Adware + Umleitungen in Chrome / Wiederkehrende Blockade von Windows Defender

achkomm · 10.08.2017, 21:36

Beim PC meines Vaters hat sich etwas eingenistet. Ich würde es gerne näher beschreiben / Titel geben, nur dies ist nicht möglich, daher Auflistung vom Verhalten

Verhalten:
- In Chrome gibt eine Erweiterung die nicht entfernbar ist im Menü, da angeblich über "Unternehmensrichtlinie" installiert. Ist allerdings ein Privat-PC, der nie mit einem Unternehmen verbunden oder eingesetzt ist.
- Beim Download von "Farbar's Recovery Scan Tool" wird Chrome umgeleitet zu "download-web-shield.com" ohne Download (über Firefox wenigstens möglich)
- Windows Defender ist auch via Unternehmensrichtlinie gesperrt. Entsperrrung über Regedit möglich, nach Neustart wieder gesperrt.

- Scans mit AdwCleaner und SpyBot Search und Destroy ausgeführt. AdwCleaner findet auch was, laut Log auch erfolgreich gelöscht, nach Neustart sind die Dateien wieder da und der nächste Scann gibt die gleichen Ergebnis aus.
- Rootkit-Scan von SpyBot hat keine Probleme ausgewiesen.
- Im Log von FRST sind einige Einträge drinnen, wo ich erkenne "es ist was krumm!",
- Aber ich habe den Eindruck, dass wenn nicht alles auf einmal entfernt wird (und zwar mehr als AdwCleaner, SpyBot, Windows Defender macht), dass es nichts bringt (siehe auch AdwCleaner Log).

Löschung AdwCleaner

Code:

ATTFilter

# AdwCleaner 7.0.2.0 - Logfile created on Thu Aug 10 19:15:04 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: OtherSearch


***** [ Folders ] *****

Deleted: C:\Program Files\c4301166122a25c34da96e1ec406d55c


***** [ Files ] *****

Deleted: C:\Windows\SysNative\drivers\LACE_WPF_X64.SYS
Deleted: C:\Windows\SysNative\drivers\Lace_wpf_x64.sys


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\OtherSearch


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [10302 B] - [2017/8/7 18:11:2]
C:/AdwCleaner/AdwCleaner[C1].txt - [2448 B] - [2017/8/7 18:29:41]
C:/AdwCleaner/AdwCleaner[C2].txt - [2207 B] - [2017/8/8 20:25:57]
C:/AdwCleaner/AdwCleaner[S0].txt - [12098 B] - [2017/8/7 18:6:15]
C:/AdwCleaner/AdwCleaner[S1].txt - [2495 B] - [2017/8/7 18:26:36]
C:/AdwCleaner/AdwCleaner[S2].txt - [1963 B] - [2017/8/8 20:24:7]
C:/AdwCleaner/AdwCleaner[S3].txt - [2067 B] - [2017/8/10 19:12:17]


########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########

Nächster Scan nach Neustart

Code:

ATTFilter

# AdwCleaner 7.0.2.0 - Logfile created on Thu Aug 10 19:16:56 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 08-09-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic, C:\Program Files\c4301166122a25c34da96e1ec406d55c


***** [ Files ] *****

PUP.Optional.Legacy, C:\END
PUP.Optional.Legacy, C:\Windows\SysNative\drivers\LACE_WPF_X64.SYS
PUP.Optional.Legacy, C:\Windows\SysNative\drivers\Lace_wpf_x64.sys


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Adware.Amonetize, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Adware.Amonetize, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.OtherSearch, [Key] - HKLM\SOFTWARE\OtherSearch


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [10302 B] - [2017/8/7 18:11:2]
C:/AdwCleaner/AdwCleaner[C1].txt - [2448 B] - [2017/8/7 18:29:41]
C:/AdwCleaner/AdwCleaner[C2].txt - [2207 B] - [2017/8/8 20:25:57]
C:/AdwCleaner/AdwCleaner[C3].txt - [2228 B] - [2017/8/10 19:15:4]
C:/AdwCleaner/AdwCleaner[S0].txt - [12098 B] - [2017/8/7 18:6:15]
C:/AdwCleaner/AdwCleaner[S1].txt - [2495 B] - [2017/8/7 18:26:36]
C:/AdwCleaner/AdwCleaner[S2].txt - [1963 B] - [2017/8/8 20:24:7]
C:/AdwCleaner/AdwCleaner[S3].txt - [2067 B] - [2017/8/10 19:12:17]


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

Code:

ATTFilter

// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","S:\Windows\System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask"
File:"No admin in ACL","S:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask"
File:"Unknown ADS","S:\Users\GG\OneDrive:ms-properties:$DATA"
File:"Unknown ADS","S:\Users\GG\OneDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","S:\Users\GG\OneDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","S:\Users\GG\OneDrive\Pictures\Camera Roll:ms-properties:$DATA"
File:"Unknown ADS","S:\Users\GG\OneDrive\Documents\cc_20151025_135741.reg:ms-properties:$DATA"
File:"Unknown ADS","S:\Users\GG\OneDrive\Documents\duplicate.txt:ms-properties:$DATA"
File:"Unknown ADS","S:\Users\GG\OneDrive\Documents\notes LR.rtf:ms-properties:$DATA"
File:"No admin in ACL","S:\ProgramData\Protexis64\KGyGaAvL.sys"
File:"No admin in ACL","S:\ProgramData\Nero\Nero 10\OnlineServices"
File:"Unknown ADS","S:\ProgramData\CyberLink\PowerDVD14\CLDShowX.ini:Update.CL:$DATA"
File:"Unknown ADS","J:\Utilities\Bulk Rename Utility:Win32App_1:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170718_0471.tiff:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0471-2.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0471-3.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0471-5.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0471.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0472-3.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0472.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0473-3.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0473.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","H:\CameraScans\family\170719_0474.tif:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744CAF070E41400:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\84b9c17023c712640acaf308593282f8:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\91785D291CBB3CC40AB8659C8E48CCC2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\GG\AppData\Local\VirtualStore\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Adobe\Adobe PDF:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\LibreOffice 5:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Thunderbird:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\PDF24:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Photodex Presenter:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\TeamViewer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Photodex\ProShow Gold:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\3D Vision:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\LibreOffice 5\help\de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\EaseUS\Todo Backup:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Canon\Easy-WebPrint EX:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Canon\IJ Scan Utility:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Canon\My Image Garden:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Canon\Quick Menu:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Canon\Speed Dial Utility:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Canon\My Image Garden\AddOn:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Content Viewer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Help:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Sync:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\7-Zip:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Affinity:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\LibreOffice 5:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\PTGui:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\TeraCopy:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Display.NvContainer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{77847ABF-6A26-4402-93AE-EB47DB9DDFAD}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{10769156-9E15-47FD-906E-CFBF70187C89}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{A0DECFF8-DEC8-44AD-904F-B266CAC2260B}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\NVDisplayContainerLS.{D21B21C1-3037-41D5-A0FB-419711922AB5}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\BCA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\Intel\RSSDK\v3:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\Intel\RSSDK\v3\bin\x64:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Canon\MyPrinter:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Adobe\Adobe Photoshop CC 2017:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"

Ich danke im Voraus.
Wenn es nichts zu retten gibt, und Neuinstallation das beste ist, bitte Bescheid geben.

achkomm · 10.08.2017, 21:40

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by GG (administrator) on GG-PCTWO (10-08-2017 21:28:24)
Running from C:\Users\GG\Downloads
Loaded Profiles: GG (Available Profiles: GG)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==== Processes (Whitelisted) =====

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
() C:\Users\GG\AppData\Local\Temp\98-5a966-022-712a1-0b43c7b337665\VMYKNJYZIJ.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

===== Registry (Whitelisted) ====

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-11-10] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EpmNews.exe [2090176 2016-07-19] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe [1246400 2016-07-19] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\Run: [ZWVZGOYXKY.exe] => C:\Users\GG\AppData\Local\Temp\7a-87143-cd6-923b2-487a803427243\ZWVZGOYXKY.exe m_5 L_1 <==== ATTENTION
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\MountPoints2: {38e5de18-5f66-11e7-9e43-e03f49a069cf} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\MountPoints2: {5baf4ffa-f665-11e5-9d8d-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL K:\LIESMICH.htm
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==== Internet (Whitelisted) ====

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{de0a5288-79c2-42ab-bd46-2a77f46fc0eb}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{de0a5288-79c2-42ab-bd46-2a77f46fc0eb}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131465145127659668&GUID=3CCE55A8-B89D-4438-8D89-106DA1A9D67C
SearchScopes: HKU\S-1-5-21-2853533079-476395649-1961076433-1001 -> {1AE15FDF-6AE1-443D-9220-FC3D9A69E437} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H84zltpbl1AU,c7168d88-ee53-4862-8d5a-de78ebd8dd81,
SearchScopes: HKU\S-1-5-21-2853533079-476395649-1961076433-1001 -> {EF6977DC-91E3-4AC5-8C69-44A94C563195} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H84zamobl20544BU,f140aea4-b201-4a1d-b944-259594d47791,
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\GG\AppData\Roaming\Mozilla\Firefox\Profiles\ksqtqnkk.default-1502026602991 [2017-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{5C85840A-F721-4010-B362-F96F33B4B754}] - C:\WINDOWS\Installer\{599D9CF4-E0D8-4B8F-A3D8-6F1274D5C508}\{5C85840A-F721-4010-B362-F96F33B4B754}.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-07-26] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default [2017-08-10]
CHR Extension: (No Name) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (No Name) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (Tampermonkey) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-08-07]
CHR Extension: ( ) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\illokbhgomhfncbblcnkaljkenomldcm [2017-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (No Name) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-16]
CHR HKU\S-1-5-21-2853533079-476395649-1961076433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 OtherSearch; C:\Program Files (x86)\wVxJtjMPpF\kl.dll [1708544 2017-08-09] () [File not signed] <==== ATTENTION
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2017-07-26] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
R2 Windows_Recover; C:\Users\GG\AppData\Local\Temp\98-5a966-022-712a1-0b43c7b337665\VMYKNJYZIJ.exe [110080 2017-08-04] () [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [23032 2016-07-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [19960 2016-07-14] ()
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 Lace514; C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys [71960 2017-08-09] (Driver Lace514)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-08-07] (Malwarebytes)
R1 MpKsld50182d7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{064BC35F-85A1-41EF-9A51-23652AEAAF35}\MpKsld50182d7.sys [44928 2017-08-10] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-10 21:17 - 2017-08-10 21:17 - 000002052 _____ C:\WINDOWS\System32\Tasks\sPMnlSwMYj
2017-08-10 21:16 - 2017-08-10 21:17 - 000000002 _____ C:\END
2017-08-10 21:16 - 2017-08-10 21:17 - 000000000 ____D C:\Program Files (x86)\wVxJtjMPpF
2017-08-10 21:03 - 2017-08-10 21:28 - 000018257 _____ C:\Users\GG\Downloads\FRST.txt
2017-08-10 21:03 - 2017-08-10 21:28 - 000000000 ____D C:\FRST
2017-08-10 21:03 - 2017-08-10 21:04 - 000056540 _____ C:\Users\GG\Downloads\Addition.txt
2017-08-10 21:00 - 2017-08-10 21:01 - 002381824 _____ (Farbar) C:\Users\GG\Downloads\FRST64.exe
2017-08-10 20:44 - 2017-08-10 20:44 - 000000000 ____D C:\Users\GG\Documents\ProcAlyzer Dumps
2017-08-09 10:39 - 2017-08-09 10:39 - 000000000 ____D C:\Users\GG\AppData\Local\UNP
2017-08-09 09:19 - 2017-08-09 09:19 - 000071960 _____ (Driver Lace514) C:\WINDOWS\system32\Drivers\Lace_wpf_x64.sys
2017-08-08 22:30 - 2017-08-08 22:30 - 000002052 _____ C:\WINDOWS\System32\Tasks\mhCP0LG665
2017-08-08 22:29 - 2017-08-08 22:30 - 000000000 ____D C:\Program Files (x86)\wJL0eUrrEW
2017-08-08 22:28 - 2017-08-10 21:15 - 000080384 _____ () C:\ProgramData\Theobald.dll
2017-08-08 22:16 - 2017-08-01 21:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-08 22:16 - 2017-08-01 21:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-08 22:16 - 2017-08-01 21:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-08 22:16 - 2017-08-01 21:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-08 22:16 - 2017-08-01 21:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-08 22:16 - 2017-08-01 21:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-08 22:16 - 2017-08-01 21:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-08 22:16 - 2017-08-01 21:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-08 22:16 - 2017-08-01 21:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-08 22:16 - 2017-08-01 21:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-08 22:16 - 2017-08-01 21:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-08 22:16 - 2017-08-01 21:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-08 22:16 - 2017-08-01 21:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-08 22:16 - 2017-08-01 21:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-08 22:16 - 2017-08-01 21:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-08 22:16 - 2017-08-01 21:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-08 22:16 - 2017-08-01 21:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-08 22:16 - 2017-08-01 21:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-08 22:16 - 2017-08-01 21:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-08 22:16 - 2017-08-01 21:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-08 22:16 - 2017-08-01 21:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-08 22:16 - 2017-08-01 21:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-08 22:16 - 2017-08-01 21:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-08 22:16 - 2017-08-01 21:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-08 22:16 - 2017-08-01 21:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-08 22:16 - 2017-08-01 21:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-08 22:16 - 2017-08-01 21:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-08 22:16 - 2017-08-01 21:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-08 22:16 - 2017-08-01 21:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-08 22:16 - 2017-08-01 21:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-08 22:16 - 2017-08-01 21:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-08 22:16 - 2017-08-01 21:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-08 22:16 - 2017-08-01 21:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-08 22:16 - 2017-08-01 21:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-08 22:16 - 2017-08-01 20:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-08 22:16 - 2017-08-01 20:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-08 22:16 - 2017-08-01 20:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-08 22:16 - 2017-08-01 20:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-08 22:16 - 2017-08-01 20:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-08 22:16 - 2017-08-01 20:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-08 22:16 - 2017-08-01 20:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-08 22:16 - 2017-08-01 20:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-08 22:16 - 2017-08-01 20:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-08 22:16 - 2017-08-01 20:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-08 22:16 - 2017-08-01 20:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-08 22:16 - 2017-08-01 20:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-08 22:16 - 2017-08-01 20:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-08 22:16 - 2017-08-01 20:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-08 22:16 - 2017-08-01 20:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-08 22:16 - 2017-08-01 20:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-08 22:16 - 2017-08-01 20:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-08 22:16 - 2017-08-01 20:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-08 22:16 - 2017-08-01 20:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-08 22:16 - 2017-08-01 20:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-08 22:16 - 2017-08-01 20:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-08 22:16 - 2017-08-01 20:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-08 22:16 - 2017-08-01 20:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-08 22:16 - 2017-08-01 20:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-08 22:16 - 2017-08-01 20:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-08 22:16 - 2017-08-01 20:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-08 22:16 - 2017-08-01 20:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-08 22:16 - 2017-08-01 20:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-08 22:16 - 2017-08-01 20:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-08 22:16 - 2017-08-01 20:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-08 22:16 - 2017-08-01 20:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-08 22:16 - 2017-08-01 20:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-08 22:16 - 2017-08-01 20:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-08 22:16 - 2017-08-01 20:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-08 22:16 - 2017-08-01 20:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-08 22:16 - 2017-08-01 20:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-08 22:16 - 2017-08-01 20:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-08 22:16 - 2017-08-01 20:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-08 22:16 - 2017-08-01 20:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-08 22:16 - 2017-08-01 20:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-08 22:16 - 2017-08-01 20:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-08 22:16 - 2017-08-01 20:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-08 22:16 - 2017-08-01 20:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-08 22:16 - 2017-08-01 20:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-08 22:16 - 2017-08-01 20:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-08 22:16 - 2017-08-01 20:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-08 22:16 - 2017-08-01 20:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-08 22:16 - 2017-08-01 20:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-08 22:16 - 2017-08-01 20:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-08 22:16 - 2017-08-01 20:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-08 22:16 - 2017-08-01 20:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-08 22:16 - 2017-08-01 20:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-08 22:16 - 2017-08-01 20:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-08 22:16 - 2017-08-01 20:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-08 22:16 - 2017-08-01 20:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-08 22:16 - 2017-08-01 20:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-08 22:16 - 2017-08-01 20:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-08 22:16 - 2017-08-01 20:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-08 22:16 - 2017-08-01 20:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-08 22:16 - 2017-08-01 20:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-08 22:16 - 2017-08-01 20:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-08 22:16 - 2017-08-01 20:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-08 22:16 - 2017-08-01 20:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-08 22:16 - 2017-08-01 20:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-08 22:16 - 2017-08-01 20:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-08 22:16 - 2017-08-01 20:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-08 22:16 - 2017-08-01 20:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-08 22:16 - 2017-08-01 20:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-08 22:16 - 2017-08-01 20:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-08 22:16 - 2017-08-01 20:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-08 22:16 - 2017-08-01 20:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-08 22:16 - 2017-08-01 20:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-08 22:16 - 2017-08-01 20:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-08 22:16 - 2017-08-01 20:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-08 22:16 - 2017-08-01 20:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-08 22:16 - 2017-08-01 20:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-08 22:16 - 2017-08-01 20:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-08 22:16 - 2017-08-01 20:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-08 22:16 - 2017-08-01 20:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-08 22:16 - 2017-08-01 19:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-08 22:16 - 2017-08-01 19:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-08 22:16 - 2017-08-01 19:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-08 22:16 - 2017-08-01 19:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-08 22:16 - 2017-08-01 19:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-08 22:16 - 2017-08-01 19:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-08 22:16 - 2017-08-01 19:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-08 22:16 - 2017-08-01 19:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-08 22:16 - 2017-08-01 19:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-08 22:16 - 2017-08-01 19:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-08 22:16 - 2017-08-01 19:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-08 22:16 - 2017-08-01 19:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-08 22:16 - 2017-08-01 19:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-08 22:16 - 2017-08-01 19:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-08 22:16 - 2017-08-01 19:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-08 22:16 - 2017-08-01 19:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-08 22:16 - 2017-08-01 19:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-08 22:16 - 2017-08-01 19:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-08 22:16 - 2017-08-01 19:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-08 22:16 - 2017-08-01 18:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-08 22:16 - 2017-08-01 18:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-08 22:16 - 2017-08-01 18:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-08 22:16 - 2017-08-01 18:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-08 22:16 - 2017-08-01 18:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-08 22:16 - 2017-08-01 18:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-08 22:16 - 2017-08-01 18:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-08 22:16 - 2017-08-01 18:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-08 22:16 - 2017-08-01 18:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-08 22:16 - 2017-08-01 18:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-08 22:16 - 2017-08-01 18:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-08 22:16 - 2017-08-01 18:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-08 22:16 - 2017-08-01 18:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-08 22:16 - 2017-08-01 18:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-08 22:16 - 2017-08-01 18:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-08 22:16 - 2017-08-01 18:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-08 22:16 - 2017-08-01 18:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-08 22:16 - 2017-08-01 18:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-08 22:16 - 2017-08-01 18:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-08 22:16 - 2017-08-01 18:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-08 22:16 - 2017-08-01 18:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-08 22:16 - 2017-08-01 18:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-08 22:16 - 2017-08-01 18:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-08 22:16 - 2017-08-01 18:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-08 22:16 - 2017-08-01 18:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-08 22:16 - 2017-08-01 18:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-08 22:16 - 2017-08-01 18:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-08 22:16 - 2017-08-01 18:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-08 22:16 - 2017-08-01 18:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-08 22:16 - 2017-08-01 18:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-08 22:16 - 2017-08-01 18:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-08 22:16 - 2017-08-01 18:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-08 22:16 - 2017-08-01 18:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-08 22:16 - 2017-08-01 18:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-08 22:16 - 2017-08-01 18:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-08 22:16 - 2017-08-01 18:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-08 22:16 - 2017-08-01 18:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-08 22:16 - 2017-08-01 18:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-08 22:16 - 2017-08-01 18:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-08 22:16 - 2017-08-01 18:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-08 22:16 - 2017-08-01 18:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-08 22:16 - 2017-08-01 18:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-08 22:16 - 2017-08-01 18:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-08 22:16 - 2017-08-01 18:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-08 22:16 - 2017-08-01 18:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-08 22:16 - 2017-08-01 18:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-08 22:16 - 2017-08-01 18:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-08 22:16 - 2017-08-01 18:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-08 22:16 - 2017-08-01 18:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-08 22:16 - 2017-08-01 18:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-08 22:16 - 2017-08-01 18:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-08 22:16 - 2017-08-01 18:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-08 22:16 - 2017-08-01 18:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-08 22:16 - 2017-08-01 18:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-08 22:16 - 2017-08-01 18:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-08 22:16 - 2017-08-01 18:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-08 22:16 - 2017-08-01 18:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-08 22:16 - 2017-08-01 18:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-08 22:16 - 2017-08-01 18:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-08 22:16 - 2017-08-01 18:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-08 22:16 - 2017-08-01 18:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-08 22:16 - 2017-08-01 18:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-08 22:16 - 2017-08-01 18:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-08 22:16 - 2017-08-01 18:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-08 22:16 - 2017-08-01 18:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-08 22:16 - 2017-08-01 18:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-08 22:16 - 2017-08-01 18:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-08 22:16 - 2017-08-01 18:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-08 22:16 - 2017-08-01 18:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-08 22:16 - 2017-08-01 16:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-08 22:16 - 2017-07-12 08:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-08 22:16 - 2017-07-12 08:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-08 22:16 - 2017-07-12 08:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-08 22:16 - 2017-07-12 08:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-08 22:16 - 2017-07-12 08:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-08 22:16 - 2017-07-12 08:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-08 22:16 - 2017-07-12 08:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-08 22:16 - 2017-07-12 08:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-08 22:16 - 2017-07-12 08:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-08 22:16 - 2017-07-12 08:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-08 22:16 - 2017-07-12 08:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-08 22:16 - 2017-07-12 08:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-08 22:16 - 2017-07-12 08:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-08 22:16 - 2017-07-12 08:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-08 22:16 - 2017-07-12 08:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-08 22:16 - 2017-07-12 08:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-08 22:16 - 2017-07-12 08:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-08 22:16 - 2017-07-12 07:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-08 22:16 - 2017-07-12 07:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-08 22:16 - 2017-07-12 07:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-08 22:16 - 2017-07-12 07:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-08 22:16 - 2017-07-12 07:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-08 22:16 - 2017-07-12 07:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-08 22:16 - 2017-07-12 07:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-08 22:16 - 2017-07-12 07:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-08 22:16 - 2017-07-12 07:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-08 22:16 - 2017-07-12 07:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-08 22:16 - 2017-07-12 07:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-08 22:16 - 2017-07-12 07:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-08 22:16 - 2017-07-12 07:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-08 22:16 - 2017-07-12 07:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-08 22:16 - 2017-07-12 07:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-08 22:16 - 2017-07-12 07:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-08 22:16 - 2017-07-12 07:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-08 22:16 - 2017-07-12 07:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-08 22:16 - 2017-07-12 07:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-08 22:16 - 2017-07-12 07:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-08 22:16 - 2017-07-12 07:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-08 22:16 - 2017-07-12 07:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-08 22:16 - 2017-07-12 07:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-08 22:16 - 2017-07-12 07:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-08 22:16 - 2017-07-12 07:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-08 22:16 - 2017-07-12 07:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-08 22:16 - 2017-07-12 07:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-08 22:16 - 2017-07-12 07:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-08 22:16 - 2017-07-12 07:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-08 22:16 - 2017-07-12 07:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-08 22:16 - 2017-07-12 07:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-08 22:16 - 2017-07-12 07:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-08 22:16 - 2017-07-12 07:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-08 22:16 - 2017-07-12 07:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-08 22:16 - 2017-07-12 07:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-08 22:16 - 2017-07-12 07:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-08 22:16 - 2017-07-12 07:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-08 22:16 - 2017-07-12 07:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-08 22:16 - 2017-07-12 07:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-08 22:16 - 2017-07-12 07:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-08 22:16 - 2017-07-12 07:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-08 22:16 - 2017-07-12 07:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-08 22:16 - 2017-07-12 07:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-08 22:16 - 2017-07-12 07:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-08 22:16 - 2017-07-12 07:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-08 22:16 - 2017-07-12 07:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-08 22:16 - 2017-07-12 07:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-08 22:16 - 2017-07-12 07:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-08 22:16 - 2017-07-12 07:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-08 22:16 - 2017-07-12 07:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-08 22:16 - 2017-07-12 07:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-08 22:16 - 2017-07-12 07:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-08 22:16 - 2017-07-12 07:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-08 22:16 - 2017-07-12 07:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-08 22:16 - 2017-07-12 07:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-08 22:16 - 2017-07-12 07:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-08 22:16 - 2017-07-12 07:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-08 22:16 - 2017-07-12 07:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-08 22:16 - 2017-07-12 07:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-08 22:16 - 2017-07-12 07:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-08 22:16 - 2017-07-12 07:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-08 22:16 - 2017-07-12 07:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-08 22:16 - 2017-07-12 07:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-08 22:16 - 2017-07-12 07:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-08 22:16 - 2017-07-12 07:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-08 22:16 - 2017-07-12 07:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-08 22:16 - 2017-07-12 07:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-08 22:16 - 2017-07-12 07:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-08 22:16 - 2017-07-12 07:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-08 22:16 - 2017-07-12 07:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-08 22:16 - 2017-07-12 07:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-08 22:16 - 2017-07-12 07:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-08 22:16 - 2017-07-12 07:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-08 22:16 - 2017-07-12 07:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-08 22:16 - 2017-07-12 07:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-08 22:16 - 2017-07-12 07:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-08 22:16 - 2017-07-12 06:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-08 22:16 - 2017-07-12 06:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-08 22:16 - 2017-07-12 06:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-08 22:16 - 2017-07-12 06:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-08 22:16 - 2017-07-12 06:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-08 22:16 - 2017-07-12 06:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-08 22:16 - 2017-07-12 06:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-08 22:16 - 2017-07-12 04:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-08 22:16 - 2017-03-04 08:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-08 22:16 - 2017-03-04 08:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-08 22:16 - 2017-03-04 08:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-08 22:16 - 2017-03-04 08:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-08 22:16 - 2017-03-04 08:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-08 22:16 - 2017-03-04 08:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-08 22:16 - 2016-09-07 07:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-08 22:16 - 2016-08-02 10:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-08 22:15 - 2017-08-01 20:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-08 22:15 - 2017-08-01 20:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-08 22:15 - 2017-08-01 20:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-08 22:15 - 2017-08-01 20:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-08 22:15 - 2017-07-12 06:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-08 21:54 - 2017-08-08 21:54 - 000001361 _____ C:\Users\GG\Desktop\Google Chrome.lnk
2017-08-08 21:53 - 2017-08-08 21:53 - 046661328 _____ (Microsoft Corporation) C:\Users\GG\Downloads\Windows-KB890830-x64-V5.51.exe
2017-08-08 07:42 - 2017-08-10 21:17 - 000000000 ____D C:\Program Files (x86)\JHbkeurapg
2017-08-08 07:42 - 2017-08-08 07:42 - 000002052 _____ C:\WINDOWS\System32\Tasks\P4HIy6gTTM
2017-08-08 07:42 - 2017-08-08 07:42 - 000000000 ____D C:\Program Files (x86)\yKa66VapWj
2017-08-07 21:58 - 2017-08-07 21:58 - 000001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-08-07 21:58 - 2017-08-07 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-08-07 21:58 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-08-07 21:51 - 2017-08-07 21:51 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-08-07 21:50 - 2017-08-07 21:50 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\GG\Downloads\spybotsd-2.6.46.exe
2017-08-07 20:58 - 2017-08-07 20:35 - 000003641 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170807-205841.backup
2017-08-07 20:36 - 2017-08-07 20:36 - 000000000 ____D C:\Users\GG\AppData\Local\TeamViewer
2017-08-07 20:26 - 2017-08-10 20:34 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-07 20:26 - 2017-08-07 21:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-07 20:04 - 2017-08-07 20:04 - 008187336 _____ (Malwarebytes) C:\Users\GG\Downloads\adwcleaner_7.0.2.0.exe
2017-08-07 20:03 - 2017-08-10 21:16 - 000000000 ____D C:\AdwCleaner
2017-08-07 19:46 - 2017-08-10 20:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-08-07 19:46 - 2017-08-07 19:46 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-08-07 19:46 - 2017-08-07 19:46 - 000000000 ____D C:\Users\GG\AppData\Roaming\TeamViewer
2017-08-07 17:46 - 2017-08-07 17:46 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignec8edacaaf7afdad
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign8891875038f8a32f
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6b11681c4a60edb0
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign69fd61021851fce5
2017-08-07 08:50 - 2017-08-10 21:00 - 000000000 ____D C:\Users\GG\AppData\LocalLow\Mozilla
2017-08-07 08:50 - 2017-08-07 08:50 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-07 08:50 - 2017-08-07 08:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-06 18:50 - 2017-04-21 23:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-08-06 18:50 - 2017-04-21 23:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-08-06 18:50 - 2017-04-21 23:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-08-06 18:50 - 2017-04-21 23:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-08-06 15:36 - 2017-08-06 15:36 - 000000000 ____D C:\Users\GG\Desktop\Alte Firefox-Daten
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignffc8106fe45c14ec
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsigneac3af40a099be1d
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign43c860051ba10bea
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign0d1143b922f1ec0d
2017-08-06 13:42 - 2017-08-07 09:15 - 000176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-06 13:41 - 2017-08-10 21:24 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-06 13:41 - 2017-08-07 20:30 - 000102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-06 13:41 - 2017-08-07 20:30 - 000043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-06 13:41 - 2017-08-07 13:51 - 000091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-06 13:41 - 2017-08-06 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-06 13:41 - 2017-08-06 13:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-06 13:41 - 2017-08-06 13:41 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-06 13:41 - 2016-12-14 12:55 - 000077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-05 18:38 - 2017-08-05 18:38 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-05 18:14 - 2017-08-05 18:14 - 802142785 _____ C:\WINDOWS\MEMORY.DMP
2017-08-05 18:14 - 2017-08-05 18:14 - 000995028 _____ C:\WINDOWS\Minidump\080517-6828-01.dmp
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsigne56e146512804e25
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6b298700b0c3bc0a
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign555c3783d6236ee0
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign2eb65cc641d79d4e
2017-08-04 19:03 - 2017-08-07 20:10 - 000000000 ____D C:\Users\GG\AppData\Roaming\Nico Mak Computing
2017-08-04 19:03 - 2017-08-07 20:10 - 000000000 ____D C:\ProgramData\Nico Mak Computing
2017-08-04 19:03 - 2017-08-04 19:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-08-04 19:03 - 2017-08-04 19:03 - 000000000 ____D C:\Program Files\MSBuild
2017-08-04 19:03 - 2017-08-04 19:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-08-04 19:03 - 2017-08-04 19:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-04 19:03 - 2016-05-25 14:31 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-08-04 19:03 - 2016-05-25 14:31 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-08-04 19:03 - 2016-05-25 14:31 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-08-04 19:03 - 2016-05-25 11:03 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-08-04 19:03 - 2016-05-25 11:03 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-08-04 19:03 - 2016-05-25 11:03 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-08-04 19:02 - 2017-08-04 19:02 - 004810056 _____ (WinZip International LLC ) C:\Users\GG\Downloads\wzmp_8.exe
2017-08-04 18:14 - 2017-08-05 18:14 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-04 17:20 - 2017-08-08 22:25 - 000000008 __RSH C:\Users\GG\ntuser.pol
2017-08-04 17:19 - 2017-08-10 21:17 - 000000000 ____D C:\Program Files (x86)\HspAH1uXPV
2017-08-04 17:19 - 2017-08-04 17:19 - 000002052 _____ C:\WINDOWS\System32\Tasks\wGKWRwkYfr
2017-08-04 17:19 - 2017-08-04 17:19 - 000000000 ____D C:\Program Files\{C17D4600-D32D-4B82-ACF0-26138B5EF776}
2017-08-04 17:18 - 2017-08-04 17:18 - 000000000 ____D C:\Program Files (x86)\{CCD9FEF4-A94B-4B4C-BD54-5F40307904B2}
2017-08-04 16:56 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\4650b11a-21b3-1
2017-08-04 16:56 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\4650b11a-0523-0
2017-08-04 16:55 - 2017-08-04 17:19 - 001847296 _____ C:\Users\GG\AppData\Local\po.db
2017-08-04 16:55 - 2017-08-04 16:55 - 000140800 _____ C:\Users\GG\AppData\Local\installer.dat
2017-08-04 16:54 - 2017-08-07 19:41 - 000003286 _____ C:\WINDOWS\System32\Tasks\83547c80c21b7f10a947b7d5d370d5d8
2017-08-04 16:54 - 2017-08-04 16:55 - 000000000 ____D C:\Users\GG\AppData\Local\AdService
2017-08-04 16:54 - 2017-08-04 16:54 - 000004298 _____ C:\WINDOWS\System32\Tasks\ApplicationCompatibilitySupport
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Users\GG\AppData\Roaming\npm
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Program Files\83547c80c21b7f10a947b7d5d370d5d8
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Program Files (x86)\nodejs
2017-08-04 13:29 - 2017-08-04 13:29 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign1c8170e6b3c2a7f7
2017-08-04 13:27 - 2017-08-04 13:27 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignf0538a766c6f9658
2017-08-04 13:13 - 2017-08-04 13:13 - 000001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6a5926c7ed3bec82
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign25d2bfdc63137eaf
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign0259c4768961027e
2017-08-04 13:07 - 2017-08-04 13:07 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-08-04 13:00 - 2017-08-04 13:00 - 002273168 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\InDesign_Set-Up.exe
2017-08-04 12:58 - 2017-08-04 12:58 - 002282752 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Acrobat_Pro_DC_Set-Up.exe
2017-08-04 12:56 - 2017-08-04 12:57 - 002206096 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Illustrator_Set-Up.exe
2017-08-04 12:55 - 2017-08-04 13:04 - 002205088 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Photoshop_Set-Up.exe
2017-08-04 12:40 - 2017-08-04 12:40 - 000008578 _____ C:\Users\GG\Documents\Untitled 1.odt
2017-08-04 11:00 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\{648b176a-012c-0}
2017-08-04 11:00 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\{54db666c-712c-0}
2017-08-04 11:00 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\{35482245-312c-1}
2017-08-03 17:37 - 2017-08-03 17:37 - 000104512 _____ (BYB5Z8) C:\WINDOWS\system32\Drivers\57f5cdbcab39c45db79c29259dee8f89.sys
2017-08-03 17:37 - 2017-08-03 17:37 - 000051623 _____ C:\WINDOWS\uninstaller.dat
2017-08-02 16:23 - 2017-08-02 16:23 - 000849920 ____H () C:\WINDOWS\system32\BITD55.tmp.VIRUS
2017-08-02 16:23 - 2017-08-02 16:23 - 000849920 ____H () C:\WINDOWS\system32\BIT1BFC.tmp.VIRUS
2017-07-30 09:27 - 2017-08-06 13:57 - 000000000 ____D C:\ProgramData\{939F8DB5-2434-3A1E-3365-243100ED3F8C}
2017-07-30 09:27 - 2017-08-06 13:57 - 000000000 ____D C:\ProgramData\{301511B8-87BE-A613-F4FE-43A46CD7F821}
2017-07-30 09:27 - 2017-08-04 11:00 - 000000000 ____D C:\ProgramData\{7945465c-312c-0}
2017-07-30 09:27 - 2017-08-04 11:00 - 000000000 ____D C:\ProgramData\{624b4d5c-312c-1}
2017-07-30 09:27 - 2017-07-30 09:27 - 000004176 _____ C:\WINDOWS\System32\Tasks\{6FF8E6AA-D853-5101-AD2C-64208150D3CD}
2017-07-30 09:27 - 2017-07-30 09:27 - 000004176 _____ C:\WINDOWS\System32\Tasks\{3944D9F1-8EEF-6E5A-15D9-143B3B89FDBB}
2017-07-30 09:27 - 2017-07-30 09:27 - 000000000 ____D C:\ProgramData\{ADD901B0-1A72-B61B-74D5-FE1618B2B1DA}
2017-07-30 09:27 - 2017-07-30 09:27 - 000000000 ____D C:\ProgramData\{5430E66D-E39B-51C6-6D8B-94EBCFF83765}
2017-07-27 18:21 - 2017-07-27 18:21 - 000000000 ____D C:\Users\GG\AppData\Roaming\Piccure+
2017-07-27 11:54 - 2017-07-27 11:54 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2853533079-476395649-1961076433-1001
2017-07-26 14:06 - 2017-07-26 20:47 - 047537848 _____ (Photodex Corporation) C:\Users\GG\Downloads\psgold_80_3648 (1).exe
2017-07-18 18:10 - 2017-07-19 13:30 - 000000000 ____D C:\Users\GG\Documents\Fax
2017-07-12 15:38 - 2017-07-07 09:49 - 000340824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 15:38 - 2017-07-07 09:20 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2017-07-12 15:38 - 2017-07-07 09:19 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 15:38 - 2017-07-07 09:19 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 15:38 - 2017-07-07 09:18 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 15:38 - 2017-07-07 09:18 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\onex.dll
2017-07-12 15:38 - 2017-07-07 09:17 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 15:38 - 2017-07-07 09:14 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 15:38 - 2017-07-07 09:14 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 15:38 - 2017-07-07 09:13 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 15:38 - 2017-07-07 09:11 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 15:38 - 2017-07-07 09:10 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 15:38 - 2017-07-07 09:09 - 000637952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 15:38 - 2017-07-07 09:09 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 15:38 - 2017-07-07 09:03 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 15:38 - 2017-07-07 09:02 - 001313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 15:38 - 2017-07-07 09:00 - 000476160 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2017-07-12 15:38 - 2017-07-07 08:57 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 15:38 - 2017-07-07 08:55 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 15:38 - 2017-07-07 08:54 - 002027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 15:38 - 2017-07-07 08:52 - 004561408 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 15:38 - 2017-07-07 08:52 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 15:38 - 2017-07-07 08:52 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 15:38 - 2017-06-22 08:17 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-07-12 15:38 - 2017-06-22 08:17 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-07-12 15:38 - 2017-06-21 09:42 - 000601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-12 15:38 - 2017-06-21 09:39 - 002048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 15:38 - 2017-06-21 09:38 - 000790752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 15:38 - 2017-06-21 09:30 - 000869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-07-12 15:38 - 2017-06-21 09:30 - 000196960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-07-12 15:38 - 2017-06-21 09:29 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 15:38 - 2017-06-21 09:28 - 002277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-07-12 15:38 - 2017-06-21 09:28 - 001504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 15:38 - 2017-06-21 09:28 - 000524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-07-12 15:38 - 2017-06-21 09:28 - 000170960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 15:38 - 2017-06-21 09:27 - 001122344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 15:38 - 2017-06-21 09:27 - 000975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-07-12 15:38 - 2017-06-21 09:27 - 000861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 15:38 - 2017-06-21 09:27 - 000549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-07-12 15:38 - 2017-06-21 09:25 - 002168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 15:38 - 2017-06-21 09:24 - 000846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-07-12 15:38 - 2017-06-21 09:24 - 000154432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntmarta.dll
2017-07-12 15:38 - 2017-06-21 09:22 - 000361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2017-07-12 15:38 - 2017-06-21 09:21 - 001557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 15:38 - 2017-06-21 09:21 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 15:38 - 2017-06-21 09:21 - 000374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-07-12 15:38 - 2017-06-21 09:20 - 000962768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 15:38 - 2017-06-21 09:20 - 000312472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2017-07-12 15:38 - 2017-06-21 09:04 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 15:38 - 2017-06-21 09:04 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-07-12 15:38 - 2017-06-21 09:01 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-07-12 15:38 - 2017-06-21 09:00 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-07-12 15:38 - 2017-06-21 09:00 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-07-12 15:38 - 2017-06-21 09:00 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uudf.dll
2017-07-12 15:38 - 2017-06-21 09:00 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-07-12 15:38 - 2017-06-21 08:59 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-07-12 15:38 - 2017-06-21 08:59 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-07-12 15:38 - 2017-06-21 08:59 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-07-12 15:38 - 2017-06-21 08:58 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-07-12 15:38 - 2017-06-21 08:58 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-07-12 15:38 - 2017-06-21 08:58 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-07-12 15:38 - 2017-06-21 08:58 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-07-12 15:38 - 2017-06-21 08:57 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-07-12 15:38 - 2017-06-21 08:57 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 15:38 - 2017-06-21 08:57 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 15:38 - 2017-06-21 08:56 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-07-12 15:38 - 2017-06-21 08:55 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-07-12 15:38 - 2017-06-21 08:55 - 000265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-07-12 15:38 - 2017-06-21 08:55 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-07-12 15:38 - 2017-06-21 08:55 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
2017-07-12 15:38 - 2017-06-21 08:54 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-07-12 15:38 - 2017-06-21 08:54 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 15:38 - 2017-06-21 08:54 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-07-12 15:38 - 2017-06-21 08:53 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-07-12 15:38 - 2017-06-21 08:52 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-07-12 15:38 - 2017-06-21 08:52 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2017-07-12 15:38 - 2017-06-21 08:51 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-07-12 15:38 - 2017-06-21 08:51 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-07-12 15:38 - 2017-06-21 08:51 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 15:38 - 2017-06-21 08:51 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-07-12 15:38 - 2017-06-21 08:50 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 15:38 - 2017-06-21 08:50 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-07-12 15:38 - 2017-06-21 08:50 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-07-12 15:38 - 2017-06-21 08:50 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 15:38 - 2017-06-21 08:49 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-07-12 15:38 - 2017-06-21 08:49 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-07-12 15:38 - 2017-06-21 08:49 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-07-12 15:38 - 2017-06-21 08:48 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-07-12 15:38 - 2017-06-21 08:48 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-07-12 15:38 - 2017-06-21 08:47 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 15:38 - 2017-06-21 08:46 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-07-12 15:38 - 2017-06-21 08:46 - 001137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-07-12 15:38 - 2017-06-21 08:46 - 001077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-07-12 15:38 - 2017-06-21 08:46 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-07-12 15:38 - 2017-06-21 08:45 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-07-12 15:38 - 2017-06-21 08:45 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-07-12 15:38 - 2017-06-21 08:45 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uexfat.dll
2017-07-12 15:38 - 2017-06-21 08:44 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-07-12 15:38 - 2017-06-21 08:44 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 15:38 - 2017-06-21 08:44 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ufat.dll
2017-07-12 15:38 - 2017-06-21 08:44 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-07-12 15:38 - 2017-06-21 08:43 - 001534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-07-12 15:38 - 2017-06-21 08:43 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-07-12 15:38 - 2017-06-21 08:43 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-07-12 15:38 - 2017-06-21 08:43 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cnvfat.dll
2017-07-12 15:38 - 2017-06-21 08:42 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 15:38 - 2017-06-21 08:42 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2017-07-12 15:38 - 2017-06-21 08:42 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFSv1.dll
2017-07-12 15:38 - 2017-06-21 08:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2017-07-12 15:38 - 2017-06-21 08:40 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 15:38 - 2017-06-21 08:40 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-07-12 15:38 - 2017-06-21 08:40 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-07-12 15:38 - 2017-06-21 08:40 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 15:38 - 2017-06-21 08:38 - 003733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 15:38 - 2017-06-21 08:38 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-07-12 15:38 - 2017-06-21 08:38 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-07-12 15:38 - 2017-06-21 08:37 - 006109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 15:38 - 2017-06-21 08:37 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-07-12 15:38 - 2017-06-21 08:37 - 000357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-07-12 15:38 - 2017-06-21 08:37 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-07-12 15:38 - 2017-06-21 08:36 - 001247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-07-12 15:38 - 2017-06-21 08:35 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 15:38 - 2017-06-21 08:35 - 001656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-07-12 15:38 - 2017-06-21 08:35 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 15:38 - 2017-06-21 08:35 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-07-12 15:38 - 2017-06-21 08:35 - 000732160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2017-07-12 15:38 - 2017-06-21 08:35 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-07-12 15:38 - 2017-06-21 08:34 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-07-12 15:38 - 2017-06-21 08:34 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 15:38 - 2017-06-21 08:33 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-07-12 15:38 - 2017-06-21 08:32 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-07-12 15:38 - 2017-06-21 08:30 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2017-07-12 15:38 - 2017-06-21 08:10 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 15:38 - 2017-03-04 08:56 - 000263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-07-12 15:38 - 2017-03-04 08:21 - 001243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-07-12 15:38 - 2017-03-04 08:21 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-07-12 15:38 - 2017-03-04 08:20 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-07-12 15:38 - 2017-03-04 08:20 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-07-12 15:38 - 2017-03-04 08:19 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-07-12 15:38 - 2017-03-04 08:16 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-07-12 15:38 - 2017-03-04 08:02 - 002138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 15:38 - 2016-10-05 11:15 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-07-12 15:38 - 2016-09-15 18:58 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-07-12 15:38 - 2016-09-15 18:47 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2017-07-12 15:35 - 2017-07-06 06:29 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-07-12 15:35 - 2017-06-21 09:52 - 000088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2017-07-12 15:35 - 2017-06-21 09:40 - 000328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-07-12 15:35 - 2017-06-21 09:00 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-07-12 15:35 - 2017-06-21 09:00 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-07-12 15:35 - 2017-06-21 09:00 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-07-12 15:35 - 2017-06-21 09:00 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-07-12 15:35 - 2017-06-21 08:59 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-07-12 15:35 - 2017-06-21 08:59 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-07-12 15:35 - 2017-06-21 08:59 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-07-12 15:35 - 2017-06-21 08:58 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-07-12 15:35 - 2017-06-21 08:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-07-12 15:35 - 2017-06-21 08:56 - 001507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-07-12 15:35 - 2017-06-21 08:55 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 15:35 - 2017-06-21 08:54 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2017-07-12 15:35 - 2017-06-21 08:51 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-07-12 15:35 - 2017-06-21 08:49 - 002104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-07-12 15:35 - 2017-06-21 08:41 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-07-12 15:35 - 2017-06-21 08:38 - 002424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-07-12 15:35 - 2017-06-20 04:42 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-07-12 15:34 - 2017-07-07 09:44 - 000108896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 15:34 - 2017-07-07 09:37 - 000468320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 15:34 - 2017-07-07 09:32 - 000404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 15:34 - 2017-07-07 08:49 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 15:34 - 2017-07-07 08:48 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 15:34 - 2017-07-07 08:47 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 15:34 - 2017-07-07 08:46 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-07-12 15:34 - 2017-07-07 08:44 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 15:34 - 2017-07-07 08:44 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2017-07-12 15:34 - 2017-07-07 08:44 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 15:34 - 2017-07-07 08:44 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 15:34 - 2017-07-07 08:39 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 15:34 - 2017-07-07 08:35 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 15:34 - 2017-07-07 08:33 - 000576000 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2017-07-12 15:34 - 2017-07-07 08:29 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 15:34 - 2017-07-07 08:28 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 15:34 - 2017-07-07 08:24 - 005388800 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 15:34 - 2017-06-21 09:52 - 000774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-12 15:34 - 2017-06-21 09:38 - 001738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 15:34 - 2017-06-21 09:37 - 001157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-12 15:34 - 2017-06-21 09:33 - 000408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2017-07-12 15:34 - 2017-06-21 09:03 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-12 15:34 - 2017-06-21 09:02 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-07-12 15:34 - 2017-06-21 09:01 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-07-12 15:34 - 2017-06-21 09:01 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2017-07-12 15:34 - 2017-06-21 09:01 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2017-07-12 15:34 - 2017-06-21 09:01 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-12 15:34 - 2017-06-21 09:00 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-07-12 15:34 - 2017-06-21 09:00 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-07-12 15:34 - 2017-06-21 09:00 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvisioningHandlers.dll
2017-07-12 15:34 - 2017-06-21 09:00 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2017-07-12 15:34 - 2017-06-21 09:00 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 15:34 - 2017-06-21 08:59 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-07-12 15:34 - 2017-06-21 08:59 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2017-07-12 15:34 - 2017-06-21 08:59 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 15:34 - 2017-06-21 08:59 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-07-12 15:34 - 2017-06-21 08:58 - 000418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-07-12 15:34 - 2017-06-21 08:57 - 000418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-07-12 15:34 - 2017-06-21 08:57 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-07-12 15:34 - 2017-06-21 08:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-07-12 15:34 - 2017-06-21 08:56 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 15:34 - 2017-06-21 08:56 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-07-12 15:34 - 2017-06-21 08:56 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-07-12 15:34 - 2017-06-21 08:55 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-07-12 15:34 - 2017-06-21 08:55 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-07-12 15:34 - 2017-06-21 08:54 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 15:34 - 2017-06-21 08:54 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-07-12 15:34 - 2017-06-21 08:54 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2017-07-12 15:34 - 2017-06-21 08:53 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-07-12 15:34 - 2017-06-21 08:52 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-12 15:34 - 2017-06-21 08:52 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-07-12 15:34 - 2017-06-21 08:49 - 001913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-07-12 15:34 - 2017-06-21 08:49 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-07-12 15:34 - 2017-06-21 08:49 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-07-12 15:34 - 2017-06-21 08:49 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-07-12 15:34 - 2017-06-21 08:49 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-07-12 15:34 - 2017-06-21 08:47 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 15:34 - 2017-06-21 08:46 - 000627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-07-12 15:34 - 2017-06-21 08:43 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-07-12 15:34 - 2017-06-21 08:42 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-07-12 15:34 - 2017-06-21 08:42 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-07-12 15:34 - 2017-06-21 08:41 - 001359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-12 15:34 - 2017-06-21 08:41 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-12 15:34 - 2017-06-21 08:40 - 001891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-07-12 15:34 - 2017-06-21 08:40 - 000611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-07-12 15:34 - 2017-06-21 08:39 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-07-12 15:34 - 2017-06-21 08:39 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 15:34 - 2017-06-21 08:39 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 15:34 - 2017-06-21 08:39 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 15:34 - 2017-06-21 08:36 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 15:34 - 2017-06-21 08:36 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2017-07-12 15:34 - 2017-06-21 08:35 - 001369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-07-12 15:34 - 2017-06-21 08:34 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-07-12 15:34 - 2017-06-21 08:33 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-07-12 15:34 - 2017-06-21 08:33 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2017-07-12 15:34 - 2017-03-04 08:27 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 15:34 - 2017-03-04 08:26 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-07-12 15:34 - 2017-03-04 08:23 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-07-12 15:34 - 2017-03-04 08:23 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-07-12 15:34 - 2017-03-04 08:17 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-12 15:34 - 2017-03-04 08:14 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 15:34 - 2016-10-05 11:32 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-07-12 15:33 - 2017-07-07 08:48 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2017-07-12 15:33 - 2017-07-07 08:46 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-07-12 15:33 - 2017-07-07 08:45 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 15:33 - 2017-07-07 08:44 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 15:33 - 2017-07-07 08:43 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 15:33 - 2017-07-07 08:43 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 15:33 - 2017-07-07 08:42 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 15:33 - 2017-07-07 08:36 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 15:33 - 2017-07-07 08:28 - 002096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 15:33 - 2017-07-07 08:28 - 000759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 15:33 - 2017-07-07 08:25 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 15:33 - 2017-07-07 08:24 - 002217472 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 15:33 - 2017-07-07 08:24 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 15:33 - 2017-06-21 09:54 - 000603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-07-12 15:33 - 2017-06-21 09:53 - 000794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-07-12 15:33 - 2017-06-21 09:51 - 000434528 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-07-12 15:33 - 2017-06-21 09:50 - 000126304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2017-07-12 15:33 - 2017-06-21 09:48 - 002681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 15:33 - 2017-06-21 09:40 - 001069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 15:33 - 2017-06-21 09:40 - 000224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-07-12 15:33 - 2017-06-21 09:38 - 007220192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 15:33 - 2017-06-21 09:37 - 001369240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 15:33 - 2017-06-21 09:35 - 002915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-12 15:33 - 2017-06-21 09:35 - 001267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-07-12 15:33 - 2017-06-21 09:31 - 001277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 15:33 - 2017-06-21 09:31 - 000160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 15:33 - 2017-06-21 09:04 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 15:33 - 2017-06-21 09:03 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
2017-07-12 15:33 - 2017-06-21 09:02 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-12 15:33 - 2017-06-21 09:01 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-07-12 15:33 - 2017-06-21 09:00 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-07-12 15:33 - 2017-06-21 08:59 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-07-12 15:33 - 2017-06-21 08:59 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2017-07-12 15:33 - 2017-06-21 08:58 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 15:33 - 2017-06-21 08:58 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-07-12 15:33 - 2017-06-21 08:58 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-07-12 15:33 - 2017-06-21 08:57 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-07-12 15:33 - 2017-06-21 08:57 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2017-07-12 15:33 - 2017-06-21 08:57 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-07-12 15:33 - 2017-06-21 08:57 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-07-12 15:33 - 2017-06-21 08:56 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-07-12 15:33 - 2017-06-21 08:56 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-07-12 15:33 - 2017-06-21 08:56 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-07-12 15:33 - 2017-06-21 08:55 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 15:33 - 2017-06-21 08:54 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-07-12 15:33 - 2017-06-21 08:54 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-07-12 15:33 - 2017-06-21 08:54 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 15:33 - 2017-06-21 08:54 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-07-12 15:33 - 2017-06-21 08:54 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-07-12 15:33 - 2017-06-21 08:53 - 000437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-07-12 15:33 - 2017-06-21 08:53 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 15:33 - 2017-06-21 08:52 - 017198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 15:33 - 2017-06-21 08:52 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2017-07-12 15:33 - 2017-06-21 08:49 - 003778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 15:33 - 2017-06-21 08:49 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2017-07-12 15:33 - 2017-06-21 08:48 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
2017-07-12 15:33 - 2017-06-21 08:47 - 007655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 15:33 - 2017-06-21 08:47 - 001105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-07-12 15:33 - 2017-06-21 08:47 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
2017-07-12 15:33 - 2017-06-21 08:46 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFSv1.dll
2017-07-12 15:33 - 2017-06-21 08:46 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2017-07-12 15:33 - 2017-06-21 08:43 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-07-12 15:33 - 2017-06-21 08:43 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-07-12 15:33 - 2017-06-21 08:42 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-07-12 15:33 - 2017-06-21 08:42 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-07-12 15:33 - 2017-06-21 08:42 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-07-12 15:33 - 2017-06-21 08:41 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-12 15:33 - 2017-06-21 08:40 - 004474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 15:33 - 2017-06-21 08:40 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-07-12 15:33 - 2017-06-21 08:40 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 15:33 - 2017-06-21 08:40 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-07-12 15:33 - 2017-06-21 08:38 - 005611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 15:33 - 2017-06-21 08:38 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 15:33 - 2017-06-21 08:38 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-07-12 15:33 - 2017-06-21 08:36 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-07-12 15:33 - 2017-03-04 08:28 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-07-12 15:33 - 2017-03-04 08:15 - 001078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-07-12 15:33 - 2016-10-15 05:45 - 001790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-07-12 15:32 - 2017-07-07 08:28 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 15:32 - 2017-06-21 09:47 - 000764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 15:32 - 2017-06-21 09:36 - 000129888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2017-07-12 15:32 - 2017-06-21 08:57 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2017-07-12 15:32 - 2017-06-21 08:56 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-07-12 15:32 - 2017-06-21 08:53 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-07-12 15:32 - 2017-06-21 08:52 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-07-12 15:32 - 2017-06-21 08:52 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 15:32 - 2017-06-21 08:51 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-12 15:32 - 2017-06-21 08:50 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2017-07-12 15:32 - 2017-06-21 08:47 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-07-12 15:32 - 2017-06-21 08:41 - 001021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2017-07-11 08:54 - 2017-08-10 20:24 - 000000000 ___HD C:\$WINDOWS.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-10 21:21 - 2016-03-30 12:57 - 002195058 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-10 21:16 - 2016-04-24 15:27 - 000000000 ___RD C:\Users\GG\Creative Cloud Files
2017-08-10 21:16 - 2016-03-30 13:42 - 000000000 ____D C:\Users\GG\AppData\Local\Adobe
2017-08-10 21:15 - 2016-11-25 04:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-10 21:15 - 2016-11-25 04:42 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-10 21:15 - 2016-07-16 08:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2017-08-10 20:26 - 2016-11-25 13:41 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-10 20:01 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\rescache
2017-08-10 19:49 - 2016-07-16 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-09 22:41 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-09 22:41 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-09 22:39 - 2016-11-25 04:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 22:39 - 2016-03-30 13:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-09 22:38 - 2016-11-25 04:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-08 23:22 - 2016-11-25 04:43 - 000000000 ____D C:\Users\GG
2017-08-08 22:31 - 2016-07-16 13:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-08 22:28 - 2016-11-25 04:41 - 004882496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-08 22:28 - 2016-02-13 15:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-08 22:27 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-08 22:25 - 2016-08-15 17:06 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-08-08 22:20 - 2016-07-16 13:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-08 22:06 - 2016-03-30 13:05 - 000000000 ____D C:\Users\GG\AppData\Local\Packages
2017-08-08 21:53 - 2016-03-30 15:51 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 07:43 - 2017-03-19 19:32 - 000000000 ____D C:\WINDOWS\pss
2017-08-07 22:30 - 2016-04-23 15:12 - 000000000 ____D C:\Program Files (x86)\Belarc
2017-08-07 20:26 - 2016-11-25 04:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-08-07 14:04 - 2016-03-30 17:19 - 000000000 ____D C:\LR_Catalog
2017-08-07 08:50 - 2016-03-30 13:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-06 19:55 - 2017-04-10 21:11 - 000000000 ____D C:\Users\GG\AppData\Local\CrashDumps
2017-08-06 19:47 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-06 13:58 - 2016-04-20 15:17 - 000000000 ____D C:\ProgramData\d281325b
2017-08-04 16:54 - 2016-11-25 04:45 - 000003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-04 16:54 - 2016-11-25 04:45 - 000003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-04 13:33 - 2016-03-30 13:05 - 000000000 ____D C:\Users\GG\AppData\Roaming\Adobe
2017-08-04 13:13 - 2016-05-16 14:02 - 000000000 ____D C:\Users\GG\Documents\Adobe
2017-08-04 13:13 - 2016-03-30 15:51 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-04 13:13 - 2016-03-30 13:43 - 000000000 ____D C:\ProgramData\Adobe
2017-08-04 13:11 - 2016-07-17 13:30 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-04 13:09 - 2016-03-30 15:51 - 000000000 ____D C:\Program Files\Adobe
2017-08-04 13:08 - 2016-03-30 13:43 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-04 13:07 - 2016-03-30 13:52 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-31 17:14 - 2016-07-16 13:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 17:14 - 2016-07-16 13:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-30 09:27 - 2017-07-09 22:14 - 000000000 ____D C:\ProgramData\37934827-6357-1
2017-07-30 09:27 - 2017-07-09 22:14 - 000000000 ____D C:\ProgramData\37934827-2327-0
2017-07-30 09:27 - 2017-06-06 18:32 - 000000000 ____D C:\ProgramData\{5dcc461f-112c-1}
2017-07-30 09:27 - 2017-06-06 18:32 - 000000000 ____D C:\ProgramData\{4add5ae6-012c-0}
2017-07-27 11:54 - 2016-03-30 13:07 - 000002400 _____ C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 11:54 - 2016-03-30 13:07 - 000000000 ___RD C:\Users\GG\OneDrive
2017-07-19 18:40 - 2016-10-28 19:45 - 000000000 ___RD C:\Users\GG\Documents\Scanned Documents
2017-07-12 16:36 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 15:45 - 2016-03-30 15:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 19:11 - 2016-07-16 13:43 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll

==================== Files in the root of some directories =======

2017-08-04 16:55 - 2017-08-04 16:55 - 000140800 _____ () C:\Users\GG\AppData\Local\installer.dat
2017-08-04 16:55 - 2017-08-04 17:19 - 001847296 _____ () C:\Users\GG\AppData\Local\po.db
2016-11-25 04:42 - 2016-11-25 04:42 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-08-08 22:28 - 2017-08-10 21:15 - 000080384 _____ () C:\ProgramData\Theobald.dll

Files to move or delete:
====================
C:\ProgramData\Theobald.dll
C:\Program Files (x86)\Google\Chrome\Application\wtsapi32.dll


Some files in TEMP:
====================
2017-07-31 17:40 - 2017-07-31 17:40 - 000580896 _____ (IT Genius) C:\Users\GG\AppData\Local\Temp\osJmZgxt-prog.exe
2017-07-31 17:40 - 2017-07-31 17:40 - 000141384 _____ () C:\Users\GG\AppData\Local\Temp\osJmZgxt-upd.exe
2017-08-04 16:57 - 2017-08-04 16:57 - 000053248 _____ (hxxp://www.beyondlogic.org) C:\Users\GG\AppData\Local\Temp\Process.exe
2017-08-04 16:54 - 2017-08-04 16:54 - 000701952 _____ (SQLite Development Team) C:\Users\GG\AppData\Local\Temp\sqlite3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-04 11:12

=== End of FRST.txt ====

--- --- ---

achkomm · 10.08.2017, 21:40

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by GG (10-08-2017 21:28:47)
Running from C:\Users\GG\Downloads
Windows 10 Home Version 1607 (X64) (2016-11-25 02:46:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2853533079-476395649-1961076433-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2853533079-476395649-1961076433-503 - Limited - Disabled)
GG (S-1-5-21-2853533079-476395649-1961076433-1001 - Administrator - Enabled) => C:\Users\GG
Guest (S-1-5-21-2853533079-476395649-1961076433-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2853533079-476395649-1961076433-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20093 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Affinity Photo (HKLM\...\{79AC0024-AED9-464B-9655-26316A44E6A6}) (Version: 1.5.2.69 - Serif (Europe) Ltd)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
EaseUS Partition Master 11.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
LibreOffice 5.1 Help Pack (German) (HKLM-x32\...\{AA038A6D-9F0A-4793-90B7-39E5F4D4CE94}) (Version: 5.1.1.3 - The Document Foundation)
LibreOffice 5.1.1.3 (HKLM\...\{407B69E0-F7D7-45E2-AC19-96134B0294A2}) (Version: 5.1.1.3 - The Document Foundation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version:  - Photodex Corporation)
PTGui Pro Trial 10.0.16 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2853533079-476395649-1961076433-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F84598392DFD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2853533079-476395649-1961076433-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0325B509-3FAB-45EA-9383-4086B25A673F} - System32\Tasks\AdobeAAMUpdater-1.0-GG-PCTWO-GG => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {0CB248E5-05A1-48D5-8728-AD2008EB31FC} - System32\Tasks\sPMnlSwMYj => C:\Program Files (x86)\Hi9pmMqf2p\updengine.exe
Task: {0F0EB497-BDCC-4115-8179-ADE1B2262017} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-KG096UT-GG => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {0F6AF9B7-B4AB-43B4-A7DF-9DA5291B74AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation)
Task: {105523A4-C7D8-468D-8368-CA71DDC59922} - System32\Tasks\wGKWRwkYfr => C:\Program Files (x86)\HspAH1uXPV\updengine.exe [2017-08-04] ()
Task: {1388A692-C347-4697-BAB2-328A9367520F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation)
Task: {1F34D566-508C-4CE7-9300-07D90B80A545} - System32\Tasks\{0F0D1874-2E79-5C9A-2648-933740382A64} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\d281325b\d600163a.dll" <==== ATTENTION
Task: {28E47642-F435-4B62-937D-988FDD2BB2EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {42584CB9-FB6A-4650-8C6F-700BF4AF88D6} - System32\Tasks\mhCP0LG665 => C:\Program Files (x86)\rtP8yE38Gn\updengine.exe
Task: {5D772E1E-5085-47A0-8BD4-9332FD622FC3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6214DAD8-7A4F-43B6-B0D4-52855D04F0B4} - System32\Tasks\{3944D9F1-8EEF-6E5A-15D9-143B3B89FDBB} => C:\ProgramData\{939F8DB5-2434-3A1E-3365-243100ED3F8C}\485C66CD-FFF7-D166-EA5F-68A1DEC0841C.exe <==== ATTENTION
Task: {6D767EC6-CE7F-4C95-BA31-43AF8EA40557} - System32\Tasks\P4HIy6gTTM => C:\Program Files (x86)\JHbkeurapg\updengine.exe [2017-08-07] ()
Task: {6EC57399-FF8F-42F9-909E-7D8ACB7A2EBB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {83DB7348-F746-4A13-95A8-B203DD10C4D6} - System32\Tasks\{6FF8E6AA-D853-5101-AD2C-64208150D3CD} => C:\ProgramData\{301511B8-87BE-A613-F4FE-43A46CD7F821}\A005E98E-17AE-5E25-A879-2566F3D8FFCB.exe <==== ATTENTION
Task: {84717932-B793-44CB-8E75-05E6F0D09471} - System32\Tasks\83547c80c21b7f10a947b7d5d370d5d8 => sc start 83547c80c21b7f10a947b7d5d370d5d8 <==== ATTENTION
Task: {8A2FE4AC-4C39-47B1-A2DB-7223587CA090} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {8A424501-12C7-48B5-A611-DDE518E9FB1B} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\GG\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {9922FDC5-1C36-4F6D-AEED-5948153802C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation)
Task: {ACEDDE31-C5A7-4F8F-A20D-0C3B094101F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation)
Task: {B774F6C4-886B-459A-A400-1998C245CA2B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {C99998D9-5347-4FC7-8CD3-EBD72B3D2221} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {F68BFFA6-3E5D-438A-83B0-94A2EEE56C93} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Aktualisiere Anti-Beacon-Immunisierung => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe
Task: {FBD29F96-88B6-4E49-B0F5-F0B18DC9CC3A} - System32\Tasks\ApplicationCompatibilitySupport => C:\Program Files (x86)\nodejs\node.exe [2017-05-02] (Node.js)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 15:33 - 2017-06-21 09:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-25 04:42 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-07-31 11:47 - 2017-07-26 21:27 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2017-08-04 17:18 - 2017-08-04 17:18 - 000110080 _____ () C:\Users\GG\AppData\Local\Temp\98-5a966-022-712a1-0b43c7b337665\VMYKNJYZIJ.exe
2017-08-08 22:28 - 2017-08-10 21:15 - 000080384 _____ () C:\ProgramData\Theobald.dll
2016-11-25 04:42 - 2016-12-29 14:44 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-18 00:50 - 2017-07-18 00:50 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2016-11-25 13:39 - 2016-11-25 13:39 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-19 14:45 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-19 14:45 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-19 14:45 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-19 14:45 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-08 22:16 - 2017-08-01 20:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-08 22:16 - 2017-08-01 20:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-22 17:37 - 2016-06-03 12:15 - 000278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2017-07-18 00:50 - 2017-07-18 00:50 - 034757200 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2016-08-24 16:12 - 2012-01-20 14:55 - 000678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2017-07-18 18:16 - 2017-07-18 18:16 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-18 18:16 - 2017-07-18 18:16 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-18 18:16 - 2017-07-18 18:16 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-18 18:16 - 2017-07-18 18:16 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2016-11-25 04:42 - 2017-08-10 21:15 - 000028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-11-25 04:42 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 001296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000173760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000056512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000128192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000085184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000114880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000220864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000021184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2017-08-07 21:58 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-07 21:58 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-08-07 21:58 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-22 17:37 - 2015-12-10 06:04 - 000224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2017-07-13 09:50 - 2017-07-13 09:50 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-22 18:55 - 2017-06-22 18:55 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-07-13 10:12 - 2017-07-13 10:12 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-07-13 10:07 - 2017-07-13 10:07 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-08-09 09:19 - 2017-08-09 09:19 - 001708544 _____ () C:\Program Files (x86)\wVxJtjMPpF\kl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> 1001 Namen
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com*-*Diese Website steht zum Verkauf!*-*Informationen zum Thema Sexlinks.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> Dangers related to Porn sites | Porn related viruses
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123Movies Best Movies
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> WebMD - Better information. Better health.

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1001namen.com -> 1001 Namen
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\100sexlinks.com -> 100sexlinks.com*-*Diese Website steht zum Verkauf!*-*Informationen zum Thema Sexlinks.
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123fporn.info -> Dangers related to Porn sites | Porn related viruses
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123moviedownload.com -> 123Movies Best Movies
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123simsen.com -> WebMD - Better information. Better health.

There are 7936 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-08-08 22:25 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2853533079-476395649-1961076433-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\StartupApproved\Run: => "ZWVZGOYXKY.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7CC31B56-B0B5-43EF-8C17-57A2117062E2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{4D38C258-E43B-43FD-B64F-07D78E03789D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [TCP Query User{FD0C7F03-4A48-4C14-9E17-591463B4145E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{877CE723-625E-4EE1-9320-1E8E41F66EF1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

06-03-2017 15:23:51 Windows Update
06-08-2017 14:24:27 060817
06-08-2017 19:00:05 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanLibrary.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/10/2017 08:24:13 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanHelper.exe".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanHelper.exe" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (08/10/2017 09:15:37 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/10/2017 09:15:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel Security True Key service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdobeUpdateService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Recover service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel Security True Key Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1147495273 milliseconds: Restart the service.

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (08/10/2017 09:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-08-07 20:53:39.461
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-07 20:53:39.459
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-07 20:47:28.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-07 20:47:28.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-07 20:41:33.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-07 20:41:33.642
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-07 20:39:59.315
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 17:53:36.347
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 17:53:36.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 17:53:36.344
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 15%
Total physical RAM: 16319.17 MB
Available physical RAM: 13716.91 MB
Total Virtual: 18751.17 MB
Available Virtual: 16166.57 MB

==================== Drives ================================

Drive c: (Win_10) (Fixed) (Total:95.55 GB) (Free:17.02 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:482.2 GB) NTFS
Drive h: (Working) (Fixed) (Total:620.12 GB) (Free:302.25 GB) NTFS
Drive i: (Photo) (Fixed) (Total:621.4 GB) (Free:255.72 GB) NTFS
Drive j: (Personal) (Fixed) (Total:621.5 GB) (Free:288.61 GB) NTFS
Drive s: (Win_8.1) (Fixed) (Total:125.96 GB) (Free:52.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C47C77E2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=126 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=95.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 26DEC96F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 360532BB)
Partition 1: (Not Active) - (Size=620.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=621.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=621.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

--- --- ---

M-K-D-B · 19.08.2017, 16:16

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Gibt es einen Grund, warum du die Beta 7.020 von AdwCleaner nutzt?

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

achkomm · 20.08.2017, 22:39

Hallo Matthias,

Danke schon mal. Ich muss die Antwort leider aufteilen:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by GG (administrator) on GG-PCTWO (20-08-2017 20:44:06)
Running from C:\Users\GG\Desktop
Loaded Profiles: GG (Available Profiles: GG)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-11-10] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EpmNews.exe [2090176 2016-07-19] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe [1246400 2016-07-19] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{de0a5288-79c2-42ab-bd46-2a77f46fc0eb}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{de0a5288-79c2-42ab-bd46-2a77f46fc0eb}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131465145127659668&GUID=3CCE55A8-B89D-4438-8D89-106DA1A9D67C
SearchScopes: HKU\S-1-5-21-2853533079-476395649-1961076433-1001 -> {1AE15FDF-6AE1-443D-9220-FC3D9A69E437} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H84zltpbl1AU,c7168d88-ee53-4862-8d5a-de78ebd8dd81,
SearchScopes: HKU\S-1-5-21-2853533079-476395649-1961076433-1001 -> {EF6977DC-91E3-4AC5-8C69-44A94C563195} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H84zamobl20544BU,f140aea4-b201-4a1d-b944-259594d47791,
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{5395B3D5-7090-4E62-883A-139F3241FCE5}\{F4A1A2F2-91CC-4891-860B-4B06B9B96355}.bin [2017-08-17] ( )
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{E28EF6B8-FBF6-40A7-A8C5-744D7796EDBC}\{949B04A8-2062-4BCB-A491-EE01E8D89218}.bin [2017-08-17] ( )
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\GG\AppData\Roaming\Mozilla\Firefox\Profiles\ksqtqnkk.default-1502026602991 [2017-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{5C85840A-F721-4010-B362-F96F33B4B754}] - C:\WINDOWS\Installer\{599D9CF4-E0D8-4B8F-A3D8-6F1274D5C508}\{5C85840A-F721-4010-B362-F96F33B4B754}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{0F698605-A333-48C2-9F2E-A57EF2E1BEF4}] - C:\WINDOWS\Installer\{BB51EB53-4BA3-41FA-A4ED-0271C9AE6A4F}\{0F698605-A333-48C2-9F2E-A57EF2E1BEF4}.xpi
FF Extension: ( ) - C:\WINDOWS\Installer\{BB51EB53-4BA3-41FA-A4ED-0271C9AE6A4F}\{0F698605-A333-48C2-9F2E-A57EF2E1BEF4}.xpi [2017-08-17]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-07-26] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default [2017-08-17]
CHR Extension: (No Name) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (No Name) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (Tampermonkey) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: ( ) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogofdjdechjgkbiiigeabnpepmjhbbfb [2017-08-17]
CHR Extension: (No Name) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-16]
CHR HKU\S-1-5-21-2853533079-476395649-1961076433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2017-07-26] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [23032 2016-07-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [19960 2016-07-14] ()
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 Lace514; C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys [71960 2017-08-09] (Driver Lace514)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-08-19] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-08-07] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 20:44 - 2017-08-20 20:44 - 000017309 _____ C:\Users\GG\Desktop\FRST.txt
2017-08-20 20:40 - 2017-08-20 20:40 - 004922400 _____ (AO Kaspersky Lab) C:\Users\GG\Desktop\tdsskiller.exe
2017-08-20 20:39 - 2017-08-20 20:40 - 002395648 _____ (Farbar) C:\Users\GG\Desktop\FRST64.exe
2017-08-19 18:22 - 2017-08-19 18:22 - 257338777 _____ C:\Users\GG\Documents\170521_253-2Aa.afphoto
2017-08-19 14:13 - 2017-08-19 14:13 - 000195644 _____ C:\WINDOWS\ntbtlog.txt
2017-08-17 23:30 - 2017-08-17 23:30 - 000000000 ____D C:\Windows.old
2017-08-17 23:29 - 2017-08-17 23:29 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-17 23:29 - 2017-08-17 23:29 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-17 23:29 - 2017-08-17 23:29 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-17 23:29 - 2017-08-17 23:29 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-17 23:29 - 2017-08-17 23:29 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-17 23:27 - 2017-08-17 23:27 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-17 23:27 - 2017-08-17 13:31 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-17 23:27 - 2017-03-18 08:00 - 012039168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll
2017-08-17 23:27 - 2017-03-18 07:58 - 011602432 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll
2017-08-17 23:27 - 2017-03-18 07:47 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll
2017-08-17 23:27 - 2017-03-18 07:44 - 012039168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll
2017-08-17 23:27 - 2017-03-18 07:34 - 001993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files\MSBuild
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-17 23:26 - 2017-02-10 21:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-08-17 23:26 - 2017-02-10 21:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-08-17 17:33 - 2017-08-17 17:33 - 000417090 _____ C:\Users\GG\Downloads\Affinity Photo Manual.pdf.html
2017-08-17 17:33 - 2017-08-17 17:33 - 000000000 ____D C:\Users\GG\Downloads\Affinity Photo Manual.pdf_files
2017-08-17 16:41 - 2017-08-17 16:41 - 262839649 _____ C:\Users\GG\Documents\170521_253-2A.afphoto
2017-08-17 13:41 - 2017-08-20 20:39 - 000964502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-17 13:39 - 2017-08-17 13:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-17 13:38 - 2017-08-17 13:38 - 000000020 ___SH C:\Users\GG\ntuser.ini
2017-08-17 13:38 - 2017-08-17 13:38 - 000000000 ____D C:\ProgramData\USOShared
2017-08-17 13:36 - 2017-08-20 20:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-17 13:36 - 2017-08-17 13:39 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2853533079-476395649-1961076433-1001
2017-08-17 13:36 - 2017-08-17 13:37 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-08-17 13:36 - 2017-08-17 13:37 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-08-17 13:36 - 2017-08-17 13:36 - 000003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-17 13:36 - 2017-08-17 13:36 - 000003604 _____ C:\WINDOWS\System32\Tasks\ApplicationCompatibilitySupport
2017-08-17 13:36 - 2017-08-17 13:36 - 000003592 _____ C:\WINDOWS\System32\Tasks\{6FF8E6AA-D853-5101-AD2C-64208150D3CD}
2017-08-17 13:36 - 2017-08-17 13:36 - 000003592 _____ C:\WINDOWS\System32\Tasks\{3944D9F1-8EEF-6E5A-15D9-143B3B89FDBB}
2017-08-17 13:36 - 2017-08-17 13:36 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-17 13:36 - 2017-08-17 13:36 - 000003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-17 13:36 - 2017-08-17 13:36 - 000003082 _____ C:\WINDOWS\System32\Tasks\{0F0D1874-2E79-5C9A-2648-933740382A64}
2017-08-17 13:36 - 2017-08-17 13:36 - 000002766 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-KG096UT-GG
2017-08-17 13:36 - 2017-08-17 13:36 - 000002752 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-GG-PCTWO-GG
2017-08-17 13:36 - 2017-08-17 13:36 - 000002272 _____ C:\WINDOWS\System32\Tasks\83547c80c21b7f10a947b7d5d370d5d8
2017-08-17 13:36 - 2017-08-17 13:36 - 000002184 _____ C:\WINDOWS\System32\Tasks\wGKWRwkYfr
2017-08-17 13:36 - 2017-08-17 13:36 - 000002184 _____ C:\WINDOWS\System32\Tasks\sPMnlSwMYj
2017-08-17 13:36 - 2017-08-17 13:36 - 000002184 _____ C:\WINDOWS\System32\Tasks\P4HIy6gTTM
2017-08-17 13:36 - 2017-08-17 13:36 - 000002184 _____ C:\WINDOWS\System32\Tasks\mhCP0LG665
2017-08-17 13:36 - 2017-08-17 13:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-08-17 13:34 - 2017-08-17 13:34 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-17 13:34 - 2017-03-18 22:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-17 13:33 - 2017-08-17 13:34 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-17 13:32 - 2017-08-20 20:33 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-17 13:32 - 2017-08-17 17:37 - 000000000 ____D C:\Users\GG
2017-08-17 13:32 - 2017-08-17 13:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-17 13:32 - 2017-08-17 13:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-17 13:32 - 2017-08-17 13:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\Program Files\Realtek
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\Program Files\ASUS
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-08-17 13:32 - 2017-05-01 22:52 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-17 13:32 - 2017-05-01 22:51 - 006437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 002479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-17 13:32 - 2017-04-25 23:11 - 007944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-17 13:32 - 2013-07-04 03:32 - 000028672 _____ (ASUSTek Computer Inc.) C:\WINDOWS\SysWOW64\AsIO.dll
2017-08-17 13:32 - 2013-07-04 03:32 - 000015232 _____ C:\WINDOWS\SysWOW64\Drivers\AsIO.sys
2017-08-17 13:31 - 2017-08-19 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-17 13:31 - 2017-08-17 15:10 - 004920248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-17 11:51 - 2017-08-17 13:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-17 11:51 - 2017-08-17 11:51 - 000005120 _____ C:\WINDOWS\SysWOW64\shaccuprofile.dll
2017-08-17 11:51 - 2017-08-17 11:51 - 000000000 ____D C:\Program Files\{5395B3D5-7090-4E62-883A-139F3241FCE5}
2017-08-17 11:51 - 2017-08-17 11:51 - 000000000 ____D C:\Program Files (x86)\{E28EF6B8-FBF6-40A7-A8C5-744D7796EDBC}
2017-08-10 21:16 - 2017-08-10 21:17 - 000000002 _____ C:\END
2017-08-10 21:16 - 2017-08-10 21:17 - 000000000 ____D C:\Program Files (x86)\wVxJtjMPpF
2017-08-10 21:03 - 2017-08-20 20:44 - 000000000 ____D C:\FRST
2017-08-10 21:03 - 2017-08-10 21:29 - 000120096 _____ C:\Users\GG\Downloads\FRST.txt
2017-08-10 21:03 - 2017-08-10 21:29 - 000052448 _____ C:\Users\GG\Downloads\Addition.txt
2017-08-10 21:00 - 2017-08-10 21:01 - 002381824 _____ (Farbar) C:\Users\GG\Downloads\FRST64.exe
2017-08-10 20:44 - 2017-08-10 20:44 - 000000000 ____D C:\Users\GG\Documents\ProcAlyzer Dumps
2017-08-10 19:59 - 2017-08-17 13:38 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-09 10:39 - 2017-08-09 10:39 - 000000000 ____D C:\Users\GG\AppData\Local\UNP
2017-08-09 09:19 - 2017-08-09 09:19 - 000071960 _____ (Driver Lace514) C:\WINDOWS\system32\Drivers\Lace_wpf_x64.sys
2017-08-08 22:29 - 2017-08-08 22:30 - 000000000 ____D C:\Program Files (x86)\wJL0eUrrEW
2017-08-08 21:53 - 2017-08-08 21:53 - 046661328 _____ (Microsoft Corporation) C:\Users\GG\Downloads\Windows-KB890830-x64-V5.51.exe
2017-08-08 07:42 - 2017-08-20 20:33 - 000000000 ____D C:\Program Files (x86)\JHbkeurapg
2017-08-08 07:42 - 2017-08-08 07:42 - 000000000 ____D C:\Program Files (x86)\yKa66VapWj
2017-08-07 21:58 - 2017-08-17 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-08-07 21:58 - 2017-08-07 21:58 - 000001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-08-07 21:58 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-08-07 21:51 - 2017-08-07 21:51 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-08-07 21:50 - 2017-08-07 21:50 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\GG\Downloads\spybotsd-2.6.46.exe
2017-08-07 20:58 - 2017-08-07 20:35 - 000003641 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170807-205841.backup
2017-08-07 20:36 - 2017-08-07 20:36 - 000000000 ____D C:\Users\GG\AppData\Local\TeamViewer
2017-08-07 20:26 - 2017-08-10 20:34 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-07 20:26 - 2017-08-07 21:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-07 20:04 - 2017-08-07 20:04 - 008187336 _____ (Malwarebytes) C:\Users\GG\Downloads\adwcleaner_7.0.2.0.exe
2017-08-07 20:03 - 2017-08-10 21:16 - 000000000 ____D C:\AdwCleaner
2017-08-07 19:46 - 2017-08-17 12:12 - 000001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-08-07 19:46 - 2017-08-17 12:12 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-08-07 19:46 - 2017-08-07 19:46 - 000000000 ____D C:\Users\GG\AppData\Roaming\TeamViewer
2017-08-07 17:46 - 2017-08-07 17:46 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignec8edacaaf7afdad
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign8891875038f8a32f
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6b11681c4a60edb0
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign69fd61021851fce5
2017-08-07 08:50 - 2017-08-20 20:37 - 000000000 ____D C:\Users\GG\AppData\LocalLow\Mozilla
2017-08-07 08:50 - 2017-08-07 08:50 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-07 08:50 - 2017-08-07 08:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-06 15:36 - 2017-08-06 15:36 - 000000000 ____D C:\Users\GG\Desktop\Alte Firefox-Daten
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignffc8106fe45c14ec
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsigneac3af40a099be1d
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign43c860051ba10bea
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign0d1143b922f1ec0d
2017-08-06 13:42 - 2017-08-07 09:15 - 000176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-06 13:41 - 2017-08-19 14:38 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-06 13:41 - 2017-08-17 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-06 13:41 - 2017-08-07 20:30 - 000102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-06 13:41 - 2017-08-07 20:30 - 000043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-06 13:41 - 2017-08-07 13:51 - 000091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-06 13:41 - 2017-08-06 13:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-06 13:41 - 2017-08-06 13:41 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-06 13:41 - 2016-12-14 12:55 - 000077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-05 18:38 - 2017-08-19 14:13 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-05 18:14 - 2017-08-05 18:14 - 802142785 _____ C:\WINDOWS\MEMORY.DMP
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsigne56e146512804e25
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6b298700b0c3bc0a
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign555c3783d6236ee0
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign2eb65cc641d79d4e
2017-08-04 19:03 - 2017-08-07 20:10 - 000000000 ____D C:\Users\GG\AppData\Roaming\Nico Mak Computing
2017-08-04 19:03 - 2017-08-07 20:10 - 000000000 ____D C:\ProgramData\Nico Mak Computing
2017-08-04 19:02 - 2017-08-04 19:02 - 004810056 _____ (WinZip International LLC ) C:\Users\GG\Downloads\wzmp_8.exe
2017-08-04 17:19 - 2017-08-20 20:33 - 000000000 ____D C:\Program Files (x86)\HspAH1uXPV
2017-08-04 16:56 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\4650b11a-21b3-1
2017-08-04 16:56 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\4650b11a-0523-0
2017-08-04 16:55 - 2017-08-04 17:19 - 001847296 _____ C:\Users\GG\AppData\Local\po.db
2017-08-04 16:55 - 2017-08-04 16:55 - 000140800 _____ C:\Users\GG\AppData\Local\installer.dat
2017-08-04 16:54 - 2017-08-04 16:55 - 000000000 ____D C:\Users\GG\AppData\Local\AdService
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Users\GG\AppData\Roaming\npm
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Program Files\83547c80c21b7f10a947b7d5d370d5d8
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Program Files (x86)\nodejs
2017-08-04 13:29 - 2017-08-04 13:29 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign1c8170e6b3c2a7f7
2017-08-04 13:27 - 2017-08-04 13:27 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignf0538a766c6f9658
2017-08-04 13:13 - 2017-08-04 13:13 - 000001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6a5926c7ed3bec82
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign25d2bfdc63137eaf
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign0259c4768961027e
2017-08-04 13:07 - 2017-08-04 13:07 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-08-04 13:00 - 2017-08-04 13:00 - 002273168 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\InDesign_Set-Up.exe
2017-08-04 12:58 - 2017-08-04 12:58 - 002282752 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Acrobat_Pro_DC_Set-Up.exe
2017-08-04 12:56 - 2017-08-04 12:57 - 002206096 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Illustrator_Set-Up.exe
2017-08-04 12:55 - 2017-08-04 13:04 - 002205088 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Photoshop_Set-Up.exe
2017-08-04 12:40 - 2017-08-04 12:40 - 000008578 _____ C:\Users\GG\Documents\Untitled 1.odt
2017-08-04 11:00 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\{648b176a-012c-0}
2017-08-04 11:00 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\{54db666c-712c-0}
2017-08-04 11:00 - 2017-08-08 22:25 - 000000000 ____D C:\ProgramData\{35482245-312c-1}
2017-08-03 17:37 - 2017-08-03 17:37 - 000104512 _____ (BYB5Z8) C:\WINDOWS\system32\Drivers\57f5cdbcab39c45db79c29259dee8f89.sys
2017-08-03 17:37 - 2017-08-03 17:37 - 000051623 _____ C:\WINDOWS\uninstaller.dat
2017-08-02 16:23 - 2017-08-02 16:23 - 000849920 ____H () C:\WINDOWS\system32\BITD55.tmp.VIRUS
2017-08-02 16:23 - 2017-08-02 16:23 - 000849920 ____H () C:\WINDOWS\system32\BIT1BFC.tmp.VIRUS
2017-07-30 09:27 - 2017-08-06 13:57 - 000000000 ____D C:\ProgramData\{939F8DB5-2434-3A1E-3365-243100ED3F8C}
2017-07-30 09:27 - 2017-08-06 13:57 - 000000000 ____D C:\ProgramData\{301511B8-87BE-A613-F4FE-43A46CD7F821}
2017-07-30 09:27 - 2017-08-04 11:00 - 000000000 ____D C:\ProgramData\{7945465c-312c-0}
2017-07-30 09:27 - 2017-08-04 11:00 - 000000000 ____D C:\ProgramData\{624b4d5c-312c-1}
2017-07-30 09:27 - 2017-07-30 09:27 - 000000000 ____D C:\ProgramData\{ADD901B0-1A72-B61B-74D5-FE1618B2B1DA}
2017-07-30 09:27 - 2017-07-30 09:27 - 000000000 ____D C:\ProgramData\{5430E66D-E39B-51C6-6D8B-94EBCFF83765}
2017-07-27 18:21 - 2017-07-27 18:21 - 000000000 ____D C:\Users\GG\AppData\Roaming\Piccure+
2017-07-26 14:06 - 2017-07-26 20:47 - 047537848 _____ (Photodex Corporation) C:\Users\GG\Downloads\psgold_80_3648 (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 20:33 - 2016-04-24 15:27 - 000000000 ___RD C:\Users\GG\Creative Cloud Files
2017-08-20 20:33 - 2016-03-30 13:42 - 000000000 ____D C:\Users\GG\AppData\Local\Adobe
2017-08-20 19:58 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-20 19:58 - 2016-03-30 17:19 - 000000000 ____D C:\LR_Catalog
2017-08-20 19:30 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-20 19:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-20 19:25 - 2016-11-25 05:08 - 000000000 ____D C:\Users\GG\AppData\Local\ConnectedDevicesPlatform
2017-08-19 23:47 - 2017-05-28 20:50 - 000000000 ____D C:\Users\GG\AppData\Roaming\vlc
2017-08-19 21:03 - 2017-05-28 20:51 - 000000000 ____D C:\Users\GG\AppData\Roaming\dvdcss
2017-08-19 14:53 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-19 14:03 - 2016-03-30 13:23 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-19 14:02 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-17 23:31 - 2017-03-18 23:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-17 23:30 - 2017-03-18 23:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-17 23:27 - 2017-03-19 04:30 - 000000000 ____D C:\WINDOWS\OCR
2017-08-17 17:10 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-17 14:10 - 2016-03-30 13:05 - 000000000 ____D C:\Users\GG\AppData\Local\Packages
2017-08-17 13:39 - 2016-03-30 13:07 - 000002400 _____ C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-17 13:39 - 2016-03-30 13:07 - 000000000 ___RD C:\Users\GG\OneDrive
2017-08-17 13:38 - 2017-03-18 23:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-17 13:38 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-17 13:38 - 2016-08-15 17:06 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-17 13:38 - 2016-02-13 15:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-17 13:37 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-17 13:37 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-17 13:36 - 2017-03-19 04:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-17 13:36 - 2017-03-18 23:03 - 000000000 __RSD C:\WINDOWS\Media
2017-08-17 13:36 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-17 13:36 - 2016-11-25 04:45 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-17 13:36 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-17 13:35 - 2017-03-18 23:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-17 13:34 - 2017-06-16 15:42 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-17 13:34 - 2017-05-28 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-17 13:34 - 2017-05-15 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTGui
2017-08-17 13:34 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-08-17 13:34 - 2017-02-09 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series User Registration
2017-08-17 13:34 - 2017-02-09 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series Manual
2017-08-17 13:34 - 2017-02-09 16:59 - 000000000 ____D C:\WINDOWS\system32\STRING
2017-08-17 13:34 - 2016-12-12 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2017-08-17 13:34 - 2016-08-24 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2017-08-17 13:34 - 2016-08-22 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2
2017-08-17 13:34 - 2016-08-22 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.5
2017-08-17 13:34 - 2016-07-31 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
2017-08-17 13:34 - 2016-07-17 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2017-08-17 13:34 - 2016-07-17 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-08-17 13:34 - 2016-03-30 15:51 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-17 13:34 - 2016-03-30 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2017-08-17 13:33 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-17 13:33 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-17 13:33 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-17 13:33 - 2017-02-09 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-17 13:33 - 2017-02-09 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-08-17 13:33 - 2016-11-20 04:30 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-08-17 13:33 - 2016-11-20 04:30 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-08-17 13:33 - 2016-10-20 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2017-08-17 13:33 - 2016-03-30 13:53 - 000000000 ____D C:\Program Files\Intel
2017-08-17 13:32 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Help
2017-08-17 13:32 - 2017-03-18 13:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-17 13:21 - 2017-07-11 08:54 - 000000000 ___HD C:\$WINDOWS.~BT
2017-08-17 11:52 - 2016-03-30 13:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-08 21:53 - 2016-03-30 15:51 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 07:43 - 2017-03-19 19:32 - 000000000 ____D C:\WINDOWS\pss
2017-08-07 22:30 - 2016-04-23 15:12 - 000000000 ____D C:\Program Files (x86)\Belarc
2017-08-07 08:50 - 2016-03-30 13:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-06 19:55 - 2017-04-10 21:11 - 000000000 ____D C:\Users\GG\AppData\Local\CrashDumps
2017-08-06 13:58 - 2016-04-20 15:17 - 000000000 ____D C:\ProgramData\d281325b
2017-08-04 13:33 - 2016-03-30 13:05 - 000000000 ____D C:\Users\GG\AppData\Roaming\Adobe
2017-08-04 13:13 - 2016-05-16 14:02 - 000000000 ____D C:\Users\GG\Documents\Adobe
2017-08-04 13:13 - 2016-03-30 13:43 - 000000000 ____D C:\ProgramData\Adobe
2017-08-04 13:11 - 2016-07-17 13:30 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-04 13:09 - 2016-03-30 15:51 - 000000000 ____D C:\Program Files\Adobe
2017-08-04 13:08 - 2016-03-30 13:43 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-04 13:07 - 2016-03-30 13:52 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-31 17:15 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 17:15 - 2017-03-18 23:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-30 09:27 - 2017-07-09 22:14 - 000000000 ____D C:\ProgramData\37934827-6357-1
2017-07-30 09:27 - 2017-07-09 22:14 - 000000000 ____D C:\ProgramData\37934827-2327-0
2017-07-30 09:27 - 2017-06-06 18:32 - 000000000 ____D C:\ProgramData\{5dcc461f-112c-1}
2017-07-30 09:27 - 2017-06-06 18:32 - 000000000 ____D C:\ProgramData\{4add5ae6-012c-0}

==================== Files in the root of some directories =======

2017-08-04 16:55 - 2017-08-04 16:55 - 000140800 _____ () C:\Users\GG\AppData\Local\installer.dat
2017-08-04 16:55 - 2017-08-04 17:19 - 001847296 _____ () C:\Users\GG\AppData\Local\po.db
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-17 13:31

==================== End of FRST.txt ============================

--- --- ---

achkomm · 20.08.2017, 22:41

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by GG (20-08-2017 20:44:24)
Running from C:\Users\GG\Desktop
Windows 10 Home Version 1703 (X64) (2017-08-17 11:38:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2853533079-476395649-1961076433-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2853533079-476395649-1961076433-503 - Limited - Disabled)
GG (S-1-5-21-2853533079-476395649-1961076433-1001 - Administrator - Enabled) => C:\Users\GG
Guest (S-1-5-21-2853533079-476395649-1961076433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2853533079-476395649-1961076433-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Affinity Photo (HKLM\...\{79AC0024-AED9-464B-9655-26316A44E6A6}) (Version: 1.5.2.69 - Serif (Europe) Ltd)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
EaseUS Partition Master 11.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
LibreOffice 5.1 Help Pack (German) (HKLM-x32\...\{AA038A6D-9F0A-4793-90B7-39E5F4D4CE94}) (Version: 5.1.1.3 - The Document Foundation)
LibreOffice 5.1.1.3 (HKLM\...\{407B69E0-F7D7-45E2-AC19-96134B0294A2}) (Version: 5.1.1.3 - The Document Foundation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version:  - Photodex Corporation)
PTGui Pro Trial 10.0.16 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2853533079-476395649-1961076433-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F84598392DFD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2853533079-476395649-1961076433-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0325B509-3FAB-45EA-9383-4086B25A673F} - System32\Tasks\AdobeAAMUpdater-1.0-GG-PCTWO-GG => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {0CB248E5-05A1-48D5-8728-AD2008EB31FC} - System32\Tasks\sPMnlSwMYj => C:\Program Files (x86)\Hi9pmMqf2p\updengine.exe <==== ATTENTION
Task: {0F0EB497-BDCC-4115-8179-ADE1B2262017} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-KG096UT-GG => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {105523A4-C7D8-468D-8368-CA71DDC59922} - System32\Tasks\wGKWRwkYfr => C:\Program Files (x86)\HspAH1uXPV\updengine.exe [2017-08-04] () <==== ATTENTION
Task: {1F34D566-508C-4CE7-9300-07D90B80A545} - System32\Tasks\{0F0D1874-2E79-5C9A-2648-933740382A64} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\d281325b\d600163a.dll" <==== ATTENTION
Task: {28E47642-F435-4B62-937D-988FDD2BB2EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {42584CB9-FB6A-4650-8C6F-700BF4AF88D6} - System32\Tasks\mhCP0LG665 => C:\Program Files (x86)\rtP8yE38Gn\updengine.exe <==== ATTENTION
Task: {5D772E1E-5085-47A0-8BD4-9332FD622FC3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6214DAD8-7A4F-43B6-B0D4-52855D04F0B4} - System32\Tasks\{3944D9F1-8EEF-6E5A-15D9-143B3B89FDBB} => C:\ProgramData\{939F8DB5-2434-3A1E-3365-243100ED3F8C}\485C66CD-FFF7-D166-EA5F-68A1DEC0841C.exe <==== ATTENTION
Task: {6D767EC6-CE7F-4C95-BA31-43AF8EA40557} - System32\Tasks\P4HIy6gTTM => C:\Program Files (x86)\JHbkeurapg\updengine.exe [2017-08-07] () <==== ATTENTION
Task: {6EC57399-FF8F-42F9-909E-7D8ACB7A2EBB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {83DB7348-F746-4A13-95A8-B203DD10C4D6} - System32\Tasks\{6FF8E6AA-D853-5101-AD2C-64208150D3CD} => C:\ProgramData\{301511B8-87BE-A613-F4FE-43A46CD7F821}\A005E98E-17AE-5E25-A879-2566F3D8FFCB.exe <==== ATTENTION
Task: {84717932-B793-44CB-8E75-05E6F0D09471} - System32\Tasks\83547c80c21b7f10a947b7d5d370d5d8 => sc start 83547c80c21b7f10a947b7d5d370d5d8 <==== ATTENTION
Task: {8A2FE4AC-4C39-47B1-A2DB-7223587CA090} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {B774F6C4-886B-459A-A400-1998C245CA2B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {C99998D9-5347-4FC7-8CD3-EBD72B3D2221} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {F68BFFA6-3E5D-438A-83B0-94A2EEE56C93} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Aktualisiere Anti-Beacon-Immunisierung => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe
Task: {FBD29F96-88B6-4E49-B0F5-F0B18DC9CC3A} - System32\Tasks\ApplicationCompatibilitySupport => C:\Program Files (x86)\nodejs\node.exe [2017-05-02] (Node.js)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-08-17 13:32 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-07-31 11:47 - 2017-07-26 21:27 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-18 00:50 - 2017-07-18 00:50 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2016-08-24 16:12 - 2012-01-20 14:55 - 000678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2017-03-18 22:59 - 2017-03-19 04:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-22 17:37 - 2016-06-03 12:15 - 000278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2017-08-17 13:32 - 2017-08-20 20:33 - 000028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-08-17 13:32 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 001296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000173760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000056512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000128192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000085184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000114880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000220864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000021184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2017-08-07 21:58 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-07 21:58 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-08-07 21:58 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-22 17:37 - 2015-12-10 06:04 - 000224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-22 18:55 - 2017-06-22 18:55 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-07-13 10:12 - 2017-07-13 10:12 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-07-13 10:07 - 2017-07-13 10:07 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-08-08 22:25 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2853533079-476395649-1961076433-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\StartupApproved\Run: => "ZWVZGOYXKY.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E4058B2C-90A4-4FBB-8040-71347FFA5158}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7D47C938-6E02-4CA3-B609-369156CDF5B7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5540ABAF-5ACB-4A71-ABCD-E191617BC01A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BD407703-6F04-4427-B621-D7E4C9C39216}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BA8D9AD2-81DF-498F-B292-8B1E921D9012}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{85697F52-4741-4FE8-BA2B-5B8A7DA59F16}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [UDP Query User{877CE723-625E-4EE1-9320-1E8E41F66EF1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{FD0C7F03-4A48-4C14-9E17-591463B4145E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{4D38C258-E43B-43FD-B64F-07D78E03789D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7CC31B56-B0B5-43EF-8C17-57A2117062E2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled
06-03-2017 15:23:51 Windows Update
20-08-2017 19:34:10 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/20/2017 07:35:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (08/20/2017 08:33:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/20/2017 08:33:27 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/20/2017 07:25:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/20/2017 07:25:04 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/19/2017 02:40:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/19/2017 02:40:58 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/19/2017 02:26:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/19/2017 02:26:01 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/19/2017 02:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/19/2017 02:19:43 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 14%
Total physical RAM: 16319.17 MB
Available physical RAM: 13920.32 MB
Total Virtual: 19263.17 MB
Available Virtual: 16612.59 MB

==================== Drives ================================

Drive c: (Win_10) (Fixed) (Total:95.55 GB) (Free:26.46 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:482.2 GB) NTFS
Drive h: (Working) (Fixed) (Total:620.12 GB) (Free:301.33 GB) NTFS
Drive i: (Photo) (Fixed) (Total:621.4 GB) (Free:217.8 GB) NTFS
Drive j: (Personal) (Fixed) (Total:621.5 GB) (Free:288.61 GB) NTFS
Drive s: (Win_8.1) (Fixed) (Total:125.96 GB) (Free:52.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C47C77E2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=126 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=95.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 26DEC96F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 360532BB)
Partition 1: (Not Active) - (Size=620.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=621.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=621.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Code:

ATTFilter

20:46:16.0223 0x2430  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
20:46:20.0128 0x2430  ============================================================
20:46:20.0128 0x2430  Current date / time: 2017/08/20 20:46:20.0128
20:46:20.0128 0x2430  SystemInfo:
20:46:20.0128 0x2430  
20:46:20.0128 0x2430  OS Version: 10.0.15063 ServicePack: 0.0
20:46:20.0128 0x2430  Product type: Workstation
20:46:20.0128 0x2430  ComputerName: GG-PCTWO
20:46:20.0129 0x2430  UserName: GG
20:46:20.0129 0x2430  Windows directory: C:\WINDOWS
20:46:20.0129 0x2430  System windows directory: C:\WINDOWS
20:46:20.0129 0x2430  Running under WOW64
20:46:20.0129 0x2430  Processor architecture: Intel x64
20:46:20.0129 0x2430  Number of processors: 8
20:46:20.0129 0x2430  Page size: 0x1000
20:46:20.0129 0x2430  Boot type: Normal boot
20:46:20.0129 0x2430  CodeIntegrityOptions = 0x00000001
20:46:20.0129 0x2430  ============================================================
20:46:20.0185 0x2430  KLMD registered as C:\WINDOWS\system32\drivers\93883862.sys
20:46:20.0185 0x2430  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19
20:46:20.0239 0x2430  System UUID: {AAB56DAE-2DFA-AAEA-757D-A31CAE98BA08}
20:46:20.0402 0x2430  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:20.0403 0x2430  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:20.0403 0x2430  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:20.0409 0x2430  ============================================================
20:46:20.0409 0x2430  \Device\Harddisk0\DR0:
20:46:20.0410 0x2430  MBR partitions:
20:46:20.0410 0x2430  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
20:46:20.0410 0x2430  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xFBEA800
20:46:20.0410 0x2430  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFC9A000, BlocksNum 0xBF19000
20:46:20.0410 0x2430  \Device\Harddisk1\DR1:
20:46:20.0589 0x2430  MBR partitions:
20:46:20.0589 0x2430  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:46:20.0589 0x2430  \Device\Harddisk2\DR2:
20:46:20.0591 0x2430  MBR partitions:
20:46:20.0591 0x2430  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4D83C000
20:46:20.0591 0x2430  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x4D83C800, BlocksNum 0x4DACC800
20:46:20.0591 0x2430  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x9B309000, BlocksNum 0x4DAFE800
20:46:20.0591 0x2430  ============================================================
20:46:20.0592 0x2430  C: <-> \Device\Harddisk0\DR0\Partition3
20:46:20.0595 0x2430  D: <-> \Device\Harddisk1\DR1\Partition1
20:46:21.0110 0x2430  H: <-> \Device\Harddisk2\DR2\Partition1
20:46:21.0111 0x2430  I: <-> \Device\Harddisk2\DR2\Partition2
20:46:21.0140 0x2430  J: <-> \Device\Harddisk2\DR2\Partition3
20:46:21.0140 0x2430  S: <-> \Device\Harddisk0\DR0\Partition2
20:46:21.0141 0x2430  ============================================================
20:46:21.0141 0x2430  Initialize success
20:46:21.0141 0x2430  ============================================================
20:46:24.0858 0x2320  ============================================================
20:46:24.0858 0x2320  Scan started
20:46:24.0858 0x2320  Mode: Manual; 
20:46:24.0858 0x2320  ============================================================
20:46:24.0858 0x2320  KSN ping started
20:46:25.0027 0x2320  KSN ping finished: true
20:46:25.0479 0x2320  ================ Scan system memory ========================
20:46:25.0479 0x2320  System memory - ok
20:46:25.0480 0x2320  ================ Scan services =============================
20:46:25.0510 0x2320  1394ohci - ok
20:46:25.0512 0x2320  3ware - ok
20:46:25.0514 0x2320  ACPI - ok
20:46:25.0517 0x2320  AcpiDev - ok
20:46:25.0519 0x2320  acpiex - ok
20:46:25.0521 0x2320  acpipagr - ok
20:46:25.0524 0x2320  AcpiPmi - ok
20:46:25.0526 0x2320  acpitime - ok
20:46:25.0531 0x2320  [ 9B112FDA1D5FB7B75627461001AC692A, 2EDF7C8FD59CD5FCD19FA528F60CBD6DDB9A8076AE0280B11D8EA8EAF7D39958 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:25.0532 0x2320  AdobeARMservice - ok
20:46:25.0549 0x2320  [ AD0541B0ACCC3FAC2F9C8867F462DAC9, 9CE2BBE73AEAAA02B4E131E56F732DB93FA51BEC7F65FB46DFEF08A35C4AD583 ] AdobeUpdateService C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
20:46:25.0557 0x2320  AdobeUpdateService - ok
20:46:25.0562 0x2320  ADP80XX - ok
20:46:25.0564 0x2320  AFD - ok
20:46:25.0595 0x2320  [ 078B785A7533B7059A236017B3B060A4, 43B3E716009136A5A5A86BF8546DE6C416CA3B7F8EEC242D9D44EF12111B7A6E ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
20:46:25.0617 0x2320  AGSService - ok
20:46:25.0621 0x2320  ahcache - ok
20:46:25.0623 0x2320  AJRouter - ok
20:46:25.0624 0x2320  ALG - ok
20:46:25.0626 0x2320  AmdK8 - ok
20:46:25.0628 0x2320  AmdPPM - ok
20:46:25.0630 0x2320  amdsata - ok
20:46:25.0633 0x2320  amdsbs - ok
20:46:25.0635 0x2320  amdxata - ok
20:46:25.0637 0x2320  AppID - ok
20:46:25.0641 0x2320  AppIDSvc - ok
20:46:25.0643 0x2320  Appinfo - ok
20:46:25.0645 0x2320  applockerfltr - ok
20:46:25.0647 0x2320  AppReadiness - ok
20:46:25.0651 0x2320  AppXSvc - ok
20:46:25.0653 0x2320  arcsas - ok
20:46:25.0667 0x2320  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
20:46:25.0677 0x2320  asComSvc - ok
20:46:25.0694 0x2320  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\WINDOWS\syswow64\drivers\AsIO.sys
20:46:25.0695 0x2320  AsIO - ok
20:46:25.0697 0x2320  AsyncMac - ok
20:46:25.0699 0x2320  atapi - ok
20:46:25.0701 0x2320  AudioEndpointBuilder - ok
20:46:25.0703 0x2320  Audiosrv - ok
20:46:25.0706 0x2320  AxInstSV - ok
20:46:25.0708 0x2320  b06bdrv - ok
20:46:25.0711 0x2320  BasicDisplay - ok
20:46:25.0713 0x2320  BasicRender - ok
20:46:25.0717 0x2320  bcmfn2 - ok
20:46:25.0719 0x2320  BDESVC - ok
20:46:25.0722 0x2320  Beep - ok
20:46:25.0723 0x2320  BFE - ok
20:46:25.0725 0x2320  BITS - ok
20:46:25.0727 0x2320  bowser - ok
20:46:25.0729 0x2320  BrokerInfrastructure - ok
20:46:25.0731 0x2320  Browser - ok
20:46:25.0734 0x2320  BthAvrcpTg - ok
20:46:25.0737 0x2320  BthHFEnum - ok
20:46:25.0740 0x2320  bthhfhid - ok
20:46:25.0742 0x2320  BthHFSrv - ok
20:46:25.0744 0x2320  BTHMODEM - ok
20:46:25.0747 0x2320  bthserv - ok
20:46:25.0750 0x2320  buttonconverter - ok
20:46:25.0751 0x2320  CAD - ok
20:46:25.0754 0x2320  CapImg - ok
20:46:25.0757 0x2320  cdfs - ok
20:46:25.0760 0x2320  CDPSvc - ok
20:46:25.0762 0x2320  CDPUserSvc - ok
20:46:25.0765 0x2320  cdrom - ok
20:46:25.0767 0x2320  CertPropSvc - ok
20:46:25.0769 0x2320  cht4iscsi - ok
20:46:25.0772 0x2320  cht4vbd - ok
20:46:25.0774 0x2320  circlass - ok
20:46:25.0776 0x2320  CldFlt - ok
20:46:25.0778 0x2320  CLFS - ok
20:46:25.0780 0x2320  ClipSVC - ok
20:46:25.0782 0x2320  clreg - ok
20:46:25.0788 0x2320  CmBatt - ok
20:46:25.0791 0x2320  CNG - ok
20:46:25.0793 0x2320  cnghwassist - ok
20:46:25.0807 0x2320  CompositeBus - ok
20:46:25.0809 0x2320  COMSysApp - ok
20:46:25.0811 0x2320  condrv - ok
20:46:25.0814 0x2320  CoreMessagingRegistrar - ok
20:46:25.0818 0x2320  CryptSvc - ok
20:46:25.0820 0x2320  dam - ok
20:46:25.0824 0x2320  DcomLaunch - ok
20:46:25.0826 0x2320  defragsvc - ok
20:46:25.0828 0x2320  DeviceAssociationService - ok
20:46:25.0830 0x2320  DeviceInstall - ok
20:46:25.0832 0x2320  DevicesFlowUserSvc - ok
20:46:25.0835 0x2320  DevQueryBroker - ok
20:46:25.0838 0x2320  Dfsc - ok
20:46:25.0842 0x2320  Dhcp - ok
20:46:25.0844 0x2320  diagnosticshub.standardcollector.service - ok
20:46:25.0847 0x2320  DiagTrack - ok
20:46:25.0851 0x2320  Disk - ok
20:46:25.0853 0x2320  DmEnrollmentSvc - ok
20:46:25.0856 0x2320  dmvsc - ok
20:46:25.0858 0x2320  dmwappushservice - ok
20:46:25.0860 0x2320  Dnscache - ok
20:46:25.0863 0x2320  dot3svc - ok
20:46:25.0866 0x2320  DPS - ok
20:46:25.0868 0x2320  drmkaud - ok
20:46:25.0870 0x2320  DsmSvc - ok
20:46:25.0873 0x2320  DsSvc - ok
20:46:25.0876 0x2320  DusmSvc - ok
20:46:25.0878 0x2320  DXGKrnl - ok
20:46:25.0880 0x2320  EapHost - ok
20:46:25.0885 0x2320  [ 97E0A6C61554927D0EF3E081FF510353, EF9BD788584D18C9D0F1488DBFEC105819D59BFFD638F4A57A0F32A3A4A02662 ] EaseUS Agent    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
20:46:25.0886 0x2320  EaseUS Agent - ok
20:46:25.0890 0x2320  ebdrv - ok
20:46:25.0892 0x2320  EFS - ok
20:46:25.0894 0x2320  EhStorClass - ok
20:46:25.0896 0x2320  EhStorTcgDrv - ok
20:46:25.0899 0x2320  embeddedmode - ok
20:46:25.0901 0x2320  EntAppSvc - ok
20:46:25.0904 0x2320  [ 80660B53362BB1B504FB4E9CE214332A, 4C36714A19309D9D94517C89909B1DB40FD5D3D2FC28A34D019630F95BAC3E95 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
20:46:25.0907 0x2320  epmntdrv - ok
20:46:25.0909 0x2320  ErrDev - ok
20:46:25.0913 0x2320  [ 83EF0C33B56360761AE2DDB86E47B2E8, 7DCB2083286C7CF6F1A7D7388FAFFE306EAA9A995B371B15A24F6FD9A876CCC0 ] EUBAKUP         C:\WINDOWS\system32\drivers\eubakup.sys
20:46:25.0914 0x2320  EUBAKUP - ok
20:46:25.0917 0x2320  [ CCF2072C27B5F84447A0829014C43760, D87E9F4344D7EEA47D4B7E377FF93048EED05BD2F8998548EA74C3DF4FE7F0A6 ] EUBKMON         C:\WINDOWS\system32\drivers\EUBKMON.sys
20:46:25.0918 0x2320  EUBKMON - ok
20:46:25.0921 0x2320  [ 44A0838432C8A31A5D6CBE0BF348CED6, 353766D9781CC65B5BD9AC0E52EC245BBD7135145966C1DA573912027C7C8D7E ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
20:46:25.0922 0x2320  EUDSKACS - ok
20:46:25.0927 0x2320  [ D05585505CB20235E7C665158464551D, 403FA750D159F0BC79CEDFA74037BFF88E02F32796A681BD94B2523C14B4ADA2 ] EUFDDISK        C:\Windows\system32\drivers\EuFdDisk.sys
20:46:25.0929 0x2320  EUFDDISK - ok
20:46:25.0932 0x2320  [ 08C997734B2CECE882656BB2855E6E76, B3C1DEF26C9C9123D34395717220B450C705B5FA9FC8E321ADC444A4D63E6F36 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
20:46:25.0933 0x2320  EuGdiDrv - ok
20:46:25.0937 0x2320  EventSystem - ok
20:46:25.0940 0x2320  exfat - ok
20:46:25.0942 0x2320  fastfat - ok
20:46:25.0944 0x2320  Fax - ok
20:46:25.0946 0x2320  fdc - ok
20:46:25.0948 0x2320  fdPHost - ok
20:46:25.0950 0x2320  FDResPub - ok
20:46:25.0952 0x2320  fhsvc - ok
20:46:25.0956 0x2320  FileCrypt - ok
20:46:25.0958 0x2320  FileInfo - ok
20:46:25.0961 0x2320  Filetrace - ok
20:46:25.0962 0x2320  flpydisk - ok
20:46:25.0964 0x2320  FltMgr - ok
20:46:25.0966 0x2320  FontCache - ok
20:46:25.0969 0x2320  FontCache3.0.0.0 - ok
20:46:25.0972 0x2320  FrameServer - ok
20:46:25.0975 0x2320  FsDepends - ok
20:46:25.0977 0x2320  Fs_Rec - ok
20:46:25.0979 0x2320  fvevol - ok
20:46:25.0982 0x2320  gencounter - ok
20:46:25.0984 0x2320  genericusbfn - ok
20:46:25.0986 0x2320  GPIOClx0101 - ok
20:46:25.0989 0x2320  gpsvc - ok
20:46:25.0991 0x2320  GpuEnergyDrv - ok
20:46:25.0995 0x2320  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:46:25.0997 0x2320  gupdate - ok
20:46:26.0001 0x2320  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:46:26.0003 0x2320  gupdatem - ok
20:46:26.0006 0x2320  HDAudBus - ok
20:46:26.0008 0x2320  HidBatt - ok
20:46:26.0010 0x2320  HidBth - ok
20:46:26.0012 0x2320  hidi2c - ok
20:46:26.0014 0x2320  hidinterrupt - ok
20:46:26.0016 0x2320  HidIr - ok
20:46:26.0018 0x2320  hidserv - ok
20:46:26.0020 0x2320  HidUsb - ok
20:46:26.0023 0x2320  HomeGroupListener - ok
20:46:26.0025 0x2320  HomeGroupProvider - ok
20:46:26.0026 0x2320  HpSAMD - ok
20:46:26.0028 0x2320  HTTP - ok
20:46:26.0030 0x2320  HvHost - ok
20:46:26.0034 0x2320  hvservice - ok
20:46:26.0035 0x2320  hwpolicy - ok
20:46:26.0038 0x2320  hyperkbd - ok
20:46:26.0041 0x2320  i8042prt - ok
20:46:26.0043 0x2320  iagpio - ok
20:46:26.0044 0x2320  iai2c - ok
20:46:26.0046 0x2320  iaLPSS2i_GPIO2 - ok
20:46:26.0049 0x2320  iaLPSS2i_GPIO2_BXT_P - ok
20:46:26.0051 0x2320  iaLPSS2i_I2C - ok
20:46:26.0053 0x2320  iaLPSS2i_I2C_BXT_P - ok
20:46:26.0056 0x2320  iaLPSSi_GPIO - ok
20:46:26.0058 0x2320  iaLPSSi_I2C - ok
20:46:26.0060 0x2320  iaStorAV - ok
20:46:26.0062 0x2320  iaStorV - ok
20:46:26.0064 0x2320  ibbus - ok
20:46:26.0067 0x2320  icssvc - ok
20:46:26.0069 0x2320  IKEEXT - ok
20:46:26.0073 0x2320  IndirectKmd - ok
20:46:26.0136 0x2320  [ 9FCA186B88991BFD1BBBBC53059DC615, 91A1A13F0D3B64CD1961B558C3C4E6108719CB59ABFB21EBA2C5091C34E01C82 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:46:26.0185 0x2320  IntcAzAudAddService - ok
20:46:26.0191 0x2320  intelide - ok
20:46:26.0193 0x2320  intelpep - ok
20:46:26.0195 0x2320  intelppm - ok
20:46:26.0196 0x2320  iorate - ok
20:46:26.0199 0x2320  IpFilterDriver - ok
20:46:26.0201 0x2320  iphlpsvc - ok
20:46:26.0203 0x2320  IPMIDRV - ok
20:46:26.0206 0x2320  IPNAT - ok
20:46:26.0209 0x2320  IpxlatCfgSvc - ok
20:46:26.0211 0x2320  irda - ok
20:46:26.0213 0x2320  IRENUM - ok
20:46:26.0215 0x2320  irmon - ok
20:46:26.0216 0x2320  isapnp - ok
20:46:26.0218 0x2320  iScsiPrt - ok
20:46:26.0221 0x2320  kbdclass - ok
20:46:26.0224 0x2320  kbdhid - ok
20:46:26.0226 0x2320  kdnic - ok
20:46:26.0228 0x2320  KeyIso - ok
20:46:26.0230 0x2320  KSecDD - ok
20:46:26.0232 0x2320  KSecPkg - ok
20:46:26.0235 0x2320  ksthunk - ok
20:46:26.0238 0x2320  KtmRm - ok
20:46:26.0242 0x2320  [ 84656423A40192239EC65F9EDAC868B2, A78D7C7C3EAE42313E3E8469660F1098700D03680EB5BC2BEFE967518CD8B528 ] Lace514         C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys
20:46:26.0243 0x2320  Lace514 - ok
20:46:26.0245 0x2320  LanmanServer - ok
20:46:26.0247 0x2320  LanmanWorkstation - ok
20:46:26.0250 0x2320  lfsvc - ok
20:46:26.0252 0x2320  LicenseManager - ok
20:46:26.0255 0x2320  lltdio - ok
20:46:26.0258 0x2320  lltdsvc - ok
20:46:26.0260 0x2320  lmhosts - ok
20:46:26.0263 0x2320  LSI_SAS - ok
20:46:26.0265 0x2320  LSI_SAS2i - ok
20:46:26.0267 0x2320  LSI_SAS3i - ok
20:46:26.0269 0x2320  LSI_SSS - ok
20:46:26.0273 0x2320  LSM - ok
20:46:26.0275 0x2320  luafv - ok
20:46:26.0277 0x2320  MapsBroker - ok
20:46:26.0279 0x2320  mausbhost - ok
20:46:26.0281 0x2320  mausbip - ok
20:46:26.0338 0x2320  [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
20:46:26.0378 0x2320  MBAMService - ok
20:46:26.0387 0x2320  [ ABB371D9AEF728B0489B0E6872B4A1C0, E9539A4F85FE30F5BAED742778CA74C879995728668ABE6877C37633716D8770 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:46:26.0390 0x2320  MBAMSwissArmy - ok
20:46:26.0394 0x2320  [ 205C2D377E1CA85A4465491DB8064DA9, 0C69C6C958D8E26A6C6CCF2254E8B531BE718AD7FCFEB970F6F09426CA6C8C26 ] MBAMWebProtection C:\WINDOWS\system32\drivers\mwac.sys
20:46:26.0395 0x2320  MBAMWebProtection - ok
20:46:26.0398 0x2320  megasas - ok
20:46:26.0400 0x2320  megasas2i - ok
20:46:26.0402 0x2320  megasr - ok
20:46:26.0407 0x2320  [ 6D1671CB2E5402F01D2F13ECF764CAA1, 4778630F602FE8F9B9112DC5BB7A179632000D10D80C28E93711404108FCC6E0 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:46:26.0409 0x2320  MEIx64 - ok
20:46:26.0412 0x2320  MessagingService - ok
20:46:26.0415 0x2320  mlx4_bus - ok
20:46:26.0417 0x2320  MMCSS - ok
20:46:26.0419 0x2320  Modem - ok
20:46:26.0422 0x2320  monitor - ok
20:46:26.0425 0x2320  mouclass - ok
20:46:26.0427 0x2320  mouhid - ok
20:46:26.0429 0x2320  mountmgr - ok
20:46:26.0433 0x2320  [ 86C9215967686BB8A6AEE8008D914BF8, 907A156AADC880F06EB7BBBC0C57EC14A205CEE43A2AD509F6BD4040CA4F327D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:26.0435 0x2320  MozillaMaintenance - ok
20:46:26.0438 0x2320  mpsdrv - ok
20:46:26.0440 0x2320  MpsSvc - ok
20:46:26.0442 0x2320  MRxDAV - ok
20:46:26.0444 0x2320  mrxsmb - ok
20:46:26.0446 0x2320  mrxsmb10 - ok
20:46:26.0449 0x2320  mrxsmb20 - ok
20:46:26.0451 0x2320  MsBridge - ok
20:46:26.0454 0x2320  MSDTC - ok
20:46:26.0459 0x2320  Msfs - ok
20:46:26.0461 0x2320  msgpiowin32 - ok
20:46:26.0463 0x2320  mshidkmdf - ok
20:46:26.0465 0x2320  mshidumdf - ok
20:46:26.0467 0x2320  msisadrv - ok
20:46:26.0469 0x2320  MSiSCSI - ok
20:46:26.0471 0x2320  msiserver - ok
20:46:26.0474 0x2320  MSKSSRV - ok
20:46:26.0476 0x2320  MsLldp - ok
20:46:26.0478 0x2320  MSPCLOCK - ok
20:46:26.0480 0x2320  MSPQM - ok
20:46:26.0482 0x2320  MsRPC - ok
20:46:26.0485 0x2320  mssmbios - ok
20:46:26.0489 0x2320  MSTEE - ok
20:46:26.0491 0x2320  MTConfig - ok
20:46:26.0493 0x2320  Mup - ok
20:46:26.0495 0x2320  mvumis - ok
20:46:26.0498 0x2320  NativeWifiP - ok
20:46:26.0500 0x2320  NaturalAuthentication - ok
20:46:26.0502 0x2320  NcaSvc - ok
20:46:26.0505 0x2320  NcbService - ok
20:46:26.0507 0x2320  NcdAutoSetup - ok
20:46:26.0509 0x2320  ndfltr - ok
20:46:26.0511 0x2320  NDIS - ok
20:46:26.0513 0x2320  NdisCap - ok
20:46:26.0515 0x2320  NdisImPlatform - ok
20:46:26.0517 0x2320  NdisTapi - ok
20:46:26.0519 0x2320  Ndisuio - ok
20:46:26.0522 0x2320  NdisVirtualBus - ok
20:46:26.0525 0x2320  NdisWan - ok
20:46:26.0527 0x2320  ndiswanlegacy - ok
20:46:26.0529 0x2320  ndproxy - ok
20:46:26.0531 0x2320  Ndu - ok
20:46:26.0534 0x2320  NetAdapterCx - ok
20:46:26.0536 0x2320  NetBIOS - ok
20:46:26.0540 0x2320  NetBT - ok
20:46:26.0541 0x2320  Netlogon - ok
20:46:26.0543 0x2320  Netman - ok
20:46:26.0546 0x2320  netprofm - ok
20:46:26.0548 0x2320  NetSetupSvc - ok
20:46:26.0553 0x2320  NetTcpPortSharing - ok
20:46:26.0556 0x2320  netvsc - ok
20:46:26.0559 0x2320  NgcCtnrSvc - ok
20:46:26.0561 0x2320  NgcSvc - ok
20:46:26.0563 0x2320  NlaSvc - ok
20:46:26.0565 0x2320  Npfs - ok
20:46:26.0567 0x2320  npsvctrig - ok
20:46:26.0569 0x2320  nsi - ok
20:46:26.0572 0x2320  nsiproxy - ok
20:46:26.0575 0x2320  NTFS - ok
20:46:26.0577 0x2320  Null - ok
20:46:26.0579 0x2320  nvdimmn - ok
20:46:26.0585 0x2320  [ 6E256C42FD27FADEA9BDD2E98CB53FE4, 8E2BDADFCC4B0C7208E937462DDF9CD9810E1B66375BD22F26C5D94376BDEC44 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
20:46:26.0588 0x2320  NVHDA - ok
20:46:26.0785 0x2320  [ BD000446F0B4FA1E87E7D10356C49564, 95F495549F35FFD64D3132D46923D1502C10AC77E7031EE1DE629E218EC584E0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys
20:46:26.0919 0x2320  nvlddmkm - ok
20:46:26.0931 0x2320  nvraid - ok
20:46:26.0933 0x2320  nvstor - ok
20:46:26.0935 0x2320  OneSyncSvc - ok
20:46:26.0938 0x2320  p2pimsvc - ok
20:46:26.0940 0x2320  p2psvc - ok
20:46:26.0942 0x2320  Parport - ok
20:46:26.0944 0x2320  partmgr - ok
20:46:26.0946 0x2320  PcaSvc - ok
20:46:26.0948 0x2320  pci - ok
20:46:26.0951 0x2320  pciide - ok
20:46:26.0953 0x2320  pcmcia - ok
20:46:26.0956 0x2320  pcw - ok
20:46:26.0958 0x2320  pdc - ok
20:46:26.0960 0x2320  PEAUTH - ok
20:46:26.0962 0x2320  percsas2i - ok
20:46:26.0964 0x2320  percsas3i - ok
20:46:26.0983 0x2320  PerfHost - ok
20:46:26.0989 0x2320  PhoneSvc - ok
20:46:26.0991 0x2320  PimIndexMaintenanceSvc - ok
20:46:26.0994 0x2320  pla - ok
20:46:26.0996 0x2320  PlugPlay - ok
20:46:26.0998 0x2320  pmem - ok
20:46:27.0000 0x2320  PNRPAutoReg - ok
20:46:27.0003 0x2320  PNRPsvc - ok
20:46:27.0006 0x2320  PolicyAgent - ok
20:46:27.0009 0x2320  Power - ok
20:46:27.0011 0x2320  PptpMiniport - ok
20:46:27.0054 0x2320  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:46:27.0084 0x2320  PrintNotify - ok
20:46:27.0088 0x2320  Processor - ok
20:46:27.0090 0x2320  ProfSvc - ok
20:46:27.0092 0x2320  Psched - ok
20:46:27.0094 0x2320  QWAVE - ok
20:46:27.0096 0x2320  QWAVEdrv - ok
20:46:27.0099 0x2320  RasAcd - ok
20:46:27.0101 0x2320  RasAgileVpn - ok
20:46:27.0103 0x2320  RasAuto - ok
20:46:27.0106 0x2320  Rasl2tp - ok
20:46:27.0108 0x2320  RasMan - ok
20:46:27.0110 0x2320  RasPppoe - ok
20:46:27.0112 0x2320  RasSstp - ok
20:46:27.0115 0x2320  rdbss - ok
20:46:27.0118 0x2320  rdpbus - ok
20:46:27.0121 0x2320  RDPDR - ok
20:46:27.0126 0x2320  RdpVideoMiniport - ok
20:46:27.0127 0x2320  rdyboost - ok
20:46:27.0129 0x2320  ReFS - ok
20:46:27.0132 0x2320  ReFSv1 - ok
20:46:27.0134 0x2320  RemoteAccess - ok
20:46:27.0136 0x2320  RemoteRegistry - ok
20:46:27.0140 0x2320  RetailDemo - ok
20:46:27.0142 0x2320  RmSvc - ok
20:46:27.0144 0x2320  RpcEptMapper - ok
20:46:27.0146 0x2320  RpcLocator - ok
20:46:27.0147 0x2320  RpcSs - ok
20:46:27.0149 0x2320  rspndr - ok
20:46:27.0151 0x2320  rt640x64 - ok
20:46:27.0154 0x2320  s3cap - ok
20:46:27.0157 0x2320  SamSs - ok
20:46:27.0159 0x2320  sbp2port - ok
20:46:27.0161 0x2320  SCardSvr - ok
20:46:27.0163 0x2320  ScDeviceEnum - ok
20:46:27.0166 0x2320  scfilter - ok
20:46:27.0168 0x2320  Schedule - ok
20:46:27.0171 0x2320  scmbus - ok
20:46:27.0173 0x2320  SCPolicySvc - ok
20:46:27.0178 0x2320  [ 958E956E119EB7B9ABA142AFED1B5FF4, DB76B53124C91C959AF6F6E3FA8BEE4B74C1D7CB4684CD88380270CFF3C4469F ] ScsiAccess      C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
20:46:27.0182 0x2320  ScsiAccess - ok
20:46:27.0184 0x2320  sdbus - ok
20:46:27.0186 0x2320  SDFRd - ok
20:46:27.0189 0x2320  SDRSVC - ok
20:46:27.0213 0x2320  [ B4337BA6754438CD2699D8A17DD8A359, 48A2F020D8DE2CC97CB7C69FCCFD36EDE66D291A9EFCEF83521EF5BE6AEA4BCE ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:46:27.0232 0x2320  SDScannerService - ok
20:46:27.0236 0x2320  sdstor - ok
20:46:27.0264 0x2320  [ 30696A220D11270F4FC65C2D74CEE4D1, DDA8AFFFB20702C7FDAFA01B2EF8931AD098D97710421B880F2169CD4BCF62D3 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:46:27.0284 0x2320  SDUpdateService - ok
20:46:27.0290 0x2320  [ FDEF8DC6871B96BBBD39A648994F60D1, 86CDB6D102CD67E3BC378D7F00C27B6A8C171E60D576D77DDA9F4B67C45D906D ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:46:27.0293 0x2320  SDWSCService - ok
20:46:27.0295 0x2320  seclogon - ok
20:46:27.0297 0x2320  SecurityHealthService - ok
20:46:27.0300 0x2320  SEMgrSvc - ok
20:46:27.0302 0x2320  SENS - ok
20:46:27.0305 0x2320  SensorDataService - ok
20:46:27.0307 0x2320  SensorService - ok
20:46:27.0309 0x2320  SensrSvc - ok
20:46:27.0310 0x2320  SerCx - ok
20:46:27.0312 0x2320  SerCx2 - ok
20:46:27.0315 0x2320  Serenum - ok
20:46:27.0317 0x2320  Serial - ok
20:46:27.0319 0x2320  sermouse - ok
20:46:27.0326 0x2320  SessionEnv - ok
20:46:27.0328 0x2320  sfloppy - ok
20:46:27.0331 0x2320  SharedAccess - ok
20:46:27.0333 0x2320  ShellHWDetection - ok
20:46:27.0335 0x2320  shpamsvc - ok
20:46:27.0338 0x2320  SiSRaid2 - ok
20:46:27.0340 0x2320  SiSRaid4 - ok
20:46:27.0342 0x2320  smphost - ok
20:46:27.0344 0x2320  SmsRouter - ok
20:46:27.0347 0x2320  SNMPTRAP - ok
20:46:27.0351 0x2320  spaceport - ok
20:46:27.0353 0x2320  SpatialGraphFilter - ok
20:46:27.0355 0x2320  SpbCx - ok
20:46:27.0358 0x2320  spectrum - ok
20:46:27.0359 0x2320  Spooler - ok
20:46:27.0362 0x2320  sppsvc - ok
20:46:27.0364 0x2320  srv - ok
20:46:27.0366 0x2320  srv2 - ok
20:46:27.0368 0x2320  srvnet - ok
20:46:27.0370 0x2320  SSDPSRV - ok
20:46:27.0373 0x2320  SstpSvc - ok
20:46:27.0377 0x2320  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:46:27.0379 0x2320  ssudmdm - ok
20:46:27.0382 0x2320  StateRepository - ok
20:46:27.0384 0x2320  stexstor - ok
20:46:27.0387 0x2320  stisvc - ok
20:46:27.0389 0x2320  storahci - ok
20:46:27.0391 0x2320  storflt - ok
20:46:27.0393 0x2320  stornvme - ok
20:46:27.0395 0x2320  storqosflt - ok
20:46:27.0398 0x2320  StorSvc - ok
20:46:27.0400 0x2320  storufs - ok
20:46:27.0402 0x2320  storvsc - ok
20:46:27.0404 0x2320  svsvc - ok
20:46:27.0407 0x2320  swenum - ok
20:46:27.0416 0x2320  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:46:27.0421 0x2320  SwitchBoard - ok
20:46:27.0424 0x2320  swprv - ok
20:46:27.0426 0x2320  Synth3dVsc - ok
20:46:27.0428 0x2320  SysMain - ok
20:46:27.0431 0x2320  SystemEventsBroker - ok
20:46:27.0433 0x2320  TabletInputService - ok
20:46:27.0435 0x2320  TapiSrv - ok
20:46:27.0437 0x2320  Tcpip - ok
20:46:27.0440 0x2320  Tcpip6 - ok
20:46:27.0443 0x2320  tcpipreg - ok
20:46:27.0446 0x2320  tdx - ok
20:46:27.0588 0x2320  [ 9C0B950F93833EC22A5D971AB77F263D, 5A0529791D1432DB33424D846C0A26B62899BAE7A2823EB3CB6EB0CDEF340557 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
20:46:27.0688 0x2320  TeamViewer - ok
20:46:27.0697 0x2320  terminpt - ok
20:46:27.0700 0x2320  TermService - ok
20:46:27.0702 0x2320  Themes - ok
20:46:27.0704 0x2320  TieringEngineService - ok
20:46:27.0706 0x2320  tiledatamodelsvc - ok
20:46:27.0708 0x2320  TimeBrokerSvc - ok
20:46:27.0711 0x2320  TokenBroker - ok
20:46:27.0713 0x2320  TPM - ok
20:46:27.0716 0x2320  TrkWks - ok
20:46:27.0732 0x2320  [ 767F4524AEA2EDE58DC21F653EEAA02F, FBDC68DC00087D4CBE64856794F8EBCA1B24C91D0FA9F1E2EF543DF57363FF32 ] TrueKey         C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
20:46:27.0742 0x2320  TrueKey - ok
20:46:27.0745 0x2320  [ 263C411EC7DDD052B23A0F191F0E1E9A, C9B12ACB89442ABAC3AAE7E9EA5D5CF92B394B554B61ABB8181474075097B457 ] TrueKeyScheduler C:\Program Files\TrueKey\McTkSchedulerService.exe
20:46:27.0745 0x2320  TrueKeyScheduler - ok
20:46:27.0748 0x2320  [ 7E64AE41715FF49D37149C32A2FB068C, B8794F356194452237F69EC7B6F7A5C5615B14D7F14CE5F43FB2DA64E5AA34D6 ] TrueKeyServiceHelper C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
20:46:27.0749 0x2320  TrueKeyServiceHelper - ok
20:46:27.0751 0x2320  TrustedInstaller - ok
20:46:27.0754 0x2320  TsUsbFlt - ok
20:46:27.0757 0x2320  TsUsbGD - ok
20:46:27.0760 0x2320  tzautoupdate - ok
20:46:27.0761 0x2320  UASPStor - ok
20:46:27.0763 0x2320  UcmCx0101 - ok
20:46:27.0765 0x2320  UcmTcpciCx0101 - ok
20:46:27.0767 0x2320  UcmUcsi - ok
20:46:27.0769 0x2320  Ucx01000 - ok
20:46:27.0772 0x2320  UdeCx - ok
20:46:27.0774 0x2320  udfs - ok
20:46:27.0776 0x2320  UEFI - ok
20:46:27.0778 0x2320  Ufx01000 - ok
20:46:27.0780 0x2320  UfxChipidea - ok
20:46:27.0783 0x2320  ufxsynopsys - ok
20:46:27.0787 0x2320  UI0Detect - ok
20:46:27.0789 0x2320  umbus - ok
20:46:27.0792 0x2320  UmPass - ok
20:46:27.0794 0x2320  UmRdpService - ok
20:46:27.0796 0x2320  UnistoreSvc - ok
20:46:27.0798 0x2320  upnphost - ok
20:46:27.0801 0x2320  UrsChipidea - ok
20:46:27.0803 0x2320  UrsCx01000 - ok
20:46:27.0806 0x2320  UrsSynopsys - ok
20:46:27.0808 0x2320  usbccgp - ok
20:46:27.0810 0x2320  usbcir - ok
20:46:27.0812 0x2320  usbehci - ok
20:46:27.0814 0x2320  usbhub - ok
20:46:27.0817 0x2320  USBHUB3 - ok
20:46:27.0820 0x2320  usbohci - ok
20:46:27.0823 0x2320  usbprint - ok
20:46:27.0825 0x2320  usbser - ok
20:46:27.0827 0x2320  USBSTOR - ok
20:46:27.0828 0x2320  usbuhci - ok
20:46:27.0832 0x2320  USBXHCI - ok
20:46:27.0834 0x2320  UserDataSvc - ok
20:46:27.0837 0x2320  UserManager - ok
20:46:27.0839 0x2320  UsoSvc - ok
20:46:27.0842 0x2320  VaultSvc - ok
20:46:27.0844 0x2320  vdrvroot - ok
20:46:27.0846 0x2320  vds - ok
20:46:27.0847 0x2320  VerifierExt - ok
20:46:27.0850 0x2320  vhdmp - ok
20:46:27.0852 0x2320  vhf - ok
20:46:27.0854 0x2320  vmbus - ok
20:46:27.0857 0x2320  VMBusHID - ok
20:46:27.0858 0x2320  vmgid - ok
20:46:27.0861 0x2320  vmicguestinterface - ok
20:46:27.0863 0x2320  vmicheartbeat - ok
20:46:27.0864 0x2320  vmickvpexchange - ok
20:46:27.0867 0x2320  vmicrdv - ok
20:46:27.0868 0x2320  vmicshutdown - ok
20:46:27.0871 0x2320  vmictimesync - ok
20:46:27.0874 0x2320  vmicvmsession - ok
20:46:27.0876 0x2320  vmicvss - ok
20:46:27.0877 0x2320  volmgr - ok
20:46:27.0879 0x2320  volmgrx - ok
20:46:27.0881 0x2320  volsnap - ok
20:46:27.0883 0x2320  volume - ok
20:46:27.0885 0x2320  vpci - ok
20:46:27.0888 0x2320  vsmraid - ok
20:46:27.0891 0x2320  VSS - ok
20:46:27.0892 0x2320  VSTXRAID - ok
20:46:27.0894 0x2320  vwifibus - ok
20:46:27.0896 0x2320  vwififlt - ok
20:46:27.0899 0x2320  W32Time - ok
20:46:27.0900 0x2320  WacomPen - ok
20:46:27.0902 0x2320  WalletService - ok
20:46:27.0905 0x2320  wanarp - ok
20:46:27.0908 0x2320  wanarpv6 - ok
20:46:27.0910 0x2320  wbengine - ok
20:46:27.0911 0x2320  WbioSrvc - ok
20:46:27.0913 0x2320  wcifs - ok
20:46:27.0916 0x2320  Wcmsvc - ok
20:46:27.0918 0x2320  wcncsvc - ok
20:46:27.0920 0x2320  wcnfs - ok
20:46:27.0923 0x2320  WdBoot - ok
20:46:27.0925 0x2320  Wdf01000 - ok
20:46:27.0927 0x2320  WdFilter - ok
20:46:27.0929 0x2320  WdiServiceHost - ok
20:46:27.0930 0x2320  WdiSystemHost - ok
20:46:27.0933 0x2320  wdiwifi - ok
20:46:27.0935 0x2320  WdNisDrv - ok
20:46:27.0936 0x2320  WdNisSvc - ok
20:46:27.0940 0x2320  WebClient - ok
20:46:27.0942 0x2320  Wecsvc - ok
20:46:27.0944 0x2320  WEPHOSTSVC - ok
20:46:27.0946 0x2320  wercplsupport - ok
20:46:27.0948 0x2320  WerSvc - ok
20:46:27.0950 0x2320  WFDSConMgrSvc - ok
20:46:27.0952 0x2320  WFPLWFS - ok
20:46:27.0954 0x2320  WiaRpc - ok
20:46:27.0957 0x2320  WIMMount - ok
20:46:27.0958 0x2320  WinDefend - ok
20:46:27.0962 0x2320  WindowsTrustedRT - ok
20:46:27.0965 0x2320  WindowsTrustedRTProxy - ok
20:46:27.0967 0x2320  WinHttpAutoProxySvc - ok
20:46:27.0968 0x2320  WinMad - ok
20:46:27.0974 0x2320  Winmgmt - ok
20:46:27.0976 0x2320  WinNat - ok
20:46:27.0978 0x2320  WinRM - ok
20:46:27.0981 0x2320  WINUSB - ok
20:46:27.0983 0x2320  WinVerbs - ok
20:46:27.0985 0x2320  wisvc - ok
20:46:27.0988 0x2320  WlanSvc - ok
20:46:27.0990 0x2320  wlidsvc - ok
20:46:27.0992 0x2320  wlpasvc - ok
20:46:27.0994 0x2320  WmiAcpi - ok
20:46:27.0997 0x2320  wmiApSrv - ok
20:46:27.0998 0x2320  WMPNetworkSvc - ok
20:46:28.0003 0x2320  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:46:28.0007 0x2320  Wof - ok
20:46:28.0010 0x2320  workfolderssvc - ok
20:46:28.0012 0x2320  WPDBusEnum - ok
20:46:28.0014 0x2320  WpdUpFltr - ok
20:46:28.0016 0x2320  WpnService - ok
20:46:28.0018 0x2320  WpnUserService - ok
20:46:28.0021 0x2320  ws2ifsl - ok
20:46:28.0024 0x2320  wscsvc - ok
20:46:28.0026 0x2320  WSDPrintDevice - ok
20:46:28.0028 0x2320  WSDScan - ok
20:46:28.0030 0x2320  WSearch - ok
20:46:28.0034 0x2320  wuauserv - ok
20:46:28.0036 0x2320  WudfPf - ok
20:46:28.0039 0x2320  WUDFRd - ok
20:46:28.0041 0x2320  wudfsvc - ok
20:46:28.0042 0x2320  WUDFWpdFs - ok
20:46:28.0044 0x2320  WUDFWpdMtp - ok
20:46:28.0046 0x2320  WwanSvc - ok
20:46:28.0048 0x2320  xbgm - ok
20:46:28.0050 0x2320  XblAuthManager - ok
20:46:28.0052 0x2320  XblGameSave - ok
20:46:28.0055 0x2320  xboxgip - ok
20:46:28.0058 0x2320  XboxGipSvc - ok
20:46:28.0060 0x2320  XboxNetApiSvc - ok
20:46:28.0062 0x2320  xinputhid - ok
20:46:28.0063 0x2320  ================ Scan global ===============================
20:46:28.0071 0x2320  [ Global ] - ok
20:46:28.0071 0x2320  ================ Scan MBR ==================================
20:46:28.0073 0x2320  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:46:28.0103 0x2320  \Device\Harddisk0\DR0 - ok
20:46:28.0105 0x2320  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:46:28.0108 0x2320  \Device\Harddisk1\DR1 - ok
20:46:28.0137 0x2320  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:46:28.0172 0x2320  \Device\Harddisk2\DR2 - ok
20:46:28.0174 0x2320  ================ Scan VBR ==================================
20:46:28.0175 0x2320  [ EDE387DD3D608B441EE94B7006D648D4 ] \Device\Harddisk0\DR0\Partition1
20:46:28.0176 0x2320  \Device\Harddisk0\DR0\Partition1 - ok
20:46:28.0177 0x2320  [ B097C6640B658D3AC9C71A0C43DC3595 ] \Device\Harddisk0\DR0\Partition2
20:46:28.0178 0x2320  \Device\Harddisk0\DR0\Partition2 - ok
20:46:28.0180 0x2320  [ 23D7F39E1AD711A692D49AB31A638567 ] \Device\Harddisk0\DR0\Partition3
20:46:28.0182 0x2320  \Device\Harddisk0\DR0\Partition3 - ok
20:46:28.0183 0x2320  [ 35AC459E7E44DC9E994ABA6E4F9C4F63 ] \Device\Harddisk1\DR1\Partition1
20:46:28.0184 0x2320  \Device\Harddisk1\DR1\Partition1 - ok
20:46:28.0185 0x2320  [ 4B75A3C12C051BAA9A37D0C16D91B45B ] \Device\Harddisk2\DR2\Partition1
20:46:28.0186 0x2320  \Device\Harddisk2\DR2\Partition1 - ok
20:46:28.0188 0x2320  [ D99FE8A58815367FB5B080F777C3C878 ] \Device\Harddisk2\DR2\Partition2
20:46:28.0188 0x2320  \Device\Harddisk2\DR2\Partition2 - ok
20:46:28.0190 0x2320  [ EFE4787BB5E0F97251D2045EA4DA5211 ] \Device\Harddisk2\DR2\Partition3
20:46:28.0191 0x2320  \Device\Harddisk2\DR2\Partition3 - ok
20:46:28.0191 0x2320  ================ Scan generic autorun ======================
20:46:28.0191 0x2320  SecurityHealth - ok
20:46:28.0193 0x2320  Logitech Download Assistant - ok
20:46:28.0299 0x2320  [ DF5963027136784BA0DC035F68973F4F, 4069FA7ED921782AF03B9930CDE03AD47C8CCDA649310274CCA6F8E0FD874EE6 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:46:28.0398 0x2320  RTHDVCPL - ok
20:46:28.0427 0x2320  [ 9A88F3C9B1773A676420F0F7922DD847, 01411F25DB7B981AAC8705EFD47A56CE43D84D178D629E45FC3974FAE7235997 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
20:46:28.0448 0x2320  NvBackend - ok
20:46:28.0457 0x2320  [ 48515EEA1608ECD83FE26C7490460F59, C7C552D13ED12B4165FDE45F69E170D4F18B746D84B3B08E7254AAF8D9671D0C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:46:28.0463 0x2320  AdobeAAMUpdater-1.0 - ok
20:46:28.0464 0x2320  WindowsDefender - ok
20:46:28.0473 0x2320  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:46:28.0477 0x2320  SwitchBoard - ok
20:46:28.0494 0x2320  [ 3EE19173AC7BB16AD239B195D97C13B0, A9E5FC90F20DC7500A186C9D184ED55BC04038FFC6D97714E64C660EAE808A98 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
20:46:28.0508 0x2320  AdobeCS6ServiceManager - ok
20:46:28.0540 0x2320  [ 6D086636BD154888DCE0E6A565A23F0C, 00EDDC95C79417B7E7F94452606E8E6C5B4600400414B64474BBF6C34F18AB92 ] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EpmNews.exe
20:46:28.0565 0x2320  EaseUS EPM tray - ok
20:46:28.0585 0x2320  [ 95EAABA9DCF127B0D15D25365747FE57, 436EB4053CDEAA222FFB97DCE889E74D6BB7D0AB0C19ED603DF45CA265A6C2C0 ] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe
20:46:28.0601 0x2320  EaseUS Cleanup - ok
20:46:28.0608 0x2320  [ ED94AFD1E9AE25C8413CB32034160F0B, A6B9406573736923403E6A200F77B40CAAF11A21621F517AAB306F421397F053 ] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\TrayPopupE\TrayTipAgentE.exe
20:46:28.0611 0x2320  EaseUS EPM Tray Agent - ok
20:46:28.0615 0x2320  [ CD0362AEE36CFE1EF5DF973230742E67, 9F1D8AD4E09D16C39CD6A35CB298456468C1808226FFA8AD65BF9562A6ECC07D ] C:\Program Files (x86)\PDF24\pdf24.exe
20:46:28.0617 0x2320  PDFPrint - ok
20:46:28.0635 0x2320  [ 6001F7750D4CAA170862D38FEE8BC46F, 14E8886EBDE90D7E37B97E6200F55DEEFE252BB25FC8DB039842B56BFCD524F1 ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
20:46:28.0650 0x2320  CanonQuickMenu - ok
20:46:28.0659 0x2320  [ 247FD3171B3E08CFCC8ACB540818CA15, 7F1195A40187C04CEE532B258421A3422AACA16BE54FD55F12966DC00FDBDCC4 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
20:46:28.0666 0x2320  IJNetworkScannerSelectorEX - ok
20:46:28.0697 0x2320  [ 18236595E10FDB9A19117C3A1DB7F284, BCFD229FACBAB56C2475B36DC6462F5A88FB607B786C932A7973B68AE301248F ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
20:46:28.0723 0x2320  Adobe Creative Cloud - ok
20:46:28.0777 0x2320  [ 0EB54CE79A43ECFF46B6DAF7743E56F1, 9F06EFCC5B364463716616F28C52731A92BE4E0DD4D6202D6DAAAED2367FD850 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:46:28.0816 0x2320  SDTray - ok
20:46:28.0833 0x2320  OneDriveSetup - ok
20:46:28.0834 0x2320  OneDriveSetup - ok
20:46:28.0856 0x2320  [ 90029F7160037122DA12101C0C8850F7, DE4BFD8E60AC0222EACCA8BAC94562ED2B38CBEF569F8B927CCD197735655AC0 ] C:\Users\GG\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:46:28.0875 0x2320  OneDrive - ok
20:46:28.0876 0x2320  Waiting for KSN requests completion. In queue: 21
20:46:29.0894 0x2320  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.332 ), 0x60100 ( disabled : updated )
20:46:29.0902 0x2320  Win FW state via NFP2: enabled ( trusted )
20:46:30.0126 0x2320  ============================================================
20:46:30.0126 0x2320  Scan finished
20:46:30.0126 0x2320  ============================================================
20:46:30.0139 0x2628  Detected object count: 0
20:46:30.0139 0x2628  Actual detected object count: 0
20:46:46.0300 0x2760  Deinitialize success

M-K-D-B · 21.08.2017, 09:51

Servus,

warum du die Beta von AdwCleaner verwendest, hast du mir nicht gesagt...

Die Beta wird auch nicht aktualisiert, was die Datenbank angeht. Daher will ich, dass du die v7.010 verwendest in Schritt 1.

Schritt 1 im abgesicherten Modus durchführen, alle anderen Schritte im normalen Modus.

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- Tracing Schlüssel
- Prefetch Dateien
- Proxy
- Winsock
- TCP/IP Einstellungen
- IPSec
- BITS Einstellungen
- Firewall
- IE Richtlinien
- Chrome Richtlinien
- Hosts-Datei
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Deinstalliere Malwarebytes' Anti-Malware 3 über die Systemsteuerung. (Bebilderte Anleitung)
Starte den Rechner im Anschluss neu auf.
Downloade dir den MBAM Uninstaller auf deinen Desktop.
Schließe alle offenen Programme und führe den Uninstaller aus. Der Rechner muss zum Abschluss neu gestartet werden.

Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware 3 (Bebilderte Anleitung)

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die zwei neuen Logdateien von FRST.

achkomm · 23.08.2017, 23:17

Abend,
Bezüglich ADWCleaner: Aus irgendeinem Grund lieft der erste Download von dem Programm zu dem BetaLink. Jetzt sollte die richtige Variante genommen worden sein.

Chrome Neuinstallation hat im übrigen dazu geführt, dass das Plugin nicht mehr da war und damit Downloads nicht mehr umgeleitet wurden.

Anbei die neuen Logs. Ich weiß nicht nicht, ob die Reihenfolge, ADW und Malware richtig waren.

Code:

ATTFilter

# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 22 10:46:39 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic, C:\ProgramData\d281325b
PUP.Adware.Heuristic, C:\ProgramData\{03254CDD-B48E-FB76-BCBE-983B57881408}
PUP.Adware.Heuristic, C:\ProgramData\{038D90E7-B426-274C-9DD8-B0FE1AEFBA02}
PUP.Adware.Heuristic, C:\ProgramData\{04A27D92-B309-CA39-0291-16C66CD6CCBB}
PUP.Adware.Heuristic, C:\ProgramData\{0F92A2B0-B839-151B-8963-114C656356E9}
PUP.Adware.Heuristic, C:\ProgramData\{10A4BF5F-A70F-08F4-9E1D-13C56E716339}
PUP.Adware.Heuristic, C:\ProgramData\{139857B6-A433-E01D-292E-ED908BC0A468}
PUP.Adware.Heuristic, C:\ProgramData\{1CEB59B3-AB40-EE18-D219-9D947D9DFE75}
PUP.Adware.Heuristic, C:\ProgramData\{2DABC9CE-9A00-7E65-E345-0620CBF3709D}
PUP.Adware.Heuristic, C:\ProgramData\{301511B8-87BE-A613-F4FE-43A46CD7F821}
PUP.Adware.Heuristic, C:\ProgramData\{4A101A64-FDBB-ADCF-94E2-8CE4238E8FF9}
PUP.Adware.Heuristic, C:\ProgramData\{5430E66D-E39B-51C6-6D8B-94EBCFF83765}
PUP.Adware.Heuristic, C:\ProgramData\{562A4916-E181-FEBD-759C-4383F48201F1}
PUP.Adware.Heuristic, C:\ProgramData\{6389B75A-D422-00F1-9192-7C2D7D356DEC}
PUP.Adware.Heuristic, C:\ProgramData\{65D2487C-D279-FFD7-F04B-A990C395CBF8}
PUP.Adware.Heuristic, C:\ProgramData\{6EC6BA8C-D96D-0D27-2223-517803CBB291}
PUP.Adware.Heuristic, C:\ProgramData\{939F8DB5-2434-3A1E-3365-243100ED3F8C}
PUP.Adware.Heuristic, C:\ProgramData\{ADD901B0-1A72-B61B-74D5-FE1618B2B1DA}
PUP.Adware.Heuristic, C:\ProgramData\{B641ACAB-01EA-1B00-D00F-FDF55C922838}
PUP.Adware.Heuristic, C:\ProgramData\{BE5D19B9-09F6-AE12-0215-84977734792D}
PUP.Adware.Heuristic, C:\ProgramData\{CA884821-7D23-FF8A-5110-C1B2E99F3FE0}
PUP.Adware.Heuristic, C:\ProgramData\{D68EECF3-6125-5B58-BA27-4E13EED52B2F}
PUP.Adware.Heuristic, C:\ProgramData\{DD75FD75-6ADE-4ADE-71DB-C542C1466F9C}
PUP.Adware.Heuristic, C:\ProgramData\{E295D09D-553E-6736-A728-C37E75848398}
PUP.Adware.Heuristic, C:\ProgramData\{E44CE868-53E7-5FC3-E486-569E78F0D670}
PUP.Adware.Heuristic, C:\ProgramData\{E9FB7957-5E50-CEFC-433E-88626EFFA611}
PUP.Adware.Heuristic, C:\ProgramData\{F9AD0AE7-4E06-BD4C-0C20-0BBB8F13D4FD}
PUP.Adware.Heuristic, C:\ProgramData\{FA42DC74-4DE9-6BDF-3A94-8CF422A681BF}


***** [ Files ] *****

PUP.Optional.Legacy, C:\END


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC}
Adware.Amonetize, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Adware.Amonetize, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [10302 B] - [2017/8/7 18:11:2]
C:/AdwCleaner/AdwCleaner[C1].txt - [2448 B] - [2017/8/7 18:29:41]
C:/AdwCleaner/AdwCleaner[C2].txt - [2207 B] - [2017/8/8 20:25:57]
C:/AdwCleaner/AdwCleaner[C3].txt - [2228 B] - [2017/8/10 19:15:4]
C:/AdwCleaner/AdwCleaner[S0].txt - [12098 B] - [2017/8/7 18:6:15]
C:/AdwCleaner/AdwCleaner[S1].txt - [2495 B] - [2017/8/7 18:26:36]
C:/AdwCleaner/AdwCleaner[S2].txt - [1963 B] - [2017/8/8 20:24:7]
C:/AdwCleaner/AdwCleaner[S3].txt - [2067 B] - [2017/8/10 19:12:17]
C:/AdwCleaner/AdwCleaner[S4].txt - [2092 B] - [2017/8/10 19:16:56]
C:/AdwCleaner/AdwCleaner[S5].txt - [4026 B] - [2017/8/22 10:20:35]
C:/AdwCleaner/AdwCleaner[S6].txt - [4094 B] - [2017/8/22 10:38:2]


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt ##########

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 22.08.17
Scan-Zeit: 13:17
Protokolldatei: xSC170822.txt
Administrator: Ja

-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.160
Version des Aktualisierungspakets: 1.0.2636
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.540)
CPU: x64
Dateisystem: NTFS
Benutzer: GG-PCTWO\GG

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 362577
Erkannte Bedrohungen: 0
(keine bösartigen Elemente erkannt)
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 0 Min., 37 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by GG (administrator) on GG-PCTWO (23-08-2017 20:41:41)
Running from C:\Users\GG\Desktop
Loaded Profiles: GG (Available Profiles: GG)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-11-10] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EpmNews.exe [2090176 2016-07-19] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe [1246400 2016-07-19] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{05a6708a-8348-11e7-af2e-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{de0a5288-79c2-42ab-bd46-2a77f46fc0eb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{de0a5288-79c2-42ab-bd46-2a77f46fc0eb}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131465145127659668&GUID=3CCE55A8-B89D-4438-8D89-106DA1A9D67C
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\GG\AppData\Roaming\Mozilla\Firefox\Profiles\ksqtqnkk.default-1502026602991 [2017-08-22]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-07-26] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=H84zltpbl1AU,c7168d88-ee53-4862-8d5a-de78ebd8dd81,&vp=ch&prd=set_ch
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Profile: C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default [2017-08-23]
CHR Extension: (Google Drive) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (YouTube) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (Tampermonkey) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-08-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2017-07-26] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [23032 2016-07-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [19960 2016-07-14] ()
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-23] (Malwarebytes)
R1 MpKsl32561ec4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73F7821D-AD42-498B-A4D6-F1E498BDF1E7}\MpKsl32561ec4.sys [44928 2017-08-23] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-23 20:40 - 2017-08-23 20:40 - 000000000 ____D C:\Users\GG\Desktop\New folder
2017-08-22 13:54 - 2017-08-22 13:54 - 000076456 _____ C:\Users\GG\Desktop\FRST170822.txt
2017-08-22 13:16 - 2017-08-23 19:53 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-22 13:16 - 2017-08-22 13:16 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-22 13:16 - 2017-08-22 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-22 13:16 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-22 13:15 - 2017-08-22 13:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-22 13:15 - 2017-08-22 13:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-22 13:08 - 2017-08-22 13:08 - 065033984 _____ (Malwarebytes ) C:\Users\GG\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-08-22 13:05 - 2017-08-22 13:05 - 000566128 _____ (Malwarebytes) C:\Users\GG\Downloads\mbam-clean-2.3.0.1001 (1).exe
2017-08-22 12:19 - 2017-08-22 12:19 - 000001192 _____ C:\Users\GG\Desktop\SCmal170822.txt
2017-08-21 23:31 - 2017-08-21 23:31 - 008185288 _____ (Malwarebytes) C:\Users\GG\Desktop\adwcleaner_7.0.1.0.exe
2017-08-21 23:30 - 2017-08-22 12:50 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-08-21 23:11 - 2017-08-21 23:11 - 065033984 _____ (Malwarebytes ) C:\Users\GG\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-21 23:04 - 2017-08-21 23:04 - 000566128 _____ (Malwarebytes) C:\Users\GG\Downloads\mbam-clean-2.3.0.1001.exe
2017-08-21 23:02 - 2017-08-21 23:02 - 000000000 ____D C:\Users\GG\AppData\Local\DBG
2017-08-21 22:18 - 2017-08-21 22:18 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Affinity Designer Trial.lnk
2017-08-21 10:29 - 2017-08-21 10:31 - 007649280 _____ C:\Program Files (x86)\GUT78C6.tmp
2017-08-21 10:29 - 2017-08-21 10:29 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-21 10:29 - 2017-08-21 10:29 - 000000000 ____D C:\Program Files (x86)\GUM78C5.tmp
2017-08-20 23:26 - 2017-08-20 23:26 - 000012417 _____ C:\Users\GG\Desktop\Scan Results.170820-2326.txt
2017-08-20 20:47 - 2017-08-20 20:46 - 000076488 _____ C:\Users\GG\Desktop\TDSSKiller.3.1.0.15_20.08.2017_20.46.16_log.txt
2017-08-20 20:46 - 2017-08-20 20:46 - 000076488 _____ C:\TDSSKiller.3.1.0.15_20.08.2017_20.46.16_log.txt
2017-08-20 20:44 - 2017-08-23 20:41 - 000016189 _____ C:\Users\GG\Desktop\FRST.txt
2017-08-20 20:44 - 2017-08-22 13:23 - 000044245 _____ C:\Users\GG\Desktop\Addition.txt
2017-08-20 20:40 - 2017-08-20 20:40 - 004922400 _____ (AO Kaspersky Lab) C:\Users\GG\Desktop\tdsskiller.exe
2017-08-20 20:39 - 2017-08-20 20:40 - 002395648 _____ (Farbar) C:\Users\GG\Desktop\FRST64.exe
2017-08-19 18:22 - 2017-08-19 18:22 - 257338777 _____ C:\Users\GG\Documents\170521_253-2Aa.afphoto
2017-08-19 14:13 - 2017-08-19 14:13 - 000195644 _____ C:\WINDOWS\ntbtlog.txt
2017-08-17 23:30 - 2017-08-17 23:30 - 000000000 ____D C:\Windows.old
2017-08-17 23:29 - 2017-08-17 23:29 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-17 23:29 - 2017-08-17 23:29 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-17 23:29 - 2017-08-17 23:29 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-17 23:29 - 2017-08-17 23:29 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-17 23:29 - 2017-08-17 23:29 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-17 23:29 - 2017-08-17 23:29 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-17 23:29 - 2017-08-17 23:29 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-17 23:29 - 2017-08-17 23:29 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-17 23:27 - 2017-08-17 23:27 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-17 23:27 - 2017-08-17 13:31 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-17 23:27 - 2017-03-18 08:00 - 012039168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll
2017-08-17 23:27 - 2017-03-18 07:58 - 011602432 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll
2017-08-17 23:27 - 2017-03-18 07:47 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll
2017-08-17 23:27 - 2017-03-18 07:44 - 012039168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll
2017-08-17 23:27 - 2017-03-18 07:34 - 001993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files\MSBuild
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-08-17 23:26 - 2017-08-17 23:26 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-17 23:26 - 2017-02-10 21:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-08-17 23:26 - 2017-02-10 21:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-08-17 23:26 - 2017-02-10 21:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-08-17 17:33 - 2017-08-17 17:33 - 000417090 _____ C:\Users\GG\Downloads\Affinity Photo Manual.pdf.html
2017-08-17 17:33 - 2017-08-17 17:33 - 000000000 ____D C:\Users\GG\Downloads\Affinity Photo Manual.pdf_files
2017-08-17 16:41 - 2017-08-17 16:41 - 262839649 _____ C:\Users\GG\Documents\170521_253-2A.afphoto
2017-08-17 13:41 - 2017-08-23 20:00 - 001146014 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-17 13:39 - 2017-08-17 13:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-17 13:38 - 2017-08-17 13:38 - 000000020 ___SH C:\Users\GG\ntuser.ini
2017-08-17 13:38 - 2017-08-17 13:38 - 000000000 ____D C:\ProgramData\USOShared
2017-08-17 13:36 - 2017-08-23 19:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-17 13:36 - 2017-08-17 13:39 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2853533079-476395649-1961076433-1001
2017-08-17 13:36 - 2017-08-17 13:37 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-08-17 13:36 - 2017-08-17 13:37 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-08-17 13:36 - 2017-08-17 13:36 - 000003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-17 13:36 - 2017-08-17 13:36 - 000003604 _____ C:\WINDOWS\System32\Tasks\ApplicationCompatibilitySupport
2017-08-17 13:36 - 2017-08-17 13:36 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-17 13:36 - 2017-08-17 13:36 - 000003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-17 13:36 - 2017-08-17 13:36 - 000002766 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-KG096UT-GG
2017-08-17 13:36 - 2017-08-17 13:36 - 000002752 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-GG-PCTWO-GG
2017-08-17 13:36 - 2017-08-17 13:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-08-17 13:34 - 2017-08-17 13:34 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-17 13:34 - 2017-03-18 22:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-17 13:33 - 2017-08-17 13:34 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-17 13:32 - 2017-08-23 19:53 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-17 13:32 - 2017-08-17 17:37 - 000000000 ____D C:\Users\GG
2017-08-17 13:32 - 2017-08-17 13:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-17 13:32 - 2017-08-17 13:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-17 13:32 - 2017-08-17 13:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\Program Files\Realtek
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\Program Files\ASUS
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-08-17 13:32 - 2017-05-01 22:52 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-17 13:32 - 2017-05-01 22:51 - 006437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 002479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-17 13:32 - 2017-05-01 22:51 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-17 13:32 - 2017-04-25 23:11 - 007944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-17 13:32 - 2013-07-04 03:32 - 000028672 _____ (ASUSTek Computer Inc.) C:\WINDOWS\SysWOW64\AsIO.dll
2017-08-17 13:32 - 2013-07-04 03:32 - 000015232 _____ C:\WINDOWS\SysWOW64\Drivers\AsIO.sys
2017-08-17 13:31 - 2017-08-23 20:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-17 13:31 - 2017-08-17 15:10 - 004920248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-10 21:03 - 2017-08-23 20:41 - 000000000 ____D C:\FRST
2017-08-10 21:03 - 2017-08-10 21:29 - 000120096 _____ C:\Users\GG\Downloads\FRST.txt
2017-08-10 21:03 - 2017-08-10 21:29 - 000052448 _____ C:\Users\GG\Downloads\Addition.txt
2017-08-10 21:00 - 2017-08-10 21:01 - 002381824 _____ (Farbar) C:\Users\GG\Downloads\FRST64.exe
2017-08-10 20:44 - 2017-08-10 20:44 - 000000000 ____D C:\Users\GG\Documents\ProcAlyzer Dumps
2017-08-10 19:59 - 2017-08-17 13:38 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-09 10:39 - 2017-08-09 10:39 - 000000000 ____D C:\Users\GG\AppData\Local\UNP
2017-08-08 21:53 - 2017-08-08 21:53 - 046661328 _____ (Microsoft Corporation) C:\Users\GG\Downloads\Windows-KB890830-x64-V5.51.exe
2017-08-07 21:58 - 2017-08-17 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-08-07 21:58 - 2017-08-07 21:58 - 000001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-08-07 21:58 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-08-07 21:51 - 2017-08-07 21:51 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-08-07 21:50 - 2017-08-07 21:50 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\GG\Downloads\spybotsd-2.6.46.exe
2017-08-07 20:58 - 2017-08-07 20:35 - 000003641 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170807-205841.backup
2017-08-07 20:36 - 2017-08-07 20:36 - 000000000 ____D C:\Users\GG\AppData\Local\TeamViewer
2017-08-07 20:26 - 2017-08-10 20:34 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-07 20:26 - 2017-08-07 21:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-07 20:04 - 2017-08-07 20:04 - 008187336 _____ (Malwarebytes) C:\Users\GG\Downloads\adwcleaner_7.0.2.0.exe
2017-08-07 20:03 - 2017-08-22 13:58 - 000000000 ____D C:\AdwCleaner
2017-08-07 19:46 - 2017-08-21 11:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-08-07 19:46 - 2017-08-17 12:12 - 000001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-08-07 19:46 - 2017-08-07 19:46 - 000000000 ____D C:\Users\GG\AppData\Roaming\TeamViewer
2017-08-07 17:46 - 2017-08-07 17:46 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignec8edacaaf7afdad
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign8891875038f8a32f
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6b11681c4a60edb0
2017-08-07 17:45 - 2017-08-07 17:45 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign69fd61021851fce5
2017-08-07 08:50 - 2017-08-23 20:34 - 000000000 ____D C:\Users\GG\AppData\LocalLow\Mozilla
2017-08-07 08:50 - 2017-08-07 08:50 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-07 08:50 - 2017-08-07 08:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-06 15:36 - 2017-08-06 15:36 - 000000000 ____D C:\Users\GG\Desktop\Alte Firefox-Daten
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignffc8106fe45c14ec
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsigneac3af40a099be1d
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign43c860051ba10bea
2017-08-06 14:10 - 2017-08-06 14:10 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign0d1143b922f1ec0d
2017-08-05 18:38 - 2017-08-22 12:48 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-05 18:14 - 2017-08-05 18:14 - 802142785 _____ C:\WINDOWS\MEMORY.DMP
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsigne56e146512804e25
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6b298700b0c3bc0a
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign555c3783d6236ee0
2017-08-04 19:18 - 2017-08-04 19:18 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign2eb65cc641d79d4e
2017-08-04 19:03 - 2017-08-07 20:10 - 000000000 ____D C:\Users\GG\AppData\Roaming\Nico Mak Computing
2017-08-04 19:03 - 2017-08-07 20:10 - 000000000 ____D C:\ProgramData\Nico Mak Computing
2017-08-04 17:19 - 2017-08-21 23:30 - 000000000 ____D C:\Program Files (x86)\HspAH1uXPV
2017-08-04 16:55 - 2017-08-04 16:55 - 000140800 _____ C:\Users\GG\AppData\Local\installer.dat
2017-08-04 16:54 - 2017-08-04 16:55 - 000000000 ____D C:\Users\GG\AppData\Local\AdService
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Users\GG\AppData\Roaming\npm
2017-08-04 16:54 - 2017-08-04 16:54 - 000000000 ____D C:\Program Files (x86)\nodejs
2017-08-04 13:29 - 2017-08-04 13:29 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign1c8170e6b3c2a7f7
2017-08-04 13:27 - 2017-08-04 13:27 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsignf0538a766c6f9658
2017-08-04 13:13 - 2017-08-04 13:13 - 000001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign6a5926c7ed3bec82
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign25d2bfdc63137eaf
2017-08-04 13:13 - 2017-08-04 13:13 - 000000000 ____D C:\Users\GG\AppData\Local\Tempzxpsign0259c4768961027e
2017-08-04 13:07 - 2017-08-04 13:07 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-08-04 13:00 - 2017-08-04 13:00 - 002273168 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\InDesign_Set-Up.exe
2017-08-04 12:58 - 2017-08-04 12:58 - 002282752 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Acrobat_Pro_DC_Set-Up.exe
2017-08-04 12:56 - 2017-08-04 12:57 - 002206096 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Illustrator_Set-Up.exe
2017-08-04 12:55 - 2017-08-04 13:04 - 002205088 _____ (Adobe Systems Incorporated) C:\Users\GG\Downloads\Photoshop_Set-Up.exe
2017-08-04 12:40 - 2017-08-04 12:40 - 000008578 _____ C:\Users\GG\Documents\Untitled 1.odt
2017-08-03 17:37 - 2017-08-03 17:37 - 000104512 _____ (BYB5Z8) C:\WINDOWS\system32\Drivers\57f5cdbcab39c45db79c29259dee8f89.sys
2017-08-03 17:37 - 2017-08-03 17:37 - 000051623 _____ C:\WINDOWS\uninstaller.dat
2017-07-27 18:21 - 2017-07-27 18:21 - 000000000 ____D C:\Users\GG\AppData\Roaming\Piccure+
2017-07-26 14:06 - 2017-07-26 20:47 - 047537848 _____ (Photodex Corporation) C:\Users\GG\Downloads\psgold_80_3648 (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-23 20:34 - 2017-06-29 12:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-08-23 20:34 - 2016-03-30 13:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-23 19:54 - 2016-04-24 15:27 - 000000000 ___RD C:\Users\GG\Creative Cloud Files
2017-08-23 19:54 - 2016-03-30 13:42 - 000000000 ____D C:\Users\GG\AppData\Local\Adobe
2017-08-23 18:35 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-23 18:34 - 2016-03-30 17:19 - 000000000 ____D C:\LR_Catalog
2017-08-23 17:08 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-23 17:08 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-21 22:18 - 2017-03-10 17:35 - 000000000 ____D C:\Users\GG\AppData\Roaming\Affinity
2017-08-21 22:17 - 2017-05-22 12:36 - 000000000 ____D C:\Program Files\Affinity
2017-08-21 10:29 - 2016-03-30 13:23 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-21 10:14 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-21 10:14 - 2016-03-30 15:52 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-20 23:41 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-20 19:25 - 2016-11-25 05:08 - 000000000 ____D C:\Users\GG\AppData\Local\ConnectedDevicesPlatform
2017-08-19 23:47 - 2017-05-28 20:50 - 000000000 ____D C:\Users\GG\AppData\Roaming\vlc
2017-08-19 21:03 - 2017-05-28 20:51 - 000000000 ____D C:\Users\GG\AppData\Roaming\dvdcss
2017-08-19 14:53 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-19 14:02 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-17 23:31 - 2017-03-18 23:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-17 23:30 - 2017-03-18 23:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-17 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-17 23:27 - 2017-03-19 04:30 - 000000000 ____D C:\WINDOWS\OCR
2017-08-17 17:10 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-17 14:10 - 2016-03-30 13:05 - 000000000 ____D C:\Users\GG\AppData\Local\Packages
2017-08-17 13:39 - 2016-03-30 13:07 - 000002400 _____ C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-17 13:39 - 2016-03-30 13:07 - 000000000 ___RD C:\Users\GG\OneDrive
2017-08-17 13:38 - 2017-03-18 23:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-17 13:38 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-17 13:38 - 2016-02-13 15:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-17 13:37 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-17 13:37 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-17 13:36 - 2017-03-19 04:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-17 13:36 - 2017-03-18 23:03 - 000000000 __RSD C:\WINDOWS\Media
2017-08-17 13:36 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-17 13:36 - 2016-11-25 04:45 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-17 13:36 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-17 13:35 - 2017-03-18 23:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-17 13:34 - 2017-06-16 15:42 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-17 13:34 - 2017-05-28 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-17 13:34 - 2017-05-15 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTGui
2017-08-17 13:34 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-08-17 13:34 - 2017-02-09 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series User Registration
2017-08-17 13:34 - 2017-02-09 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series Manual
2017-08-17 13:34 - 2017-02-09 16:59 - 000000000 ____D C:\WINDOWS\system32\STRING
2017-08-17 13:34 - 2016-12-12 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2017-08-17 13:34 - 2016-08-24 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2017-08-17 13:34 - 2016-08-22 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2
2017-08-17 13:34 - 2016-08-22 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.5
2017-08-17 13:34 - 2016-07-31 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
2017-08-17 13:34 - 2016-07-17 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2017-08-17 13:34 - 2016-07-17 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-08-17 13:34 - 2016-03-30 15:51 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-17 13:34 - 2016-03-30 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2017-08-17 13:33 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-17 13:33 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-17 13:33 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-17 13:33 - 2017-02-09 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-17 13:33 - 2017-02-09 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-08-17 13:33 - 2016-11-20 04:30 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-08-17 13:33 - 2016-11-20 04:30 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-08-17 13:33 - 2016-10-20 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2017-08-17 13:33 - 2016-03-30 13:53 - 000000000 ____D C:\Program Files\Intel
2017-08-17 13:32 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Help
2017-08-17 13:32 - 2017-03-18 13:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-17 13:21 - 2017-07-11 08:54 - 000000000 ___HD C:\$WINDOWS.~BT
2017-08-17 11:52 - 2016-03-30 13:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-08 21:53 - 2016-03-30 15:51 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 07:43 - 2017-03-19 19:32 - 000000000 ____D C:\WINDOWS\pss
2017-08-07 22:30 - 2016-04-23 15:12 - 000000000 ____D C:\Program Files (x86)\Belarc
2017-08-06 19:55 - 2017-04-10 21:11 - 000000000 ____D C:\Users\GG\AppData\Local\CrashDumps
2017-08-04 13:33 - 2016-03-30 13:05 - 000000000 ____D C:\Users\GG\AppData\Roaming\Adobe
2017-08-04 13:13 - 2016-05-16 14:02 - 000000000 ____D C:\Users\GG\Documents\Adobe
2017-08-04 13:13 - 2016-03-30 13:43 - 000000000 ____D C:\ProgramData\Adobe
2017-08-04 13:11 - 2016-07-17 13:30 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-04 13:09 - 2016-03-30 15:51 - 000000000 ____D C:\Program Files\Adobe
2017-08-04 13:08 - 2016-03-30 13:43 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-04 13:07 - 2016-03-30 13:52 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-31 17:15 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 17:15 - 2017-03-18 23:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-08-21 10:29 - 2017-08-21 10:31 - 007649280 _____ () C:\Program Files (x86)\GUT78C6.tmp
2017-08-04 16:55 - 2017-08-04 16:55 - 000140800 _____ () C:\Users\GG\AppData\Local\installer.dat
2017-08-17 13:32 - 2017-08-17 13:32 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-17 13:31

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

achkomm · 23.08.2017, 23:18

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by GG (23-08-2017 20:42:08)
Running from C:\Users\GG\Desktop
Windows 10 Home Version 1703 (X64) (2017-08-17 11:38:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2853533079-476395649-1961076433-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2853533079-476395649-1961076433-503 - Limited - Disabled)
GG (S-1-5-21-2853533079-476395649-1961076433-1001 - Administrator - Enabled) => C:\Users\GG
Guest (S-1-5-21-2853533079-476395649-1961076433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2853533079-476395649-1961076433-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Affinity Designer Trial (HKLM\...\{02276F97-CE9D-4C7F-A8A3-CD9389B01B70}) (Version: 1.5.3.69 - Serif (Europe) Ltd)
Affinity Photo (HKLM\...\{79AC0024-AED9-464B-9655-26316A44E6A6}) (Version: 1.5.2.69 - Serif (Europe) Ltd)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
EaseUS Partition Master 11.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
LibreOffice 5.1 Help Pack (German) (HKLM-x32\...\{AA038A6D-9F0A-4793-90B7-39E5F4D4CE94}) (Version: 5.1.1.3 - The Document Foundation)
LibreOffice 5.1.1.3 (HKLM\...\{407B69E0-F7D7-45E2-AC19-96134B0294A2}) (Version: 5.1.1.3 - The Document Foundation)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 de)) (Version: 52.3.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version:  - Photodex Corporation)
PTGui Pro Trial 10.0.16 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2853533079-476395649-1961076433-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F84598392DFD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2853533079-476395649-1961076433-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => J:\Utilities\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0325B509-3FAB-45EA-9383-4086B25A673F} - System32\Tasks\AdobeAAMUpdater-1.0-GG-PCTWO-GG => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {0F0EB497-BDCC-4115-8179-ADE1B2262017} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-KG096UT-GG => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {28E47642-F435-4B62-937D-988FDD2BB2EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {5D772E1E-5085-47A0-8BD4-9332FD622FC3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6EC57399-FF8F-42F9-909E-7D8ACB7A2EBB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {8A2FE4AC-4C39-47B1-A2DB-7223587CA090} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-30] (Google Inc.)
Task: {B774F6C4-886B-459A-A400-1998C245CA2B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {C99998D9-5347-4FC7-8CD3-EBD72B3D2221} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {F68BFFA6-3E5D-438A-83B0-94A2EEE56C93} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Aktualisiere Anti-Beacon-Immunisierung => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe
Task: {FBD29F96-88B6-4E49-B0F5-F0B18DC9CC3A} - System32\Tasks\ApplicationCompatibilitySupport => C:\Program Files (x86)\nodejs\node.exe [2017-05-02] (Node.js)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-08-17 13:32 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-07-31 11:47 - 2017-07-26 21:27 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-18 00:50 - 2017-07-18 00:50 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2016-08-24 16:12 - 2012-01-20 14:55 - 000678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2016-08-24 16:12 - 2012-01-29 16:55 - 000657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2017-03-18 22:59 - 2017-03-19 04:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-22 17:37 - 2016-06-03 12:15 - 000278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2017-06-08 18:52 - 2017-06-08 18:52 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 20:40 - 2017-07-25 20:40 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 20:40 - 2017-07-25 20:40 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-17 13:32 - 2017-08-23 19:53 - 000028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-08-17 13:32 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 001296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000173760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000056512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000128192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000085184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-08-22 17:37 - 2016-06-03 12:13 - 000114880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000220864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-08-22 17:37 - 2016-06-03 12:12 - 000021184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2016-08-22 17:37 - 2015-12-10 06:04 - 000056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2017-08-07 21:58 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-07 21:58 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-08-07 21:58 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-22 17:37 - 2015-12-10 06:04 - 000224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-22 18:55 - 2017-06-22 18:55 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-07-13 10:12 - 2017-07-13 10:12 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-07-13 10:07 - 2017-07-13 10:07 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-08-22 12:48 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2853533079-476395649-1961076433-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2853533079-476395649-1961076433-1001\...\StartupApproved\Run: => "ZWVZGOYXKY.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E4058B2C-90A4-4FBB-8040-71347FFA5158}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7D47C938-6E02-4CA3-B609-369156CDF5B7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5540ABAF-5ACB-4A71-ABCD-E191617BC01A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BD407703-6F04-4427-B621-D7E4C9C39216}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BA8D9AD2-81DF-498F-B292-8B1E921D9012}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{85697F52-4741-4FE8-BA2B-5B8A7DA59F16}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [UDP Query User{877CE723-625E-4EE1-9320-1E8E41F66EF1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{FD0C7F03-4A48-4C14-9E17-591463B4145E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{4D38C258-E43B-43FD-B64F-07D78E03789D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7CC31B56-B0B5-43EF-8C17-57A2117062E2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{69DE9CFA-1EFC-48C3-87F5-0F67D3CA8623}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled
06-03-2017 15:23:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2017 05:09:59 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/23/2017 05:09:58 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (08/23/2017 07:53:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/23/2017 07:53:52 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/23/2017 05:03:20 PM) (Source: DCOM) (EventID: 10016) (User: GG-PCTWO)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user GG-PCTWO\GG SID (S-1-5-21-2853533079-476395649-1961076433-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/23/2017 05:03:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/23/2017 05:03:18 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/22/2017 07:31:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/22/2017 07:27:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/22/2017 07:27:46 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.

Error: (08/22/2017 04:01:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/22/2017 04:01:34 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at hxxp://go.microsoft.com/fwlink/?LinkId=245898.


CodeIntegrity:
===================================
  Date: 2017-08-22 14:39:31.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 14:39:31.111
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 14:39:31.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 14:39:31.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 13:46:20.761
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 13:46:20.759
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 13:46:20.758
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 13:46:20.756
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 14%
Total physical RAM: 16319.17 MB
Available physical RAM: 14025.21 MB
Total Virtual: 19263.17 MB
Available Virtual: 16950.65 MB

==================== Drives ================================

Drive c: (Win_10) (Fixed) (Total:95.55 GB) (Free:26.19 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:482.2 GB) NTFS
Drive h: (Working) (Fixed) (Total:620.12 GB) (Free:304.42 GB) NTFS
Drive i: (Photo) (Fixed) (Total:621.4 GB) (Free:217.8 GB) NTFS
Drive j: (Personal) (Fixed) (Total:621.5 GB) (Free:288.61 GB) NTFS
Drive s: (Win_8.1) (Fixed) (Total:125.96 GB) (Free:52.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C47C77E2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=126 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=95.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 26DEC96F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 360532BB)
Partition 1: (Not Active) - (Size=620.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=621.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=621.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

M-K-D-B · 24.08.2017, 08:58

Servus,

Zitat:

# Mode: scan

ich möchte gerne die Logdatei des Löschvorgangs sehen, nicht die des Suchlaufs. Zudem hoffe ich, dass du alle geforderten Optionen gesetzt hattest.
Bitte nachreichen. Danach geht es weiter.

edit:
Ein anderer Helfer übernimmt ab hier für mich.

achkomm · 28.08.2017, 21:05

Ich kam auf Grund von privaten Aufgaben in der letzten Tagen nicht zu einer Antwort und werde diese bald (innerhalb der nächsten Tage nachreichen). Hoffe dies ist okay.

Beim letzten Mal die Tipps zum Entfernen und richtigen Aufspielen von Malwarebytes hat schon geholfen.

Larusso · 29.08.2017, 17:56

Hy.

Ich übernehm hier mal.
Wenn du dann mal Zeit hast, lass bitte auch direkt noch FRST, wie oben beschrieben, laufen und poste die Logs zusätzlich.
Bei mehreren Tagen ohne Antwort kann ich mit den alten Logs nichts mehr anfangen

Adware + Umleitungen in Chrome / Wiederkehrende Blockade von Windows Defender

Log-Analyse und Auswertung: Adware + Umleitungen in Chrome / Wiederkehrende Blockade von Windows Defender