CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\LLL\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\LLL\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\LLL\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
Task: {039ABA00-57DA-4761-A04D-AD01686B7685} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {03D92C6F-D605-4435-8866-4D375A9F8FF0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {0AC784CA-5281-4D60-A7D3-0E9669C7FE30} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {16FF5BC9-CD70-48D1-8F88-918E18BEEC50} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {18864602-9738-4E80-9503-9E9A3E944583} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {20459325-8288-4600-A859-57A729B10639} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {250D979C-45E9-40E4-AEAB-7F134E3BD276} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {252D2683-502D-44D1-A9C9-F90536C1ADBC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2726C61E-B7B1-4E1D-88FB-782F82996DD4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {30024D36-BBFE-4101-B586-B82E067EEC72} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {33107A4C-3CBA-46DE-A7E0-211BB02EDDD4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {381EE865-0C82-4A24-9E60-93F4F840C286} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {3AC81AEB-7990-4A29-BF14-3FC3B7ED8776} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3FEF6227-59FB-46C0-BEB4-A7C7A6299766} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5AB46827-5C13-41E6-9F11-6EF0814AA320} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5FBD738D-5140-4141-A7C1-3A37223B576C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {60C94DED-B2A0-46AD-B398-F1AFDBE4A4E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {63C69C90-6B7E-4530-8183-8B85AC97A8EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {651DA00B-0950-4569-8632-D247100895F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {702A0C1F-41CA-431B-B49C-F83CF1E3745F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BDA1525-460C-4F45-9F41-EEC19FF5FA24} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84A85731-5633-4BFD-83E3-1650DE2E81FC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87E3D799-2FB7-4307-AC09-97EEE34CE335} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9834EEBE-8451-4AE1-9CCD-4D4215CF12E3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9DBB73E5-82E0-4F25-AF06-784B24FF8344} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A78E3C81-1FFE-4852-BF5C-1652CB639065} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B1FD981C-5670-48FE-916D-117FC58B91D9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B399E9B2-F2AA-4879-BAB8-AB9C5EC7528B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C1D14F78-B43D-4F3A-913B-6CBF817BE5AB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C2D08D2C-FD36-4086-917B-7024B25A634D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D8B830AE-55AC-4AC4-8BD3-16CFCAE49EE0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE1100E6-8CEC-447B-8BEE-40E59FA147FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E0F72171-4EF7-456B-81ED-B1B4370003FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)
Task: {EBCBC720-AA13-4BA5-AB45-6AD186849D24} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EE255615-5D5F-4CB4-8F1C-9E664EC08B23} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EE3F7FFB-636E-46BB-9DF8-DA4E92C5813D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F589D600-1761-48B1-8ABC-3FA1743F1DE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik => key not found.
HKU\S-1-5-21-1157495261-2858398881-3313968452-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key not found.
HKU\S-1-5-21-1157495261-2858398881-3313968452-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key not found.
HKU\S-1-5-21-1157495261-2858398881-3313968452-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{039ABA00-57DA-4761-A04D-AD01686B7685} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{039ABA00-57DA-4761-A04D-AD01686B7685} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03D92C6F-D605-4435-8866-4D375A9F8FF0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03D92C6F-D605-4435-8866-4D375A9F8FF0} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AC784CA-5281-4D60-A7D3-0E9669C7FE30} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AC784CA-5281-4D60-A7D3-0E9669C7FE30} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16FF5BC9-CD70-48D1-8F88-918E18BEEC50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16FF5BC9-CD70-48D1-8F88-918E18BEEC50} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18864602-9738-4E80-9503-9E9A3E944583} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18864602-9738-4E80-9503-9E9A3E944583} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20459325-8288-4600-A859-57A729B10639} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20459325-8288-4600-A859-57A729B10639} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{250D979C-45E9-40E4-AEAB-7F134E3BD276} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{250D979C-45E9-40E4-AEAB-7F134E3BD276} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{252D2683-502D-44D1-A9C9-F90536C1ADBC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{252D2683-502D-44D1-A9C9-F90536C1ADBC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2726C61E-B7B1-4E1D-88FB-782F82996DD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2726C61E-B7B1-4E1D-88FB-782F82996DD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30024D36-BBFE-4101-B586-B82E067EEC72} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30024D36-BBFE-4101-B586-B82E067EEC72} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33107A4C-3CBA-46DE-A7E0-211BB02EDDD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33107A4C-3CBA-46DE-A7E0-211BB02EDDD4} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{381EE865-0C82-4A24-9E60-93F4F840C286} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{381EE865-0C82-4A24-9E60-93F4F840C286} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AC81AEB-7990-4A29-BF14-3FC3B7ED8776} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AC81AEB-7990-4A29-BF14-3FC3B7ED8776} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FEF6227-59FB-46C0-BEB4-A7C7A6299766} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FEF6227-59FB-46C0-BEB4-A7C7A6299766} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AB46827-5C13-41E6-9F11-6EF0814AA320} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AB46827-5C13-41E6-9F11-6EF0814AA320} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FBD738D-5140-4141-A7C1-3A37223B576C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FBD738D-5140-4141-A7C1-3A37223B576C} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60C94DED-B2A0-46AD-B398-F1AFDBE4A4E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60C94DED-B2A0-46AD-B398-F1AFDBE4A4E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63C69C90-6B7E-4530-8183-8B85AC97A8EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63C69C90-6B7E-4530-8183-8B85AC97A8EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{651DA00B-0950-4569-8632-D247100895F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{651DA00B-0950-4569-8632-D247100895F7} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{702A0C1F-41CA-431B-B49C-F83CF1E3745F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{702A0C1F-41CA-431B-B49C-F83CF1E3745F} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BDA1525-460C-4F45-9F41-EEC19FF5FA24} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BDA1525-460C-4F45-9F41-EEC19FF5FA24} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84A85731-5633-4BFD-83E3-1650DE2E81FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84A85731-5633-4BFD-83E3-1650DE2E81FC} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87E3D799-2FB7-4307-AC09-97EEE34CE335} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87E3D799-2FB7-4307-AC09-97EEE34CE335} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9834EEBE-8451-4AE1-9CCD-4D4215CF12E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9834EEBE-8451-4AE1-9CCD-4D4215CF12E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DBB73E5-82E0-4F25-AF06-784B24FF8344} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DBB73E5-82E0-4F25-AF06-784B24FF8344} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A78E3C81-1FFE-4852-BF5C-1652CB639065} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A78E3C81-1FFE-4852-BF5C-1652CB639065} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1FD981C-5670-48FE-916D-117FC58B91D9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1FD981C-5670-48FE-916D-117FC58B91D9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B399E9B2-F2AA-4879-BAB8-AB9C5EC7528B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B399E9B2-F2AA-4879-BAB8-AB9C5EC7528B} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1D14F78-B43D-4F3A-913B-6CBF817BE5AB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1D14F78-B43D-4F3A-913B-6CBF817BE5AB} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2D08D2C-FD36-4086-917B-7024B25A634D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2D08D2C-FD36-4086-917B-7024B25A634D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8B830AE-55AC-4AC4-8BD3-16CFCAE49EE0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8B830AE-55AC-4AC4-8BD3-16CFCAE49EE0} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE1100E6-8CEC-447B-8BEE-40E59FA147FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE1100E6-8CEC-447B-8BEE-40E59FA147FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F72171-4EF7-456B-81ED-B1B4370003FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F72171-4EF7-456B-81ED-B1B4370003FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBCBC720-AA13-4BA5-AB45-6AD186849D24} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBCBC720-AA13-4BA5-AB45-6AD186849D24} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE255615-5D5F-4CB4-8F1C-9E664EC08B23} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE255615-5D5F-4CB4-8F1C-9E664EC08B23} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE3F7FFB-636E-46BB-9DF8-DA4E92C5813D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE3F7FFB-636E-46BB-9DF8-DA4E92C5813D} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F589D600-1761-48B1-8ABC-3FA1743F1DE0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F589D600-1761-48B1-8ABC-3FA1743F1DE0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
The system needed a reboot.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by LLL (administrator) on LLL-US (29-06-2017 20:40:32)
Running from C:\Users\LLL\Downloads
Loaded Profiles: LLL (Available Profiles: LLL & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast2017\AvastSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast2017\AvastUI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast2017\x64\aswidsagenta.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-13] (Hewlett-Packard )
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1487552 2017-04-22] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast2017\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2015-09-12] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2015-09-12] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2017-03-01] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2017-03-01] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-29] (COMODO)
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-20] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast2017\ashShA64.dll [2017-05-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast2017\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-10-07]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254
Tcpip\..\Interfaces\{a9019369-dca6-482f-b6bd-e95ee6c8b908}: [DhcpNameServer] 192.168.3.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {815BDD98-12E6-49EC-9F07-0D457FAE7A95} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {815BDD98-12E6-49EC-9F07-0D457FAE7A95} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000 -> {815BDD98-12E6-49EC-9F07-0D457FAE7A95} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-17] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000 -> hxxp://www.google.com/
FireFox:
========
FF DefaultProfile: i2n9o37w.default
FF ProfilePath: C:\Users\LLL\AppData\Roaming\Mozilla\Firefox\Profiles\i2n9o37w.default [2017-06-29]
FF Homepage: Mozilla\Firefox\Profiles\i2n9o37w.default -> hxxps://www.google.com/?gws_rd=ssl
about:home
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-08] [not signed]
FF HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Google Slides) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-29]
CHR Extension: (Google Docs) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-29]
CHR Extension: (Google Drive) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Cookies On-Off) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb [2017-06-29]
CHR Extension: (Google Sheets) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-29]
CHR Extension: (Google Docs Offline) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\LLL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-12-15] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast2017\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast2017\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2017-03-01] (Brother Industries, Ltd.) [File not signed]
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10512032 2017-04-22] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-22] (COMODO)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-11] (WildTangent)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-29] (COMODO)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2015-09-12] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-04] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2017-03-30] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831504 2017-03-30] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50808 2017-03-30] (COMODO)
R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2015-12-06] (EldoS Corporation)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [147304 2016-09-08] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-06-29] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-29 20:31 - 2017-06-29 20:34 - 00025878 _____ C:\Users\LLL\Downloads\Fixlog.txt
2017-06-29 20:31 - 2017-06-29 20:31 - 00000000 ____D C:\Users\LLL\AppData\Local\DBG
2017-06-29 18:12 - 2017-06-29 18:12 - 00063484 _____ C:\Users\LLL\Downloads\Addition.txt
2017-06-29 18:11 - 2017-06-29 20:40 - 00045523 _____ C:\Users\LLL\Downloads\FRST.txt
2017-06-29 18:10 - 2017-06-29 18:10 - 00001020 _____ C:\Users\LLL\Desktop\FRST64.exe - Shortcut.lnk
2017-06-29 18:09 - 2017-06-29 20:40 - 00000000 ____D C:\FRST
2017-06-29 18:08 - 2017-06-29 18:08 - 02440704 _____ (Farbar) C:\Users\LLL\Downloads\FRST64.exe
2017-06-23 17:16 - 2017-06-23 17:16 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-06-21 11:29 - 2017-06-21 11:29 - 01051447 _____ C:\Users\LLL\Downloads\Heidi orig offer 2017.pdf
2017-06-21 11:16 - 2017-06-21 11:16 - 01096337 _____ C:\Users\LLL\Downloads\counter_offer Heidi 2017.pdf
2017-06-15 16:51 - 2017-06-15 16:51 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-15 16:51 - 2017-06-15 16:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-15 16:51 - 2017-06-15 16:51 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-15 16:51 - 2017-06-15 16:51 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-15 16:51 - 2017-06-15 16:51 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-15 16:51 - 2017-06-15 16:51 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-15 16:51 - 2017-06-15 16:51 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-15 16:51 - 2017-06-15 16:51 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-15 16:51 - 2017-06-15 16:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-15 16:51 - 2017-06-15 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-15 16:51 - 2017-06-15 16:51 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-15 16:51 - 2017-06-15 16:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-15 16:51 - 2017-06-15 16:51 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-15 16:47 - 2017-06-15 16:47 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-15 16:47 - 2017-06-15 13:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\Program Files\MSBuild
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-15 16:45 - 2017-06-15 16:45 - 00000000 ____D C:\inetpub
2017-06-15 16:44 - 2017-06-15 16:44 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-15 16:44 - 2017-02-10 14:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-15 16:44 - 2017-02-10 14:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-15 16:44 - 2017-02-10 14:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-15 16:44 - 2017-02-10 14:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-15 16:44 - 2017-02-10 14:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-15 16:44 - 2017-02-10 14:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-15 14:25 - 2017-06-15 14:25 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-15 14:25 - 2014-01-05 07:42 - 01897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2017-06-15 14:25 - 2014-01-05 07:42 - 01703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2017-06-15 14:23 - 2017-06-15 14:23 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-15 14:22 - 2017-06-15 14:22 - 00000020 ___SH C:\Users\LLL\ntuser.ini
2017-06-15 14:21 - 2017-06-15 14:21 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-15 14:19 - 2017-06-15 14:20 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-06-15 14:19 - 2017-06-15 14:20 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-06-15 14:14 - 2017-06-29 20:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-15 14:14 - 2017-06-26 06:28 - 00003222 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLLL
2017-06-15 14:14 - 2017-06-15 14:14 - 00003352 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458737776
2017-06-15 14:14 - 2017-06-15 14:14 - 00002978 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-15 14:14 - 2017-06-15 14:14 - 00002950 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-15 14:14 - 2017-06-15 14:14 - 00002536 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2017-06-15 14:14 - 2017-06-15 14:14 - 00002536 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2017-06-15 14:14 - 2017-06-15 14:14 - 00002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2017-06-15 14:14 - 2017-06-15 14:14 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-15 14:14 - 2017-06-15 14:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-06-15 14:14 - 2017-06-15 14:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-15 14:14 - 2017-06-15 14:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-06-15 14:14 - 2017-06-15 14:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-06-15 14:14 - 2017-06-15 14:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-06-15 14:14 - 2016-12-20 21:10 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2017-06-15 14:14 - 2016-05-04 09:47 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C2AD642-28AB-4843-B98F-95C207EFE7DE}
2017-06-15 14:14 - 2015-02-06 20:46 - 00003270 _____ C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-1157495261-2858398881-3313968452-1000
2017-06-15 14:06 - 2017-06-15 14:06 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-15 14:06 - 2017-06-15 14:06 - 00000000 ____D C:\ProgramData\USOShared
2017-06-15 14:01 - 2017-06-15 14:08 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-15 14:01 - 2017-06-15 14:01 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-06-15 13:59 - 2017-06-28 10:53 - 00000000 ____D C:\Users\LLL
2017-06-15 13:59 - 2017-06-23 17:16 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\LLL\My Documents
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\LLL\Documents\My Videos
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\LLL\Documents\My Pictures
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\LLL\Documents\My Music
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-06-15 13:59 - 2017-06-15 13:59 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-06-15 13:58 - 2017-06-29 17:20 - 01055170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 13:58 - 2017-06-15 13:58 - 00975864 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-15 13:57 - 2017-06-15 14:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-15 13:57 - 2017-06-15 13:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-15 13:57 - 2017-06-15 13:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-15 13:57 - 2017-03-18 15:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-15 13:57 - 2016-11-14 06:15 - 06789056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-15 13:57 - 2016-11-14 06:15 - 03528128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-15 13:57 - 2016-11-14 06:15 - 02558512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-15 13:57 - 2016-11-14 06:15 - 00932728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-06-15 13:57 - 2016-11-14 06:15 - 00384888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-15 13:57 - 2016-11-14 06:15 - 00062328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-15 13:57 - 2016-11-14 04:09 - 07513855 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-15 13:56 - 2017-06-15 13:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-15 13:55 - 2017-06-29 17:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-15 13:55 - 2017-06-16 15:00 - 00484144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 13:35 - 2017-06-15 13:36 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 18:03 - 2017-06-15 14:22 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-02 18:22 - 2017-06-02 18:22 - 00001258 _____ C:\Users\LLL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-06-02 18:22 - 2017-06-02 18:22 - 00000000 ____D C:\Users\LLL\AppData\Local\UNP
2017-05-31 19:17 - 2017-06-15 14:08 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-31 19:17 - 2017-05-31 19:18 - 00000000 ____D C:\Program Files\UNP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-29 20:36 - 2017-03-18 06:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-29 18:23 - 2014-09-06 12:15 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-06-29 18:23 - 2014-07-22 01:27 - 00000000 ____D C:\ProgramData\Temp
2017-06-29 17:49 - 2017-03-18 16:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-29 17:49 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-29 17:49 - 2016-05-05 09:05 - 00000000 ___RD C:\Users\LLL\OneDrive
2017-06-29 17:49 - 2016-05-05 08:23 - 00000000 ____D C:\Users\LLL\AppData\Local\Packages
2017-06-29 17:48 - 2015-07-31 17:03 - 00000000 ____D C:\Users\LLL\AppData\Roaming\Opera Software
2017-06-29 17:48 - 2015-07-31 17:03 - 00000000 ____D C:\Users\LLL\AppData\Local\Opera Software
2017-06-29 17:48 - 2015-07-31 17:03 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-29 17:16 - 2017-05-10 16:31 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLLL.job
2017-06-29 17:16 - 2014-09-06 12:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-29 17:15 - 2016-12-22 14:39 - 00000000 ____D C:\Users\LLL\AppData\Local\SlimWare Utilities Inc
2017-06-29 16:22 - 2014-09-06 12:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-28 11:44 - 2015-07-18 12:10 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-06-26 16:42 - 2015-09-09 09:34 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 16:42 - 2015-09-09 09:34 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-21 18:34 - 2017-03-18 16:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-18 14:40 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 14:59 - 2015-12-26 18:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-16 14:59 - 2015-12-26 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-15 16:59 - 2015-12-26 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-15 16:58 - 2017-03-18 15:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-15 16:57 - 2016-11-13 20:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-15 16:54 - 2017-03-18 16:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-15 16:52 - 2017-03-18 16:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-15 16:52 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-15 16:52 - 2017-03-18 06:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-15 16:45 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-15 16:45 - 2017-03-18 15:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-06-15 16:45 - 2017-03-18 15:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-06-15 16:45 - 2017-03-18 15:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-06-15 16:45 - 2017-03-18 15:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-06-15 16:45 - 2017-03-18 15:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-06-15 16:45 - 2017-03-18 15:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-06-15 16:45 - 2017-03-18 15:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-06-15 16:45 - 2017-03-18 15:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-06-15 16:45 - 2017-03-18 15:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-06-15 16:45 - 2017-03-18 15:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-06-15 16:45 - 2017-03-18 15:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-06-15 16:45 - 2017-03-18 15:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-06-15 16:45 - 2017-03-18 15:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-06-15 16:45 - 2017-03-18 15:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-06-15 16:45 - 2017-03-18 15:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-06-15 16:45 - 2017-03-18 15:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-06-15 16:45 - 2017-03-18 15:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-06-15 16:45 - 2017-03-18 15:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-06-15 16:45 - 2017-03-18 15:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-06-15 16:45 - 2017-03-18 15:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-06-15 16:45 - 2017-03-18 15:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-06-15 16:45 - 2017-03-18 15:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-06-15 16:45 - 2017-03-18 15:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-06-15 14:25 - 2014-07-22 01:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-06-15 14:24 - 2014-07-22 01:24 - 00000000 ____D C:\Program Files\IDT
2017-06-15 14:22 - 2017-03-18 16:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-15 14:22 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 14:20 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-15 14:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-15 14:15 - 2017-03-18 21:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-15 14:15 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-15 14:15 - 2016-05-05 08:04 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-15 14:14 - 2017-03-18 16:03 - 00000000 __RSD C:\WINDOWS\Media
2017-06-15 14:14 - 2017-03-18 16:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-15 14:08 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-15 14:08 - 2016-12-23 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-15 14:08 - 2016-12-22 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-15 14:08 - 2016-12-17 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-06-15 14:08 - 2016-12-17 10:45 - 00000000 ____D C:\Users\LLL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blu-ray Files 2017
2017-06-15 14:08 - 2016-12-17 10:44 - 00000000 ____D C:\Users\LLL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-06-15 14:08 - 2016-10-07 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2017-06-15 14:08 - 2016-09-08 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2017-06-15 14:08 - 2016-05-06 19:47 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2017-06-15 14:08 - 2016-04-07 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2017-06-15 14:08 - 2015-09-12 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-06-15 14:08 - 2015-09-12 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2017-06-15 14:08 - 2015-06-20 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2017-06-15 14:08 - 2015-06-14 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-06-15 14:08 - 2015-02-06 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2017-06-15 14:08 - 2014-10-23 15:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2017-06-15 14:08 - 2014-09-08 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-15 14:08 - 2014-09-06 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-06-15 14:08 - 2014-09-06 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-15 14:08 - 2014-09-06 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-15 14:08 - 2014-07-22 01:37 - 00000000 ____D C:\WINDOWS\en
2017-06-15 14:08 - 2014-07-22 01:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-06-15 14:08 - 2014-07-22 01:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-06-15 14:08 - 2014-07-22 01:26 - 00000000 ____D C:\WINDOWS\system32\nn-NO
2017-06-15 14:08 - 2014-07-22 01:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-06-15 14:08 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-15 14:06 - 2017-03-18 16:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-15 14:06 - 2017-03-18 16:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-15 14:03 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-15 14:03 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-15 14:03 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-15 14:03 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-15 14:03 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-15 14:03 - 2016-11-05 16:33 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-15 14:03 - 2014-09-08 17:09 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2017-06-15 14:03 - 2014-07-22 01:27 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-15 14:02 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-15 14:02 - 2016-02-13 08:03 - 00000000 ____D C:\WINDOWS\ShellNew
2017-06-15 14:01 - 2017-03-18 16:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-15 14:01 - 2017-03-18 16:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-15 14:01 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-15 14:01 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-15 14:01 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-15 14:01 - 2017-01-01 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com
2017-06-15 14:01 - 2016-12-21 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2017-06-15 14:01 - 2016-12-20 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-06-15 14:01 - 2016-04-22 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-15 14:01 - 2014-07-22 01:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-06-15 14:01 - 2014-07-22 01:16 - 00000000 ____D C:\Program Files\Intel
2017-06-15 14:01 - 2014-07-22 01:16 - 00000000 ____D C:\Program Files (x86)\Intel
2017-06-15 14:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-06-15 14:01 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-15 13:57 - 2017-03-18 06:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-14 20:21 - 2015-03-14 11:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 20:18 - 2015-03-14 11:33 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-10 19:54 - 2015-07-31 16:46 - 00000000 ____D C:\SPEED TESTS
2017-06-03 01:32 - 2017-03-18 16:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 01:32 - 2017-03-18 16:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-30 09:46 - 2017-05-25 15:20 - 00000000 ____D C:\n7098 Winnebago Dr fdl
==================== Files in the root of some directories =======
2015-12-04 20:43 - 2015-12-04 20:43 - 6420480 _____ () C:\Program Files (x86)\GUT758E.tmp
2017-01-17 17:50 - 2017-01-18 17:53 - 0000383 _____ () C:\Users\LLL\AppData\Roaming\burnaware.ini
2015-06-20 09:28 - 2015-06-20 09:28 - 0016384 _____ () C:\Users\LLL\AppData\Roaming\CryptoPrevent_Test_Module.exe
2015-02-06 20:54 - 2016-03-23 09:50 - 0000896 _____ () C:\Users\LLL\AppData\Roaming\wklnhst.dat
2014-09-06 12:16 - 2014-09-06 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-09-08 17:04 - 2015-07-31 17:13 - 0003864 _____ () C:\ProgramData\hpzinstall.log
2016-12-22 13:59 - 2016-12-22 14:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-26 06:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by LLL (29-06-2017 20:41:47)
Running from C:\Users\LLL\Downloads
Windows 10 Home Version 1703 (X64) (2017-06-15 19:22:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1157495261-2858398881-3313968452-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1157495261-2858398881-3313968452-503 - Limited - Disabled)
Guest (S-1-5-21-1157495261-2858398881-3313968452-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1157495261-2858398881-3313968452-1002 - Limited - Enabled)
LLL (S-1-5-21-1157495261-2858398881-3313968452-1000 - Administrator - Enabled) => C:\Users\LLL
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (HKLM-x32\...\WTA-d7247ed0-79e8-486a-a8cd-f24ab87af353) (Version: 2.2.0.98 - WildTangent) Hidden
6300 (HKLM-x32\...\{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
6300_Help (HKLM-x32\...\{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (HKLM-x32\...\{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.20.1165, 21.12.2012 - AIMP DevTeam)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-b9b0388b-a1e5-4b56-bc79-cb477f78f8be) (Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WTA-4189bf76-4b15-4c32-a182-9ce30c12d50f) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2740DW series DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
BurnAware Free 9.7 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WTA-87be1e15-16d4-4753-8e24-8389347bf7ed) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Firewall (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-8288828c-d277-4f06-9ff4-622af673811b) (Version: 2.2.0.98 - WildTangent) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3606 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-2f1a150f-1536-497c-bb1d-2b610b4548c6) (Version: 2.2.0.95 - WildTangent) Hidden
Escape the Emerald Star (HKLM-x32\...\WTA-8a3ea62e-e886-4fc7-aad6-ef452267b98e) (Version: 2.2.0.98 - WildTangent) Hidden
Farm Frenzy (HKLM-x32\...\WTA-e4af7e9c-0ccd-47ee-99e4-aaa2e501d8f6) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-4f4f5567-e9ee-49b8-95a4-cb2a6dd9ff88) (Version: 2.2.0.97 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-8949be60-fcc3-4e33-a26f-59599008d32a) (Version: 2.2.0.97 - WildTangent) Hidden
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Final Drive Fury (HKLM-x32\...\WTA-040feab6-d0e7-401a-8948-f60c188059d0) (Version: 2.2.0.95 - WildTangent) Hidden
Golden Trails 2: The Lost Legacy Collector's Edition (HKLM-x32\...\WTA-13fa2eb9-4662-4fc2-9982-3a4bb5cb810f) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-989dc735-3bfb-41a1-85e7-1a408d581627) (Version: 2.2.0.95 - WildTangent) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-95076a5c-ebee-428e-9cea-2e9654343c47) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-e8efa664-6c4a-4467-a936-4468daad8089) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-2e3a30d7-4024-4a9c-95b4-b673f36016b1) (Version: 2.2.0.95 - WildTangent) Hidden
Leawo Blu-ray Player version 1.9.4.0 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.9.4.0 - Leawo Software)
LibreOffice 5.2.1.2 (HKLM-x32\...\{30566BDB-4658-461F-AF23-09CF7E2BC1D1}) (Version: 5.2.1.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor HD (HKLM-x32\...\WTA-b68c27c3-4291-466e-97b4-b59b184316b1) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-d036d062-e0ed-4550-9e72-ae0e45bc50ca) (Version: 2.2.0.95 - WildTangent) Hidden
MakeMKV v1.10.3 (HKLM-x32\...\MakeMKV) (Version: v1.10.3 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM-x32\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-91972cc9-d044-402c-a263-1fa9ed8b3016) (Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Farm Life 2 (HKLM-x32\...\WTA-6dcdd012-8536-4882-898a-b54a90180bcc) (Version: 2.2.0.98 - WildTangent) Hidden
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Penguins! (HKLM-x32\...\WTA-a4bea76c-ba85-49c4-9e6c-725308273a9d) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-88791399-db1e-411c-a6eb-e6284484694a) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-526f24e8-d549-4be8-ae01-3f418efa645c) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-20d0139b-dddf-4dd9-a4a1-a45a1269ad5c) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-9d381120-fdeb-4e80-9273-3f0f9e6569dc) (Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-99f8462e-b095-43b8-b6cf-0d780fb173e6) (Version: 2.2.0.98 - WildTangent) Hidden
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Tales of Lagoona (HKLM-x32\...\WTA-feac2adb-b29f-48aa-94c9-97e642c14417) (Version: 2.2.0.98 - WildTangent) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\WTA-9a81b9ba-92cf-4a2a-ad95-d4e3cd14c704) (Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-8f10d6d7-a934-407a-914d-a9c353e1a3e0) (Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VUDU To Go (HKLM-x32\...\{1AE5ED00-B57F-65DE-E566-118AA3D8E523}) (Version: 2.3.2 - Vudu) Hidden
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.2 - Vudu)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Fisherman (HKLM-x32\...\WTA-1aac4ac8-9e10-479a-9f6a-09ad5f0e450d) (Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-97d837b1-95b7-4ef3-ae9b-41902225b1b9) (Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0637321C-859A-4275-A4BC-3DDBBF81DBE4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-23] (Piriform Ltd)
Task: {07E71381-B7A4-4443-842C-9FCDB36327D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {1B8175DA-30F5-46AE-82D4-AF363DA26D56} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {2D3B06E9-B608-4A9F-8F15-75BEF964B3BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {37F323FD-C9EA-4EB5-BA0A-206755562886} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {42E6BC5E-3E0D-404E-8F08-A88CBD33A8D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {625EFCE0-CF4B-46E1-B357-03309F973F44} - System32\Tasks\avastBCLRestartS-1-5-21-1157495261-2858398881-3313968452-1000 => Chrome.exe
Task: {6B404C62-BB4A-4B52-ADBD-B0A138A6A10C} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {6D632D1F-EDC1-4519-8067-454DE526BCB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-27] (Adobe Systems Incorporated)
Task: {84E55CF8-315F-4B70-A716-900B1A153328} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-22] (COMODO)
Task: {8CBA4DA5-70AF-4485-A79F-8BE7E02782A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {8F3EED67-6CE1-4BF2-BCE9-EA6B16E2E70F} - System32\Tasks\HPCeeScheduleForLLL => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {97EF3A01-AC53-408E-8A08-659589E3BF57} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-19] (AVAST Software)
Task: {9B7966E1-11F4-4D16-ADD9-7C83363735C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {A45B057E-EA96-4226-B8B3-52D5483B5BB7} - System32\Tasks\SafeZone scheduled Autoupdate 1458737776 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A92255D9-0991-4ACB-B2AF-57441ACEA281} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-10-25] (Hewlett-Packard)
Task: {B04CD70B-F132-4EDA-B7E9-5F2472368EE6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast2017\AvEmUpdate.exe [2017-05-04] (AVAST Software)
Task: {C2A7EF1D-F574-42BE-9BFE-34AE27A44E00} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {CE613125-C874-4E5F-B51C-F3C7ED51DA9E} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-22] (COMODO)
Task: {D642DA4C-B346-4E69-848B-95A1F9E90EFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {D9E6AF08-D585-48CB-8840-73F3A9069D8A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {DCEC28FE-7F7D-439F-8092-17F7C044C4E5} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForLLL.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-06-15 13:57 - 2016-11-14 06:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-23 15:46 - 2011-04-11 00:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-09-15 01:03 - 2017-04-22 17:27 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-03-01 10:45 - 2017-03-01 10:45 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-21 13:44 - 2017-06-21 13:44 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 13:44 - 2017-06-21 13:44 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 13:44 - 2017-06-21 13:45 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 13:44 - 2017-06-21 13:44 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-11 10:58 - 2017-04-22 17:28 - 00156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-09-15 01:02 - 2017-04-22 17:27 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-06-26 16:42 - 2017-06-22 22:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 16:42 - 2017-06-22 22:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2014-07-22 01:33 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-05-04 14:05 - 2017-05-04 14:05 - 00170216 _____ () C:\Program Files\AVAST Software\Avast2017\JsonRpcServer.dll
2017-05-04 14:05 - 2017-05-04 14:05 - 00997896 _____ () C:\Program Files\AVAST Software\Avast2017\AvChrome.dll
2017-05-04 14:05 - 2017-05-04 14:05 - 67717632 _____ () C:\Program Files\AVAST Software\Avast2017\libcef.dll
2017-05-04 14:05 - 2017-05-04 14:05 - 00176992 _____ () C:\Program Files\AVAST Software\Avast2017\event_routing_rpc.dll
2017-05-04 14:05 - 2017-05-04 14:05 - 00223224 _____ () C:\Program Files\AVAST Software\Avast2017\tasks_core.dll
2017-05-04 14:05 - 2017-05-04 14:05 - 00291824 _____ () C:\Program Files\AVAST Software\Avast2017\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\install.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BRCOM13A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrFaxTxAppRun64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrJDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Brnsplg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrWi213b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrWiaNCp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpf3l02t.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpzids40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LdaCx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvco1351823.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvco1380853.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lvcod64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LVUIRC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp110.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcr110.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NSSRH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvd3dumx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvwgf2umx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vccorlib110.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2L.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2S.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevManagerCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogiDPPApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lvcodec2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LVUI2RC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NSSearch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvd3dum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvwgf2um.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thdudf.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\COSService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvrs64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lvuvc64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvlddmkm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rsdrvx64.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynchronizationService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\thdudf.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
AlternateDataStreams: C:\ProgramData\Temp:A3E1F4EF [292]
AlternateDataStreams: C:\Users\LLL\Downloads\25001644-1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\25001645-1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\ABC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\AUG12 (1).JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\AUG12 (2).JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\B-daystationsignsMarshal (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\B-daystationsignsRubble.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\B-daystationsignsSkyEverest.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\B-daystationsignsZuma.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\BENCHJULY2010.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\bluraycreator_setup_r91165.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\LLL\Downloads\bluraycreator_setup_r91165.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\DOI (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\DOI.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\DOITickets.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\Food labels - blank - 1 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\Food labels - blank - 1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\Food labels - blank - 2 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\Food labels - blank - 2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\imagine 2017.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\JULY 17 11 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\JULY14 (2).JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\l&z houseFEB 12 (1).JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\LEONARD 60mg agreement.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\Marshallrightandleft.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\NOV 12 (1).JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\preschool teacher.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\Pups.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\Shakeys Pizza.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\subnote2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\XMAS brussels house10.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\LLL\Downloads\zach brussels houseSEPT10 (3).JPG:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\sharepoint.com -> hxxps://shawanoschools.sharepoint.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1157495261-2858398881-3313968452-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP1.jpg
DNS Servers: 192.168.3.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A0123351-CE58-48A0-964C-9690F6BB1826}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{CEC9E5D7-E843-4B3D-9A2C-D18F17936034}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{DFF76DBA-D3CF-492F-828F-BF71EDFEB9BE}] => (Allow) C:\Program Files (x86)\Brother2\Brmfl14d\FAXRX.EXE
FirewallRules: [UDP Query User{FA761B95-1AB2-4479-A09D-2688B86BA033}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Block) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [TCP Query User{79069316-4036-40D2-B961-BEFB30763EE4}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Block) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [{1917A2B6-98A7-4843-85E4-1E353A04320A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1E55F55-5D7F-4E83-893E-B9F9E2A1D65A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{883DC47A-2490-4B88-AF28-92FD4C91FD2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24F3B163-A546-459E-BCAC-943D035BA9BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{098DF41C-6C72-4D9A-8E2C-5E6B11B2DD5E}] => (Allow) LPort=54925
FirewallRules: [{9ACC2306-3559-481A-8817-26AFB2BA8CF7}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14d\FAXRX.EXE
FirewallRules: [{8996785E-B39D-462C-8628-B29860920A80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C614628C-FC07-4C90-9F8F-20C9E76BAEF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C5632783-508B-45BE-B250-D5A28D4DBB3C}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{60B60467-03D6-42D1-9EBA-625EAB73DEF7}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BDD99206-F137-4F74-8290-E4CD6D7B55C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{6B1B15A6-D6F2-4131-A896-CE32CD5B9DF4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{8B7F7885-073C-4E47-A450-8AACB85E3919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{DCEE59AA-E330-421B-A6D2-1A07E6315E9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{E0570A08-8AA0-4CC1-B6AB-5CEE54287305}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{A79A5664-3269-4FC7-B9A2-D0C19A6FE0BB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{14992E34-3AF7-41BB-837A-54C228C33C1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{79A9C215-B5A3-4336-AE66-69CB01CF71C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{CB62D705-2305-47FE-813F-00B13251143B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C84E3BD0-0052-4F2A-900E-391690C1585F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{208788F8-2CA7-4B76-ABBB-9709B048A585}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EAB72F9C-2CAE-4EDD-9E7B-6020D28E842E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{E0E0F849-F46E-4BEC-A1F2-B588391C0096}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{EF793C54-C8BB-4235-A5FA-2525693F0028}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{472FF061-F7F8-48B3-9F2A-873EC203C7FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{79D07F61-C137-42EA-967D-E5F418EF4076}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{F5DB077D-F07D-47F5-AAF3-33A2D9FADB20}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{62F71656-5987-40FE-B834-B4DA0436C981}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{05714FC0-C021-42F4-ABB1-4670C508C38C}] => (Allow) LPort=1900
FirewallRules: [{4303B615-28B6-4D2A-8A6E-30508124C8AB}] => (Allow) LPort=2869
FirewallRules: [{0D26BBDC-3B86-42A1-A771-55542B12ED6C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{63A73965-26F0-475F-A408-16D75CAECA93}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CBA464E0-0793-4DE0-B2B8-341E5932CFA4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{E8D045C2-E292-4EA7-A4B0-3001C89283F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
15-06-2017 14:24:05 Windows Update
23-06-2017 19:46:47 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2017 08:33:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
System errors:
=============
Error: (06/29/2017 08:37:55 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {10DA4F3C-CC99-4190-BE4D-58330754E882}. The error:
"193"
Happened while starting this command:
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding
Error: (06/29/2017 08:37:44 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {10DA4F3C-CC99-4190-BE4D-58330754E882}. The error:
"193"
Happened while starting this command:
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding
Error: (06/29/2017 08:37:33 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {10DA4F3C-CC99-4190-BE4D-58330754E882}. The error:
"193"
Happened while starting this command:
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding
Error: (06/29/2017 08:37:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/29/2017 08:37:21 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {10DA4F3C-CC99-4190-BE4D-58330754E882}. The error:
"193"
Happened while starting this command:
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding
Error: (06/29/2017 08:37:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppXSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/29/2017 08:37:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppXSvc service to connect.
Error: (06/29/2017 08:37:09 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {10DA4F3C-CC99-4190-BE4D-58330754E882}. The error:
"193"
Happened while starting this command:
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding
Error: (06/29/2017 08:37:09 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {10DA4F3C-CC99-4190-BE4D-58330754E882}. The error:
"193"
Happened while starting this command:
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding
Error: (06/29/2017 08:37:09 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {10DA4F3C-CC99-4190-BE4D-58330754E882}. The error:
"193"
Happened while starting this command:
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding
CodeIntegrity:
===================================
Date: 2017-06-29 20:38:19.137
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-29 20:37:13.662
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-29 20:36:59.104
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8131.22 MB
Available physical RAM: 6160.48 MB
Total Virtual: 16323.22 MB
Available Virtual: 14235.62 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:915.5 GB) (Free:758.23 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15.34 GB) (Free:1.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 67CFE104)
Partition: GPT.
==================== End of Addition.txt ============================
Thanks for the REALLY fast response!