost.exe                   4048 DoSvc                                       
svchost.exe                   4744 RmSvc                                       
UpdaterService.exe            7500 Live Updater Service                        
LMS.exe                       8060 LMS                                         
SgrmBroker.exe                1640 SgrmBroker                                  
sqlwriter.exe                 6340 SQLWriter                                   
svchost.exe                   7404 wscsvc                                      
svchost.exe                   7508 Netman                                      
NASvc.exe                     8328 NAUpdate                                    
UNS.exe                       8404 UNS                                         
svchost.exe                   8828 StorSvc                                     
pcmaticrt-setup_3.0.5.0.e     7784 N/A                                         
pcmaticrt-setup_3.0.5.0.t     6504 N/A                                         
PCPitstopRTService.exe        3572 PCPitstop Realtime                          
svchost.exe                   5032 SensorService                               
svchost.exe                   9280 DsSvc                                       
svchost.exe                   6224 BthAvctpSvc                                 
svchost.exe                  14504 wlidsvc                                     
csrss.exe                     2224 N/A                                         
winlogon.exe                  2116 N/A                                         
fontdrvhost.exe              16584 N/A                                         
dwm.exe                       7668 N/A                                         
LogonUI.exe                  12560 N/A                                         
sethc.exe                     4104 N/A                                         
Magnify.exe                  17652 N/A                                         
csrss.exe                     1404 N/A                                         
winlogon.exe                  8872 N/A                                         
fontdrvhost.exe              11036 N/A                                         
dwm.exe                       1236 N/A                                         
svchost.exe                   7528 WinHttpAutoProxySvc                         
svchost.exe                  17340 CDPUserSvc_221b2386                         
svchost.exe                  15864 WpnUserService_221b2386                     
svchost.exe                    500 lmhosts                                     
sihost.exe                     540 N/A                                         
taskhostw.exe                13036 N/A                                         
svchost.exe                  12260 NcdAutoSetup                                
SettingSyncHost.exe          11040 N/A                                         
explorer.exe                  1144 N/A                                         
ctfmon.exe                   15244 N/A                                         
SkypeHost.exe                15836 N/A                                         
svchost.exe                  15868 OneSyncSvc_221b2386,                        
                                   PimIndexMaintenanceSvc_221b2386,            
                                   UnistoreSvc_221b2386, UserDataSvc_221b2386  
RAVCpl64.exe                 13796 N/A                                         
SetPoint.exe                 16808 N/A                                         
igfxtray.exe                  4472 N/A                                         
hkcmd.exe                     2176 N/A                                         
igfxpers.exe                 11260 N/A                                         
Plex Media Server.exe        10484 N/A                                         
E_YATIKDE.EXE                  912 N/A                                         
KHALMNPR.exe                 17804 N/A                                         
CiscoVideoGuardMonitor.ex    11236 N/A                                         
FUFAXRCV.exe                  1560 N/A                                         
FUFAXSTM.exe                 18360 N/A                                         
EEventManager.exe              336 N/A                                         
CCleaner.exe                 17252 N/A                                         
realsched.exe                 7352 N/A                                         
PlexScriptHost.exe           17244 N/A                                         
PCMaticRT.exe                11176 N/A                                         
conhost.exe                   4916 N/A                                         
Plex DLNA Server.exe         13908 N/A                                         
Plex Tuner Service.exe       11912 N/A                                         
conhost.exe                   4568 N/A                                         
WmiPrvSE.exe                 10888 N/A                                         
Microsoft.Photos.exe         18120 N/A                                         
unsecapp.exe                 10504 N/A                                         
RuntimeBroker.exe            15044 N/A                                         
RuntimeBroker.exe             2852 N/A                                         
RuntimeBroker.exe             7236 N/A                                         
ShellExperienceHost.exe       8876 N/A                                         
RuntimeBroker.exe             5280 N/A                                         
SearchUI.exe                  2876 N/A                                         
RuntimeBroker.exe             4032 N/A                                         
ApplicationFrameHost.exe     15416 N/A                                         
SpeechRuntime.exe            13224 N/A                                         
audiodg.exe                   4180 N/A                                         
RemindersServer.exe           1176 N/A                                         
UninstallMonitor.exe          6820 N/A                                         
svchost.exe                  12668 seclogon                                    
chrome.exe                   18372 N/A                                         
chrome.exe                    7848 N/A                                         
chrome.exe                   15500 N/A                                         
chrome.exe                    6096 N/A                                         
chrome.exe                   18396 N/A                                         
chrome.exe                    3268 N/A                                         
chrome.exe                   14164 N/A                                         
chrome.exe                    8868 N/A                                         
chrome.exe                    6880 N/A                                         
chrome.exe                   16840 N/A                                         
chrome.exe                   17600 N/A                                         
chrome.exe                   16328 N/A                                         
chrome.exe                    5244 N/A                                         
chrome.exe                   11704 N/A                                         
chrome.exe                    8760 N/A                                         
chrome.exe                   15948 N/A                                         
chrome.exe                   15544 N/A                                         
chrome.exe                   17380 N/A                                         
chrome.exe                    9884 N/A                                         
chrome.exe                    6668 N/A                                         
chrome.exe                   12636 N/A                                         
chrome.exe                     804 N/A                                         
chrome.exe                   16516 N/A                                         
chrome.exe                   15696 N/A                                         
chrome.exe                   11160 N/A                                         
chrome.exe                    6536 N/A                                         
dllhost.exe                   5200 N/A                                         
dllhost.exe                   7540 N/A                                         
WinStore.App.exe             18080 N/A                                         
RuntimeBroker.exe             8980 N/A                                         
MicrosoftEdge.exe             5756 N/A                                         
browser_broker.exe            9840 N/A                                         
RuntimeBroker.exe            11364 N/A                                         
MicrosoftEdgeCP.exe          12764 N/A                                         
MicrosoftEdgeCP.exe          14060 N/A                                         
MicrosoftEdgeCP.exe           6032 N/A                                         
MicrosoftEdgeCP.exe          17056 N/A                                         
Video.UI.exe                  9612 N/A                                         
SystemSettings.exe            1684 N/A                                         
chrome.exe                   12100 N/A                                         
svchost.exe                   5608 WdiSystemHost                               
Magnify.exe                  14988 N/A                                         
WmiPrvSE.exe                 18180 N/A                                         
smartscreen.exe               3928 N/A                                         
notepad.exe                  15788 N/A                                         
PlexScriptHost.exe           17376 N/A                                         
conhost.exe                  15184 N/A                                         
PlexScriptHost.exe            4228 N/A                                         
conhost.exe                   6036 N/A                                         
svchost.exe                    276 ClipSVC                                     
svchost.exe                  13624 camsvc                                      
svchost.exe                  11980 AppXSvc                                     
backgroundTaskHost.exe        8756 N/A                                         
WmiPrvSE.exe                 12756 N/A                                         
SearchProtocolHost.exe       16448 N/A                                         
SearchFilterHost.exe         16344 N/A                                         
dllhost.exe                  15924 N/A                                         
dllhost.exe                   7612 N/A                                         
cmd.exe                      16436 N/A                                         
conhost.exe                  17548 N/A                                         
tasklist.exe                 17844 N/A                                         

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP