Solved Received a creepy email demanding bitcoin, sent to me by my own email address with password quoted

Sheepdisease · 2018/10/07

I run Comodo Internet Security Pro 10 and was shocked to receive this email. I have done multiple scans using almost every conceivable scanner. I'm not finding anything notable and want to make sure there isn't anything on my PC. It looks like a scam but am not sure how they connected the password with the email address (which is for a custom domain, and isn't an email address I give out often). I am not the type of person to input personal details as part of a phishing scam either by email or visiting a link.

Needless to say I have changed my passwords and enabled two-step authentication where possible.

Could you please check my logs and tell me what you think? I have changed the username for protection.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.10.2018
Ran by User (administrator) on USER (06-10-2018 15:04:48)
Running from A:\Downloads\Software\Security\FRST\scoped_dir15356_581
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1803 17134.286 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1808.2461.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera_crashreporter.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Adobe Systems) C:\Program Files\Adobe\Adobe Lightroom Classic CC\Lightroom.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\MIDI2LR.lrplugin\MIDI2LR.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom Classic CC\Helpers\DynamicLinkSupport\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Lightroom Classic CC\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\dynamiclinkmediaserver.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom Classic CC\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\32\Adobe QT32 Server.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Makesoft\DuplicateFinder\MakesoftDuplicateFinder.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Opera Software) C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Farbar) A:\Downloads\Software\Security\FRST\scoped_dir15356_581\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9274304 2018-05-23] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-13] (COMODO)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4072376 2018-01-17] (COMODO)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1140016 2018-08-17] (Seagate Technology LLC)
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2018-09-20] (Siber Systems)
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3003344 2018-09-11] (NordVPN)
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-07] (Piriform Ltd)
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Policies\Explorer: []
IFEO\MicrosoftEdge.exe: [Debugger] /
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Display Tray.lnk [2017-09-28]
ShortcutTarget: ColorMunki Display Tray.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk [2017-09-28]
ShortcutTarget: XRGamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Display\XRGamma.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{13cd5dcd-9b9e-4151-a552-17c1b1efa030}: [NameServer] 194.187.251.67,185.93.180.131
Tcpip\..\Interfaces\{13cd5dcd-9b9e-4151-a552-17c1b1efa030}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a28afacf-ca5b-4d20-9757-54fc2c306b30}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{d47b7ffd-8b1a-493b-9037-30bc4cb7d7c9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ee013be9-627e-4020-8bbb-c5e3456f363c}: [DhcpNameServer] 192.168.138.1
Tcpip\..\Interfaces\{f2251191-67c7-4c12-9675-c9c358ed6243}: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100

Internet Explorer:
==================
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fp-comodo&type=19_33090001005_63.0.3239.108_u_hp_sp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-27] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-20] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-29] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-20] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-09-20] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-09-20] (Siber Systems Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1470931812319
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2018-04-17] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)

Edge:
======
Edge Extension: (RoboForm) -> EdgeExtension_SiberSystemsIncRoboFormEdge_7kk3kr9e0p1np => C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.4.0_x86__7kk3kr9e0p1np [2018-08-22]

FireFox:
========
FF DefaultProfile: kdc2a3eg.default
FF ProfilePath: C:\Users\User\AppData\Roaming\TomTom\HOME\Profiles\djev9dlw.default [2017-07-03]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\SeaMonkey\Profiles\kdc2a3eg.default [2018-10-05]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-29] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-14] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3028567812-2178505071-757855141-1001: @hola.org/FlashPlayer -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\S-1-5-21-3028567812-2178505071-757855141-1001: @hola.org/vlc -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-09-21]
OPR Extension: (AdGuard AdBlocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-09-28]
OPR Extension: (AutoPagerize) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\caanjaclbeglpclhgjjkgnomicpnofad [2017-04-25]
OPR Extension: (NordVPN Proxy Extension - Privacy & Security) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2018-09-25]
OPR Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-10-02]
OPR Extension: (Pandora Forever) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kekodenfelmbmoogcklckgnfeahojkkf [2018-09-09]
OPR Extension: (Install Chrome Extensions) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-09-09]
OPR Extension: (Boomerang for Gmail) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mbgokcbnfmmadbglaopglmoagkhgappp [2016-09-21]
OPR Extension: (Mailto - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgjoobbdmnhgaajdkppafadldfedplpj [2018-09-07]
OPR Extension: (AdBlocker Ultimate) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\pmpmnoinbkdojlnknogfeoagmhmhgakc [2018-09-18]
OPR Extension: (RoboForm Password Manager) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome [2018-09-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-13] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-13] (COMODO)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-26] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-26] (Dropbox, Inc.)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-09-25] (Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-08-12] (CHENGDU YIWO Tech Development Co., Ltd)
R2 EBC Client; C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe [93376 2016-08-12] ()
S4 Everything; C:\Program Files\Everything\Everything.exe [2199656 2018-02-09] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-15] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-05-03] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199544 2018-01-17] (COMODO)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-04-09] ()
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-09-11] ()
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-22] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [265664 2018-05-23] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [351784 2018-03-07] (Synaptics Incorporated)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-04-09] ()
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [82952 2016-07-22] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2016-08-15] (X-Rite Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-09] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [56280 2017-05-26] (HP)
S1 bcbuvmmq; C:\WINDOWS\system32\drivers\bcbuvmmq.sys [72816 2017-12-02] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2016-04-09] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2018-02-02] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [830448 2018-02-02] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50768 2018-02-02] (COMODO)
S3 DAdderFltr; C:\WINDOWS\system32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2016-08-12] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2016-08-12] () [File not signed]
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2016-08-12] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2016-08-12] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [130920 2017-08-04] (GenesysLogic)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42272 2017-05-26] (HP)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2016-07-22] (Hewlett-Packard Company)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136720 2018-05-15] (Intel Corporation)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [127144 2016-12-16] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63200 2017-12-13] (COMODO)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2018-04-12] (MediaTek Inc.)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3586072 2018-05-11] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ec37b18c50b76ed9\nvlddmkm.sys [17195272 2018-06-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-06] (NVIDIA Corporation)
R3 PdiPorts; C:\WINDOWS\System32\drivers\PdiPorts.sys [19248 2016-08-11] (Portrait Displays, Inc.)
R1 RrNetCapFilterDriver; C:\WINDOWS\system32\DRIVERS\RrNetCapFilterDriver.sys [34608 2017-09-27] (Audials AG)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024384 2018-04-29] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-09-10] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3222016 2017-01-06] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [46680 2017-12-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap0903; C:\WINDOWS\System32\drivers\tap0903.sys [39424 2015-08-24] (The OpenVPN Project)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2018-07-31] (The OpenVPN Project)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-10] (Anchorfree Inc.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (The OpenVPN Project)
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [59760 2016-08-11] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [20832 2016-07-09] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\WINDOWS\SysWOW64\drivers\DDCDrv.sys [10240 2017-04-05] (Nicomsoft Ltd.) [File not signed]
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 4B45A2D37CCE3CC0F161B7C7286081A6
C:\WINDOWS\System32\drivers\3ware.sys F5E5BA493B7C497F1F769942E2EA4CE2
C:\WINDOWS\System32\drivers\Accelerometer.sys 9C1565F0F7ECB4B5B70D0D2D05B05809
C:\WINDOWS\System32\drivers\ACPI.sys CA51BB1B81F97E896E116C839B92D9D8
C:\WINDOWS\System32\drivers\AcpiDev.sys 75795E4B19BB3ED8D3C25A17CD15DC30
C:\WINDOWS\System32\Drivers\acpiex.sys DDA0FC1400A24988A7D3E746AEDF2C0F
C:\WINDOWS\System32\drivers\acpipagr.sys 1F2EC25DA23D1DF3ADA12FE5A26D321C
C:\WINDOWS\System32\drivers\acpipmi.sys 6AFFD57803BBB6FBCB483F983900A5C4
C:\WINDOWS\System32\drivers\acpitime.sys 0FC8673FAFC7D78C1CDC000F892CAC64
C:\WINDOWS\System32\drivers\ADP80XX.SYS A3D4CF2F3A433BE18CD4AD3E6665DC63
C:\WINDOWS\system32\drivers\afd.sys 4DCCC3E02A22ED4A4ADB11386F226071
C:\WINDOWS\system32\drivers\afunix.sys F267095A11A461BEF39FB180750BE801
C:\Windows\SysWOW64\drivers\afunix.sys 254921C0E1C35BBF22728BE95AD31950
C:\WINDOWS\System32\DRIVERS\ahcache.sys 0CD0F0C62414217DE9EA7EC8D425277E
C:\WINDOWS\System32\drivers\amdk8.sys 6DF48AD26E6285FB137F11328B64A376
C:\WINDOWS\System32\drivers\amdppm.sys D8804032BCDE4077A6D8D431D12AC6CC
C:\WINDOWS\System32\drivers\amdsata.sys A88F5E24B65228FB25F2051B3408A0E4
C:\WINDOWS\System32\drivers\amdsbs.sys AECD39E51DABC2BF045B2857F02FA2BD
C:\WINDOWS\System32\drivers\amdxata.sys B4CC9943230CAEB05B46CC30C220E141
C:\WINDOWS\System32\drivers\appid.sys C3ECF8840E4EAF09A4F2AE0174D6F36A
C:\WINDOWS\System32\drivers\applockerfltr.sys 769316CA5884FBBD02D45C28FE105922
C:\WINDOWS\System32\drivers\arcsas.sys 013E057DF3D13A4462AD912D7732E7E0
C:\WINDOWS\System32\drivers\asyncmac.sys B25ACCD9BE5F5798E9DD8FFB04D7BE4C
C:\WINDOWS\System32\drivers\atapi.sys 90AB4ED8EBD72A1C096A40CC35404B91
C:\WINDOWS\System32\drivers\bxvbda.sys F10E4C9444A9FC6DCBAB2C42F6999FA1
C:\WINDOWS\System32\drivers\bam.sys 982FAA5686F67BFEF3E6094705C2621F
C:\WINDOWS\System32\drivers\BasicDisplay.sys FA4973E379E872C61D0CF4E39F807833
C:\WINDOWS\System32\drivers\BasicRender.sys F024B80EA0076A318598DAB795F9C3D0
C:\WINDOWS\system32\drivers\bcbuvmmq.sys A5E456CD5A30B41D6B628BDB80F4FA7E
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 9B068DF7B7B3DDF768D06DFD69B49FD0
C:\WINDOWS\system32\drivers\bindflt.sys BC1E5F20251E0AFDB955E7D91093B619
C:\WINDOWS\System32\DRIVERS\bowser.sys 85B874696CC64AFE22DEAD2B87498621
C:\WINDOWS\System32\drivers\BthEnum.sys E0121734C2492406034FA23E3D394EBD
C:\WINDOWS\System32\drivers\bthhfenum.sys 02FEC31842DD153D966AC227B6DDF8BB
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 8EE632BFE4BABD4E7A299AF54476F9A5
C:\WINDOWS\System32\drivers\bthmodem.sys A0EC1D5C937995A2C5F1179538A8A6B4
C:\WINDOWS\System32\drivers\bthpan.sys B10E0CC936462BBA7BC659C0927617A0
C:\WINDOWS\System32\drivers\BTHport.sys 13886C871293423C2DBADA5082C72977
C:\WINDOWS\System32\drivers\BTHUSB.sys 0D5ECDF2601312025811F6AC413F851A
C:\WINDOWS\System32\drivers\bttflt.sys E3786BEBB7E4003DE324A18069DDA081
C:\WINDOWS\System32\drivers\buttonconverter.sys 03C13BB635635B9152DBF49AA07B728C
C:\WINDOWS\System32\drivers\CAD.sys 9983FF8D9834F2E67787F4BDC42A8E36
C:\WINDOWS\System32\drivers\capimg.sys 407B33DE151A3DFCF564AC4270E44B1D
C:\WINDOWS\System32\DRIVERS\cdfs.sys D3CBC6DE5955D014407C7BD1FFE80F00
C:\WINDOWS\System32\drivers\cdrom.sys 6834DBBA2A1DBA5B9B6360D0B9A3CBB5
C:\WINDOWS\System32\DRIVERS\CFRMD.sys 0FB3259B15FFAE378630087CC970A558
C:\WINDOWS\System32\drivers\cht4sx64.sys 4A08B239F92B319AD31E3916D27AD4B9
C:\WINDOWS\System32\drivers\cht4vx64.sys C8EA9376E4D284F9DF24B27AC6E3AB85
C:\WINDOWS\System32\drivers\circlass.sys 3AA86DA04A561E8162C2DBBF92D12074
C:\WINDOWS\System32\drivers\cldflt.sys 4C9CDDE070A9A005CC11CF17483720A4
C:\WINDOWS\System32\drivers\CLFS.sys DB26170CF6555B9AFF76CFA067ABCF90
C:\WINDOWS\System32\drivers\CmBatt.sys 66CBF6F8FE6F436B315D7FEAF5D2BB40
C:\WINDOWS\System32\DRIVERS\cmderd.sys B09839A9C7ECAF089DB879F6E8139F3D
C:\WINDOWS\System32\DRIVERS\cmdguard.sys 14B132AE6212FFED4E14FE954AFBF193
C:\WINDOWS\system32\DRIVERS\cmdhlp.sys 2585BF2D9F76CAEE6E1D8A10EADD514E
C:\WINDOWS\System32\Drivers\cng.sys F41CC720F267B6C1CF53A0F4898A4671
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 037DCC7A71938729CB12E8174E03031C
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys E40C99A3E0FFF49687F2187BF3E3050D
C:\WINDOWS\System32\drivers\condrv.sys 3799A9DFB162D9AAD6AC12CB8185FD19
C:\WINDOWS\system32\drivers\dadder.sys FBCB29A76E8105D682B02C69BA9B5C22
C:\WINDOWS\System32\drivers\dam.sys 8711386E9B04357F8F58166760759F3A
C:\WINDOWS\System32\Drivers\dfsc.sys 8A1C10410FDA4287A76EC5A64371E221
C:\WINDOWS\system32\DRIVERS\ssudbus.sys 5F78930AAB3900102EA8ACDD38F97324
C:\WINDOWS\System32\drivers\disk.sys A79FCB89805FA9EA9F48B671A4591D4E
C:\WINDOWS\System32\drivers\dmvsc.sys F69D7A5D7EDEE16B85F08040836FB09C
C:\WINDOWS\System32\drivers\drmkaud.sys AD1BEFBF96C0273925EDC9282557D984
C:\WINDOWS\System32\drivers\dxgkrnl.sys 8EC28D640F768EBFA543E1C87BF4D93B
C:\WINDOWS\System32\drivers\evbda.sys 75CA88887850A74DDAAAF92500B6D9B9
C:\WINDOWS\System32\drivers\EhStorClass.sys 7E838D857FC55535710C316441459C38
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 49023DD6F646B8C70AE1C105415F3E2B
C:\WINDOWS\System32\drivers\errdev.sys 1DF19D7A941CB06F8EADF89FA0BF59AD
C:\WINDOWS\System32\drivers\eubakup.sys 83EF0C33B56360761AE2DDB86E47B2E8
C:\WINDOWS\System32\drivers\EUBKMON.sys CCF2072C27B5F84447A0829014C43760
C:\WINDOWS\system32\drivers\eudskacs.sys 44A0838432C8A31A5D6CBE0BF348CED6
C:\WINDOWS\system32\drivers\EuFdDisk.sys D05585505CB20235E7C665158464551D
C:\Windows\System32\Drivers\exfat.sys D31158A3876110ABAC5E479B49661140
C:\Windows\System32\Drivers\fastfat.sys F1FBBADF0D7F4B6D56E3202C987BA525
C:\WINDOWS\System32\drivers\fdc.sys 6701B9973DE98578A491721B4BDE0926
C:\WINDOWS\System32\drivers\filecrypt.sys 9BC7FE262AF52B341048234809AA7D91

Sheepdisease · 2018/10/07

C:\WINDOWS\System32\drivers\fileinfo.sys A0AF205465482EE0FC6261782629566B
C:\WINDOWS\System32\drivers\filetrace.sys 01D83D284E6B37902DB3C4D4DB0649E0
C:\WINDOWS\System32\drivers\flpydisk.sys CE9CB1DB00B5007ABFFF0717E748E919
C:\WINDOWS\System32\drivers\fltmgr.sys C5374BA2CAE89DE7269EC61A969EF5D5
C:\WINDOWS\System32\drivers\FsDepends.sys 835F9C7193B6F9A796DE76897DC56968
C:\Windows\System32\Drivers\Fs_Rec.sys A01BA0506E07F316483E99D7AD9B6E75
C:\WINDOWS\System32\DRIVERS\fvevol.sys F00AA662A862BA1B5B0BB9FBDFAE2DFC
C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\WINDOWS\System32\drivers\vmgencounter.sys 71DBED7FB264DB60341BC796EC2E8135
C:\WINDOWS\System32\drivers\genericusbfn.sys EA5EE5EF9765A9157B346DF671952F18
C:\WINDOWS\system32\DRIVERS\GeneStor.sys 8A6C008E4156AE411C67129F47490CCF
C:\WINDOWS\System32\Drivers\msgpioclx.sys 6BE6550F1A32796A11EBC58BBC72C44D
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 508614CAC7BF8AEE4FB9002A413919B1
C:\WINDOWS\System32\drivers\HDAudBus.sys DED74127C7A2266715C0B8EA2EE75214
C:\WINDOWS\System32\drivers\HidBatt.sys 95888B85956AF97320D1F5C354632957
C:\WINDOWS\System32\drivers\hidbth.sys 33346BD26BB0AE4361DF1ED00D2876CF
C:\WINDOWS\System32\drivers\hidi2c.sys 6D767FEB02DF712F783BEEFF09E06431
C:\WINDOWS\System32\drivers\hidinterrupt.sys 542AB7A14235C5227A9307ACF1636F0B
C:\WINDOWS\System32\drivers\hidir.sys 1553DF41F4EE4F60B4BEEEC62264BE71
C:\WINDOWS\System32\drivers\hidusb.sys 6E3FB2047B8AE72E1B5F1C00A5F3E475
C:\WINDOWS\System32\drivers\hpdskflt.sys FDC411FF079101EE1DDE48FC0D10540F
C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys 6273707B4DC3A887A53EE6499A3D474E
C:\WINDOWS\System32\drivers\HpSAMD.sys 621B1FFB2E4E4745484EA01B013BF1D2
C:\WINDOWS\System32\drivers\HTTP.sys 87B74C28D0A841D920B05184554C41BB
C:\WINDOWS\System32\drivers\hvcrash.sys 9E1F3BA540DB9F4942A3F50A92E5754F
C:\WINDOWS\System32\drivers\hvservice.sys C027EBC9430FFA4FDEE4836684ED0DA3
C:\WINDOWS\System32\Drivers\mshwnclx.sys B149905CD7451160B6BFA2191A3F6182
C:\WINDOWS\System32\drivers\hwpolicy.sys FE36689912DEC37D45B7A6C6414046FE
C:\WINDOWS\System32\drivers\hyperkbd.sys A1133368F47D514D73DD7FB4C4FD2B75
C:\WINDOWS\System32\drivers\HyperVideo.sys B68252C53556FFB52CCE18FF30FACA99
C:\WINDOWS\System32\drivers\i8042prt.sys DA179667B8CEC22E4ECBBF4210DC0E35
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorA.sys 5093328AE71169727D317C3F292A4F52
C:\WINDOWS\System32\drivers\iaStorAVC.sys 26405FA714257E449581DE5D6E6200E6
C:\WINDOWS\System32\drivers\iaStorV.sys 11AC0355FE52CC8813EE6864DE7531E4
C:\WINDOWS\System32\drivers\ibbus.sys 62CD9FA7394BCDF7784CCEFC9D00C9AA
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 3501750E1D543A5C6A32D1ED5BBAA125
C:\WINDOWS\system32\DRIVERS\igdkmd64.sys 9BADE39B41C4993EFB2781402BCC0F4C
C:\WINDOWS\System32\drivers\IndirectKmd.sys AA38C19A3D65E8228D822EB18037E19D
C:\WINDOWS\system32\DRIVERS\inspect.sys D7B1AAF541956F582C00A00764311A14
C:\WINDOWS\system32\drivers\RTKVHD64.sys 9C58C51F4C01A0C5E97A4222A90F6AB0
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 3B7A082F5D593663164F7540D42CCED3
C:\WINDOWS\System32\drivers\intelide.sys F1B552F7ACDF6E3E4DDDB76118CAFDE3
C:\WINDOWS\System32\drivers\intelpep.sys E6CC7C1E7CEDC81D6B15BF2CF4C99109
C:\WINDOWS\System32\drivers\intelppm.sys 2CEF9DEB97B2CA327175EE8AD5F195A1
C:\WINDOWS\System32\drivers\iorate.sys 917931A6116F03DB3CA56CFCE8634667
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FB72A49FAD5C343C8C38948F92D87BBF
C:\WINDOWS\System32\drivers\IPMIDrv.sys 5C58142E0F1F8AA379748CC123BA7527
C:\WINDOWS\System32\drivers\ipnat.sys 7408B83959A4B8271EF67FD06A6B366B
C:\WINDOWS\System32\drivers\ipt.sys 7BEA2228C81FB6E1EADDD54D615B4C7E
C:\WINDOWS\system32\drivers\irda.sys 030AE3773151CFA728C67E38416FAD8D
C:\WINDOWS\System32\drivers\irenum.sys 79D02DC54AB4F85D2C13A728A0E36193
C:\WINDOWS\System32\drivers\isapnp.sys 38A6EC08D0067DECF7B5BA4C871B846C
C:\WINDOWS\System32\drivers\msiscsi.sys 5529131AAB75E07D9295B19E20C54DAE
C:\WINDOWS\system32\drivers\isedrv.sys 29AF0E51D805D9F564DD1F8C3FD365AD
C:\WINDOWS\System32\drivers\ItSas35i.sys C35FD802C800F3CBB4FD426D5A542A22
C:\WINDOWS\System32\drivers\iwdbus.sys 2DB1E2AE4A0DE62026296F0A6C29F3F5
C:\WINDOWS\System32\drivers\kbdclass.sys 17F3B012B28F27E7B813A7B037A3D790
C:\WINDOWS\System32\drivers\kbdhid.sys 843B4BBD15DD0340C5C293CD419D4A76
C:\WINDOWS\System32\drivers\kdnic.sys 5BBB86F3F1700E0ACE1DF10F0EF7B227
C:\WINDOWS\System32\Drivers\ksecdd.sys 65EF1DBF0132AE84A71B555E97445D4E
C:\WINDOWS\System32\Drivers\ksecpkg.sys 1F185416D44C2659BB57B0D828797ECB
C:\WINDOWS\system32\drivers\ksthunk.sys 10F2EBC1F1C4549C355781715DE47B66
C:\WINDOWS\system32\DRIVERS\LEqdUsb.Sys EAB70270BDDCFEF56FCC7425C2D9883D
C:\WINDOWS\system32\DRIVERS\LHidEqd.Sys 5EBB7C1FC685D45A1D3D8B2B9A656E48
C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys AFDFA4A6B0F7B15AA38E494FD4595741
C:\WINDOWS\System32\drivers\lltdio.sys 3CF979AFF0196DF3DF5E54DFC049EB1F
C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys C3E82B320F34C97F32B8026F4C249BEF
C:\WINDOWS\System32\drivers\lsi_sas.sys 48380096385DB46E43D85CD92B9500DB
C:\WINDOWS\System32\drivers\lsi_sas2i.sys F708223E5829510DF0D5AF209D11C8B8
C:\WINDOWS\System32\drivers\lsi_sas3i.sys B91BCC8F670F128A4BB826ACF2C2B9D5
C:\WINDOWS\System32\drivers\lsi_sss.sys FA31CDF977CD31AF9AEAAA422966ACC1
C:\WINDOWS\system32\drivers\luafv.sys E86400D7B6E095E89CF63667D94D3F50
C:\WINDOWS\System32\drivers\mausbhost.sys BD3D311802427608403C5E73A8D6137D
C:\WINDOWS\System32\drivers\mausbip.sys 61C2D9790943D8E3AD05AE35E4A313EF
C:\WINDOWS\System32\drivers\megasas.sys 61BCE12529E96E6F0335A2A8DEB83C61
C:\WINDOWS\System32\drivers\MegaSas2i.sys CA22763F12783A9C81C512ED747CECDD
C:\WINDOWS\System32\drivers\megasas35i.sys FDB06D857FC43D654547BBB31D039DB4
C:\WINDOWS\System32\drivers\megasr.sys 230361AF74DDB91705284E024A22DF4F
C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys 948DFF2262193998B69B0DBF7A0A9370
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys 1ECAB1D7A88F953397D09ECFCF789B91
C:\WINDOWS\System32\drivers\mlx4_bus.sys A8931C3820D5F392D89176E0628E766E
C:\WINDOWS\system32\drivers\mmcss.sys EB4D7C9354CB88DE4B085EA3EEA5BC76
C:\WINDOWS\System32\drivers\modem.sys CA25F2D78FDD0D36E3F3071B4B317BD4
C:\WINDOWS\System32\drivers\monitor.sys 13142B3B30F633F407D5256B2FFCCEF0
C:\WINDOWS\System32\drivers\mouclass.sys 66C9CCC6A100ACF7A4514BD3091CE566
C:\WINDOWS\System32\drivers\mouhid.sys 6BE61DAF4CDC0E13940096EAC4A9F490
C:\WINDOWS\System32\drivers\mountmgr.sys 2CFB54C638F75E39FBB22723401A8A56
C:\WINDOWS\System32\drivers\mpsdrv.sys BC7C041E5AB2D7F157731456188BFCF5
C:\WINDOWS\system32\drivers\mrxdav.sys C12373EC998C6F17C0FE2D6C3CBB9C04
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 3C0FA2ED75875481D00F3D77B1A3E336
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 42FE3D84EFE835443151DC2A50D05643
C:\WINDOWS\System32\drivers\bridge.sys F14DE177087F9E990EDE95ACE1F94662
C:\Windows\System32\Drivers\Msfs.sys 128E1D8C23F690DF1DD7AFDB214DB6ED
C:\WINDOWS\System32\drivers\msgpiowin32.sys 5A5ABA987943317300A4E55A5C5EB8C4
C:\WINDOWS\System32\drivers\mshidkmdf.sys D727DEA75E316C80793C7098225D3F56
C:\WINDOWS\System32\drivers\mshidumdf.sys E12A703CE10B068727499276340D5296
C:\WINDOWS\System32\drivers\msisadrv.sys 8E42D6B92CB4567467E29F58F2E31715
C:\WINDOWS\System32\drivers\MSKSSRV.sys 2F3B9A23F8DEE9C3AD58CB3D966D83DD
C:\WINDOWS\System32\drivers\mslldp.sys AECFFBE104D428E8A74BCABF5B3B9912
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 83364A92271339D8042C9DD5FD938A84
C:\WINDOWS\System32\drivers\MSPQM.sys AE5A4B89CDFF544B6481970BFD48A056
C:\Windows\System32\Drivers\MsRPC.sys 999433544A4136A9B879C98049821EE6
C:\WINDOWS\System32\drivers\mssmbios.sys 4566CB65F176CE5CD8FCA487D2E3A64B
C:\WINDOWS\System32\drivers\MSTEE.sys 8A11E03B32840C0B73C14D16794F1A8A
C:\WINDOWS\System32\drivers\MTConfig.sys 794285C4F166B8108292E63FEA3C41E3
C:\WINDOWS\System32\Drivers\mup.sys EEB9D3E90B83546864211D63C1A0A74A
C:\WINDOWS\System32\drivers\mvumis.sys 69CECA6726FAD321F5643B16A1FF3934
C:\WINDOWS\System32\DRIVERS\nwifi.sys 84E984CE780DDAFDC1460C0DDBDE0DF3
C:\WINDOWS\System32\drivers\ndfltr.sys AB9EB3CADF4D415B598487397476A23A
C:\WINDOWS\System32\drivers\ndis.sys B789E690ECC436F61F91BD7160C2115C
C:\WINDOWS\System32\drivers\ndiscap.sys AF73B18F3096B165A6F4417C5ED36B01
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 1A9B1F5B8B131CE461A01C9424E149D7
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 4C8BBD7EE829CE9BFB8E21134AC477E0
C:\WINDOWS\System32\drivers\ndisuio.sys 76DB7B344F90A29A16CB6B7C67B87CF6
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys A76D79B71300EB3FEDD3D12D4C6F1D76
C:\WINDOWS\System32\drivers\ndiswan.sys DA9896F6ED9EAFDAC19177ADF99DD932
C:\WINDOWS\System32\DRIVERS\ndiswan.sys DA9896F6ED9EAFDAC19177ADF99DD932
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 934E4A5CFD9CB891CD338052FA3467C6
C:\WINDOWS\System32\drivers\Ndu.sys 0E3B0F3645D1BAE79397C66FE8AF6402
C:\WINDOWS\System32\drivers\NetAdapterCx.sys A704515CF3038668E9E2CA66E31A0700
C:\WINDOWS\System32\drivers\netbios.sys DD09E3115DF2CDB36FED21E67149EB91
C:\WINDOWS\System32\DRIVERS\netbt.sys A6C01E478CD9ED26F6FB7ABCF9A2C773
C:\WINDOWS\System32\drivers\netr28ux.sys BA0C8F0B8B10968B63D85D665A6C280E
C:\WINDOWS\System32\drivers\netvsc.sys DA8548D75434CE421BF921BAAC0916D9
C:\WINDOWS\System32\drivers\Netwbw02.sys C4C69924850E8BE7FD79ACD946D5AE38
C:\Windows\System32\Drivers\Npfs.sys 7190932DB00BE83B57C01B5EAC4D746B
C:\WINDOWS\System32\drivers\npsvctrig.sys 218DB396170D77BB94F69B526CC51B8F
C:\WINDOWS\System32\drivers\nsiproxy.sys A4952889D7C5804F17ABB9F454A371C2
C:\Windows\System32\Drivers\Ntfs.sys 277F1B33E2D9915169A8155BF63DA5D7
C:\Windows\System32\Drivers\Null.sys C029E5408EEE26C3B4E5BA5D29738DB8
C:\WINDOWS\System32\drivers\nvdimm.sys 189E5FCB96ABFEA84239A16062256EE4
C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_ec37b18c50b76ed9\nvlddmkm.sys 7DBE7EA1B7C566D6528FFFE79C022EC1
C:\WINDOWS\System32\drivers\nvraid.sys 1F50ED95984009BF3634D6BD1A16FA5B
C:\WINDOWS\System32\drivers\nvstor.sys D6C14906B78F235461EEF96A886830D4
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys F82BCEB9F57B2959F6AAE2A3DDA892A8
C:\WINDOWS\system32\drivers\nvvad64v.sys 86BB05638CF921AB95E346AD0AB0E300
C:\WINDOWS\System32\drivers\parport.sys 13B175715A4391E4E5D2AB2EBC8CDBB5
C:\WINDOWS\System32\drivers\partmgr.sys 428B9FAFB0EE6EF66EAAB7B49A96487A
C:\WINDOWS\System32\drivers\pci.sys 2F6ABEFAC455D4A5AE116CD45086E736
C:\WINDOWS\System32\drivers\pciide.sys C447CDA030A3415711E4E940D2E9B399
C:\WINDOWS\System32\drivers\pcmcia.sys 753174DF234EA8BBF732986D5F78FCE7
C:\WINDOWS\System32\drivers\pcw.sys 1D05B6DE437515281CD91A16C16529E6
C:\WINDOWS\System32\drivers\pdc.sys F5F1A092463D6E46E71CC709A65403D1
C:\WINDOWS\System32\drivers\PdiPorts.sys 117EB9A45636991A3D88EABC12111F3F
C:\WINDOWS\System32\drivers\peauth.sys 42B12A76D3C98AE69C97727E3BEC7D8A
C:\WINDOWS\System32\drivers\percsas2i.sys CD9BA1C279BE0E92E971C2B45A7F3D9B
C:\WINDOWS\System32\drivers\percsas3i.sys 6D5EA79E82A48B181E18C2C39416E8C8
C:\WINDOWS\System32\drivers\pmem.sys E8BE4041A69023B6A4D1096EE8436347
C:\WINDOWS\System32\drivers\pnpmem.sys 99ECEDA6B2E1FDB6892FBD5AED1E5D99
C:\WINDOWS\System32\drivers\raspptp.sys 1FB09FD846D5030B82EB345E9970A105
C:\WINDOWS\System32\drivers\processr.sys E0E55CDA29C80A9520FCFC78D7F8A73D
C:\WINDOWS\System32\drivers\pacer.sys E4BF8BE7B3711BCBBC95EE983C0236F4
C:\WINDOWS\system32\drivers\qwavedrv.sys 00F72861538B6C4E925A21BAE397A49D
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 0FFABEB2D06CD74DDE0BCA510EEAEEBC
C:\WINDOWS\System32\DRIVERS\rasacd.sys B834761352403111D0113284D8736025
C:\WINDOWS\System32\drivers\AgileVpn.sys FA99CE309B66586A0AA6EF9CFF7BC467
C:\WINDOWS\System32\drivers\rasl2tp.sys 775ED7E51B58CF9EB415A1DBA540DACF
C:\WINDOWS\System32\DRIVERS\raspppoe.sys E2433A620ABF4083157944E4692C500D
C:\WINDOWS\System32\drivers\rassstp.sys EE5D1D51FA74ECCE57CF2DB8F6A417D8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 5F7027A2F16AFF56DA68D996FAFDAAD8
C:\WINDOWS\System32\drivers\rdpbus.sys 206AB796793FDBD518B82E2F308A7176
C:\WINDOWS\System32\drivers\rdpdr.sys 3DE4216324BE32FC3AF7667AE2406EE5
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 0600DF60EF88FD10663EC84709E5E245
C:\WINDOWS\System32\drivers\rdyboost.sys 65652EFAAF4A8A59E60A2D7BE15317E8
C:\Windows\System32\Drivers\ReFS.sys 3DCB3FAFE46B9FE41C9065EBBED97724
C:\Windows\System32\Drivers\ReFSv1.sys B76350D40A46DBA17205F8373528FD83
C:\WINDOWS\System32\drivers\rfcomm.sys 59F600BDA5B6EE591802945F1D8388D5
C:\WINDOWS\System32\drivers\rhproxy.sys 3D4F4CCE0364CD3F1B539D2630686F24
C:\WINDOWS\system32\DRIVERS\RrNetCapFilterDriver.sys 9714F6BC8F91D1BC935F4273A870633D
C:\WINDOWS\System32\drivers\rspndr.sys FFFB16EF6E0B8B5F7F19B425923E7D12
C:\WINDOWS\System32\Drivers\RtsUStor.sys E902D36DD94CB4A0568DF9C26D6E4D70
C:\WINDOWS\System32\drivers\rt640x64.sys 62DBFDB13064F0C61DCBC75F215D5F9E
C:\WINDOWS\system32\DRIVERS\RtsPer.sys 965AA0535F1D6EA6174B2429D7F4D073
C:\WINDOWS\system32\DRIVERS\rtsuvc.sys 2EFD1A034CBEB5F05770B50C3E1F7D8C
C:\WINDOWS\System32\drivers\vms3cap.sys A2939E69027B97105014434BFBFF7195
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\WINDOWS\System32\drivers\sbp2port.sys 04C51BBD8C9F54E5F2C5D831B03B11E3
C:\WINDOWS\System32\DRIVERS\scfilter.sys 0070C2DC6563C48EDA63A282748F3FCD
C:\WINDOWS\System32\drivers\scmbus.sys A61C34A8B6BA61E61C612CAD636C369F
C:\WINDOWS\System32\drivers\sdbus.sys 495273177E87B0C34D7E431E9254FA23
C:\WINDOWS\System32\drivers\SDFRd.sys 9EF09DE84CE20B787C02395394AC2A7E
C:\WINDOWS\System32\drivers\sdstor.sys F80D6C03FEA2F7DEE14023B7229DA8C2
C:\WINDOWS\system32\drivers\semav6msr64.sys 07F83829E7429E60298440CD1E601A6A
C:\WINDOWS\System32\drivers\SerCx.sys C5CF2941AA9E417B3A224601255C002E
C:\WINDOWS\System32\drivers\SerCx2.sys B9C113BD9FCA4F3E23F03708A7DA07CC
C:\WINDOWS\System32\drivers\serenum.sys 1845736FA47A1DFBBB642FE21095B4E0
C:\WINDOWS\System32\drivers\serial.sys F1BABF50469041797ED9928C31318832
C:\WINDOWS\System32\drivers\sermouse.sys 340116988930B07629A2D0C2B380A365
C:\WINDOWS\System32\drivers\sfloppy.sys 77FF0A5BA023D8E8C82EACCD54EA5C78
C:\WINDOWS\System32\drivers\SgrmAgent.sys 1941F5CA54C469E16957587FD56ED842
C:\WINDOWS\System32\drivers\SiSRaid2.sys 1443CF919C2A3207CE7724E0A31686A2
C:\WINDOWS\System32\drivers\sisraid4.sys C0B1EAD6CC127CAE4E84EBF54105B3B8
C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys F6DC7532B46BBBE0810862E93EAC25C1
C:\WINDOWS\System32\drivers\spaceport.sys 5E70A578D27BCC7E37E16055669F2836
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys FE1776E587227120DC04EAEC45473245
C:\WINDOWS\System32\drivers\SpbCx.sys D05EB2BB52EC6B665D1631EC33241B80
C:\WINDOWS\System32\DRIVERS\srv2.sys D9EFD1D7829994F16141DA4FB6ACAABC
C:\WINDOWS\System32\DRIVERS\srvnet.sys 93DF24D0C33F2894429D4180145CBDA7
C:\WINDOWS\system32\DRIVERS\ssudmdm.sys F0B59ADCD06BCEB9D47311B7041CA2C9
C:\WINDOWS\System32\drivers\stexstor.sys DA82903F26AE12034CC5229F61098948
C:\WINDOWS\System32\drivers\storahci.sys F2D1983C7BEF5E3AB8978A7796C59A75
C:\WINDOWS\System32\drivers\vmstorfl.sys 76C9E2AA3400C22FC7091AD2F2999F95
C:\WINDOWS\System32\drivers\stornvme.sys 701078F20919BD635EA25F691880F651
C:\WINDOWS\System32\drivers\storqosflt.sys 47CE4211A40C2C023A8138E18757F3D2
C:\WINDOWS\System32\drivers\storufs.sys 25D7B79F80F3C2CD97D797C14D470165
C:\WINDOWS\System32\drivers\storvsc.sys 1FC7B7BE58A29DF27F5E6F6C2F061FA3
C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys 54255DF324C621A97220EBFA832237D2
C:\WINDOWS\System32\drivers\Synth3dVsc.sys A2A42A570524C975259E3B81C4D80DCA
C:\WINDOWS\system32\DRIVERS\SynTP.sys 4E82AF4D1FA194B91543B8EE8FA5ADE7
C:\WINDOWS\System32\drivers\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66
C:\WINDOWS\System32\drivers\tap0903.sys CF71833799044790F5059FE1E784F94C
C:\WINDOWS\System32\drivers\tapexpressvpn.sys 877F60F3BCF2E40D8D65E8616EAD7217
C:\WINDOWS\System32\drivers\taphss6.sys E790E904BB06081F5A3DAFE87F20D06B
C:\WINDOWS\System32\drivers\tapnordvpn.sys 75946B7D9F6C356AE733C24427950453
C:\WINDOWS\system32\drivers\tbhsd.sys E432A6F8725F29514144C0CB62CA5A96
C:\WINDOWS\System32\drivers\tcpip.sys 38F735ADC4D7F4A2A8FC6400E98F6B60
C:\WINDOWS\System32\drivers\tcpip.sys 38F735ADC4D7F4A2A8FC6400E98F6B60
C:\WINDOWS\System32\drivers\tcpipreg.sys 085F8A5F09E64CC27309AF160EF4F9BA
C:\WINDOWS\system32\DRIVERS\tdx.sys 16071C42E21CE3378FA449322FB9AB1D
C:\WINDOWS\System32\drivers\terminpt.sys B2C4D7CB291293CAC636748E695D111E
C:\WINDOWS\System32\drivers\tpm.sys 330F5AA122A302F0244D918B9C92C9D1
C:\WINDOWS\System32\drivers\tsusbflt.sys 0D721F40C179EC5737C15E551F22C69B
C:\WINDOWS\System32\drivers\TsUsbGD.sys DE1296871208D1F13B7AC57C4B1FA46C
C:\WINDOWS\System32\drivers\tunnel.sys BC938ABBF586272BD4063CA51F09149F
C:\WINDOWS\System32\drivers\uaspstor.sys BDFACE024EFF2398214797143AD76C87
C:\WINDOWS\System32\Drivers\UcmCx.sys 00C4396DE1CD3502884BB2E2B6D6861C
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys ED9CBD1541C8AFDAA9B8255A384E2B53
C:\WINDOWS\System32\drivers\UcmUcsi.sys F58F1BC6A6972437CE18516F8ACCEB9F
C:\WINDOWS\System32\drivers\ucx01000.sys 017FB9532F54B28EFC1E37A91DB9ECC5
C:\WINDOWS\System32\drivers\udecx.sys 12E2B6B642360E66396502B62B048694
C:\WINDOWS\System32\DRIVERS\udfs.sys 6A442723D4D05D9F15D24C9942CDA00D
C:\WINDOWS\System32\drivers\UEFI.sys D30AF38971B6670C222250AC2CBB6227
C:\WINDOWS\System32\drivers\ufx01000.sys 588B9212DEE84F5192C09A147AA5C316
C:\WINDOWS\System32\drivers\UfxChipidea.sys 78B5C069C9AA1463ACC833FD7E2A3BD5
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 533BF4F456A1C6E7581E8C0A4EC59300
C:\WINDOWS\System32\drivers\umbus.sys 360FEE6F687D98EFFE46A5433FE6182E
C:\WINDOWS\System32\drivers\umpass.sys F6F1A9D91F684AA02951B96EE8127DAE
C:\WINDOWS\System32\drivers\urschipidea.sys 49A5E1B43C59DC0E363AD9C2D7D10BE4
C:\WINDOWS\System32\drivers\urscx01000.sys 53F1DA2D92D1D8CE4BB9D33E58D7DF01
C:\WINDOWS\System32\drivers\urssynopsys.sys 09518A324B95BBC0B472BD5A472CB916
C:\WINDOWS\system32\drivers\usbaudio.sys C7AD46F101A681B0F4D7F15534A5FF04
C:\WINDOWS\System32\drivers\usbccgp.sys B7211393225AB05324C52BA47B31FEB4
C:\WINDOWS\System32\drivers\usbcir.sys 250D21958EE5F45CD13FE6BE3788EE70
C:\WINDOWS\System32\drivers\usbehci.sys 4269DE1EB8029D55B3BB3A8A330FCF90
C:\WINDOWS\System32\drivers\usbhub.sys D67AABAE0C9EBAC9BBA2E20E0AF52EF1
C:\WINDOWS\System32\drivers\UsbHub3.sys E9ED46769676537049BAAEC4543C7BA6
C:\WINDOWS\System32\drivers\usbohci.sys A547E7B1B3FB2228259AA85AC7E82698
C:\WINDOWS\System32\drivers\usbprint.sys 692C0BA4109C8F78392A299369F51129
C:\WINDOWS\System32\drivers\usbser.sys 45A9E57185B79420EFEA5A4AED655809
C:\WINDOWS\System32\drivers\USBSTOR.SYS CEF7527514EC49EBE0C760D784643EF0
C:\WINDOWS\System32\drivers\usbuhci.sys A4124036C4FD2B94C6157C4588EEB4E3
C:\WINDOWS\System32\drivers\USBXHCI.SYS 9F4CCFCD4B4C6008C940510E43D54AEC
C:\WINDOWS\System32\drivers\vdrvroot.sys 8DCB7E5A9497C030484E5AD9E541B85C
C:\WINDOWS\System32\drivers\VerifierExt.sys 5C25C1A89650C95D15F7988D71487B08
C:\WINDOWS\System32\drivers\vhdmp.sys E8E5F722A699EF037891D735CB588F8D
C:\WINDOWS\System32\drivers\vhf.sys 209A34F4BE17B0A56328C86F8CCC5577
C:\WINDOWS\System32\drivers\visctap0901.sys DE8D2725F7A17E436FD149F1653483BC
C:\WINDOWS\System32\drivers\VKbms.sys 3B59BB6D10CF969DBE4DB93D9EAD7FB4
C:\WINDOWS\System32\drivers\vmbus.sys AD63BC4A11A4FD436ED23208BB8D1A9C
C:\WINDOWS\System32\drivers\VMBusHID.sys E2D57FB1A62F0BB7F70570806A09CE2B
C:\WINDOWS\System32\drivers\vmgid.sys 7D778F1E82EBA9F5A4DD392CFD3C4224
C:\WINDOWS\System32\drivers\volmgr.sys 708410755721F94FC8939673893C2E2B
C:\WINDOWS\System32\drivers\volmgrx.sys 1514506CA7462A64DC38C48108DDBB45
C:\WINDOWS\System32\drivers\volsnap.sys F0EE4E6028CCA58BEA9A04E7BEAB7DB4
C:\WINDOWS\System32\drivers\volume.sys 77FD1607F2C371ABD241EC7699C58884
C:\WINDOWS\System32\drivers\vpci.sys A8E3A6BA6A1B4D1DFEC5E8D5CFF786DF
C:\WINDOWS\System32\drivers\vsmraid.sys ED0B3436E1DE601C6C8EB86789AC8BAB
C:\WINDOWS\System32\drivers\vstxraid.sys 3D706FBED35DF3B17809C6714F31F9B0
C:\WINDOWS\System32\drivers\vwifibus.sys 0B11DBB8173AD374D67893D54EBEE9F3
C:\WINDOWS\System32\drivers\vwififlt.sys 95540F74893235C189409C98643D7A77
C:\WINDOWS\System32\drivers\vwifimp.sys 60A14582772A4DF0D0BE27B3F873BE6B
C:\WINDOWS\System32\drivers\wacompen.sys 87A01F65BD16C9FCCDD1B65F56CB93B0
C:\WINDOWS\System32\DRIVERS\wanarp.sys 85E187443F68F285DB78BD2279AE3701
C:\WINDOWS\System32\DRIVERS\wanarp.sys 85E187443F68F285DB78BD2279AE3701
C:\WINDOWS\system32\drivers\wcifs.sys 8A304D6CDC067922448CBA1EBB9FFCA8
C:\WINDOWS\system32\drivers\wcnfs.sys FCA1B5465213EF4DE373A1F7E76D260E
C:\WINDOWS\system32\drivers\WdBoot.sys 9BD1C97BAED4B916C95D4E107B3D9812
C:\WINDOWS\System32\drivers\Wdf01000.sys 152926023B401D1F5F8852929572F5C3
C:\WINDOWS\system32\drivers\WdFilter.sys D25D9930BFD78A09B8FD4A7504C6F57A
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 5DDA2C4B9AAED51E73DD6D580406F07A
C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys EAF4FB729E94561EE31BDE5BEF869C65
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 54E97FEADEEFF973797EB878DC0D2850
C:\WINDOWS\System32\drivers\wfplwfs.sys EB0B154F12F78DE232F38EF61BCDEEA2
C:\WINDOWS\System32\drivers\wimmount.sys 3AE28A996C9EB8A6F2AC12BC55035126
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 2BB82BABE32D41F430D290239ABC0E87
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 5F0EDDA201630E132C2251BC9DA85023
C:\WINDOWS\system32\drivers\DDCDrv.sys 66C365B542195C1F6E2FF4A7D8F3827C
C:\WINDOWS\SysWOW64\drivers\DDCDrv.sys 39ADF5874C700FBE0FDE8BD9F4FF83F4
C:\WINDOWS\System32\drivers\winmad.sys 762D8D839C44C5A0BE0449AA84034522
C:\WINDOWS\System32\drivers\winnat.sys 80086471CD4D8BF61C757E8EDFDB01DD
C:\WINDOWS\System32\drivers\WinUSB.SYS 6FA3D810FE082001B16ADE19829F1E8E
C:\WINDOWS\System32\drivers\winverbs.sys D2D6DB37E06608A5AF5B68D8E677B219
C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys 0D98EF801E93EECD8DF14CE0E277A141
C:\WINDOWS\system32\drivers\WmBEnum.sys 680A7846370000D20D7E74917D5B7936
C:\WINDOWS\system32\drivers\WmFilter.sys 14C35BA8189C6F65D839163AA285E954
C:\WINDOWS\System32\drivers\wmiacpi.sys EAEF2A087812BB7110C744446AB731D5
C:\WINDOWS\system32\drivers\WmXlCore.sys 14802B3A30AA849C97CB968CCC813BF3
C:\Windows\System32\Drivers\Wof.sys E122AD60BF4D7E4B28CCBABF33B28C1F
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 15C1131EA0216F799C86B03EDAE0BE45
C:\WINDOWS\system32\drivers\ws2ifsl.sys C1C2E769FCD3B00A59FF876FB2AD4336
C:\WINDOWS\System32\drivers\WudfPf.sys 813DC18CC654CFB1875074139B0FEFD3
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\System32\drivers\xboxgip.sys 93352403D9E6B71C275996690672488F
C:\WINDOWS\System32\drivers\xinputhid.sys CE1F78B5C1F14F74242008B2B3153FA2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-06 13:11 - 2018-10-06 13:11 - 000000000 ____D C:\Users\User\AppData\Roaming\Gstarsoft
2018-10-06 13:11 - 2018-10-06 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GstarSoft
2018-10-06 13:11 - 2018-10-06 13:11 - 000000000 ____D C:\Program Files\Common Files\Gstarsoft
2018-10-06 13:10 - 2018-10-06 13:10 - 000000000 ____D C:\Program Files\Gstarsoft
2018-10-05 15:42 - 2018-10-05 15:42 - 002612480 _____ C:\WINDOWS\SysWOW64\StopService.exe
2018-10-05 14:39 - 2018-10-05 15:04 - 002384636 _____ C:\TDSSKiller.3.1.0.17_05.10.2018_14.39.56_log.txt
2018-10-04 23:59 - 2018-10-05 14:35 - 000230672 _____ C:\TDSSKiller.3.1.0.17_04.10.2018_23.59.41_log.txt
2018-10-03 21:33 - 2018-10-03 21:33 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
2018-10-03 21:32 - 2018-10-03 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-03 21:32 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-03 15:09 - 2018-10-03 15:09 - 000000000 ____D C:\Program Files\HitmanPro
2018-10-03 11:47 - 2018-10-05 15:50 - 000000000 ____D C:\ProgramData\TEMP
2018-10-03 11:47 - 2018-10-03 11:49 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2018-10-03 11:47 - 2018-10-03 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2018-10-03 11:47 - 2012-05-02 12:17 - 001070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2018-10-03 11:47 - 2009-03-24 13:52 - 000129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2018-10-03 10:52 - 2018-10-03 16:55 - 000000000 ____D C:\ProgramData\HitmanPro
2018-10-03 10:51 - 2018-10-03 10:51 - 000000000 ____D C:\Program Files (x86)\ESET
2018-10-03 09:19 - 2018-10-03 09:19 - 000000000 ____D C:\ProgramData\Sophos
2018-10-03 09:10 - 2018-10-03 09:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-10-03 09:09 - 2018-10-03 09:09 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-10-03 09:05 - 2018-10-03 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-10-03 09:04 - 2018-10-03 09:05 - 000000000 ____D C:\Program Files\RogueKiller
2018-10-03 08:57 - 2018-10-06 15:04 - 000000000 ____D C:\FRST
2018-10-03 05:08 - 2018-10-03 05:08 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-03 05:08 - 2018-10-03 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-02 23:26 - 2018-10-02 23:37 - 000197000 _____ C:\TDSSKiller.3.1.0.17_02.10.2018_23.26.52_log.txt
2018-10-02 23:16 - 2018-10-02 23:22 - 000000000 ____D C:\AdwCleaner
2018-10-02 22:46 - 2018-10-02 22:46 - 000000000 ____D C:\SUPERDelete
2018-10-02 22:42 - 2018-10-02 22:42 - 000000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2018-10-02 22:41 - 2018-10-02 22:42 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-10-02 22:41 - 2018-10-02 22:41 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-10-02 22:41 - 2018-10-02 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-10-02 14:10 - 2018-10-02 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\JAM Software
2018-10-02 13:54 - 2018-10-02 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2018-10-02 13:54 - 2018-10-02 13:54 - 000000000 ____D C:\Program Files\JAM Software
2018-09-30 07:15 - 2018-09-30 07:15 - 000000992 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 2019.lnk
2018-09-30 04:28 - 2018-09-30 04:28 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2018-09-30 04:28 - 2018-09-30 04:28 - 000000000 ____D C:\Program Files (x86)\Belarc
2018-09-28 22:03 - 2018-09-28 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2018-09-28 08:10 - 2018-09-28 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-09-25 22:26 - 2018-09-04 23:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-09-25 21:22 - 2018-09-25 21:23 - 000000000 ____D C:\Users\User\AppData\Local\NordVPN
2018-09-25 21:22 - 2018-09-25 21:23 - 000000000 ____D C:\ProgramData\NordVpn
2018-09-25 21:22 - 2018-09-25 21:22 - 000000000 ____D C:\ProgramData\Caphyon
2018-09-25 21:21 - 2018-09-25 21:22 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-09-25 21:20 - 2018-09-25 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-09-25 21:19 - 2018-09-25 21:19 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2018-09-25 12:52 - 2018-09-25 12:52 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-09-25 12:52 - 2018-09-25 12:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-09-25 12:52 - 2018-09-25 12:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-09-25 12:52 - 2018-09-25 12:52 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-09-24 21:39 - 2018-09-24 21:39 - 000000000 ____D C:\Users\User\AppData\Local\ExpressVPN
2018-09-20 01:37 - 2018-09-20 01:37 - 000000000 ____D C:\Program Files\iPod
2018-09-20 01:36 - 2018-09-20 01:37 - 000000000 ____D C:\Program Files\iTunes
2018-09-18 07:47 - 2018-09-15 09:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-18 07:47 - 2018-09-15 09:32 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-18 07:47 - 2018-09-15 03:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-18 07:47 - 2018-09-15 03:16 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-18 07:47 - 2018-08-31 07:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-18 07:47 - 2018-08-31 04:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-18 07:47 - 2018-08-31 04:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-18 07:47 - 2018-08-31 04:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-18 07:47 - 2018-08-31 04:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-18 07:47 - 2018-08-31 04:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-18 07:47 - 2018-08-31 04:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-18 07:47 - 2018-08-31 04:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-18 07:47 - 2018-08-31 04:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-18 07:47 - 2018-08-31 04:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-18 07:47 - 2018-08-09 10:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-18 07:47 - 2018-08-09 10:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-18 07:47 - 2018-08-09 10:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-18 07:47 - 2018-08-09 09:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-18 07:47 - 2018-08-09 09:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-18 07:47 - 2018-08-09 09:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-18 07:47 - 2018-08-09 09:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-18 07:47 - 2018-08-09 05:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-18 07:47 - 2018-08-09 05:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-18 07:47 - 2018-08-09 05:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-18 07:47 - 2018-08-09 05:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-18 07:47 - 2018-08-09 05:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-18 07:47 - 2018-08-09 05:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-18 07:47 - 2018-08-09 05:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-18 07:47 - 2018-08-09 05:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-18 07:47 - 2018-08-09 05:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-18 07:46 - 2018-09-15 09:31 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-18 07:46 - 2018-09-15 03:57 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-18 07:46 - 2018-09-15 03:56 - 000269320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-18 07:46 - 2018-09-15 03:51 - 001220920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-18 07:46 - 2018-09-15 03:50 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-18 07:46 - 2018-09-15 03:50 - 000567080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-18 07:46 - 2018-09-15 03:50 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-18 07:46 - 2018-09-15 03:49 - 009090064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-18 07:46 - 2018-09-15 03:49 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-18 07:46 - 2018-09-15 03:49 - 001097760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-18 07:46 - 2018-09-15 03:48 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-18 07:46 - 2018-09-15 03:48 - 000713504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-18 07:46 - 2018-09-15 03:33 - 006567984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-18 07:46 - 2018-09-15 03:33 - 001129760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-18 07:46 - 2018-09-15 03:33 - 000567280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-18 07:46 - 2018-09-15 03:33 - 000357064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-09-18 07:46 - 2018-09-15 03:20 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-09-18 07:46 - 2018-09-15 03:19 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-18 07:46 - 2018-09-15 03:17 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-18 07:46 - 2018-08-31 08:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-18 07:46 - 2018-08-31 08:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-18 07:46 - 2018-08-31 08:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-18 07:46 - 2018-08-31 07:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-18 07:46 - 2018-08-31 04:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-18 07:46 - 2018-08-31 04:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-18 07:46 - 2018-08-31 04:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-18 07:46 - 2018-08-31 04:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-18 07:46 - 2018-08-31 04:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-18 07:46 - 2018-08-31 04:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-18 07:46 - 2018-08-31 04:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-18 07:46 - 2018-08-31 04:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-18 07:46 - 2018-08-31 04:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-18 07:46 - 2018-08-31 04:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-18 07:46 - 2018-08-31 04:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-18 07:46 - 2018-08-31 04:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-18 07:46 - 2018-08-31 04:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-18 07:46 - 2018-08-31 04:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-18 07:46 - 2018-08-31 04:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-18 07:46 - 2018-08-31 04:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-18 07:46 - 2018-08-31 04:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-18 07:46 - 2018-08-31 04:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-18 07:46 - 2018-08-31 04:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-18 07:46 - 2018-08-31 04:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-18 07:46 - 2018-08-31 04:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-18 07:46 - 2018-08-31 04:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-18 07:46 - 2018-08-31 04:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-18 07:46 - 2018-08-31 04:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-18 07:46 - 2018-08-31 04:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-18 07:46 - 2018-08-31 04:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-18 07:46 - 2018-08-31 04:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-18 07:46 - 2018-08-31 04:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-18 07:46 - 2018-08-31 04:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-18 07:46 - 2018-08-31 04:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-18 07:46 - 2018-08-31 04:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-18 07:46 - 2018-08-31 04:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-18 07:46 - 2018-08-31 04:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-18 07:46 - 2018-08-31 04:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-18 07:46 - 2018-08-28 08:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-18 07:46 - 2018-08-28 07:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-18 07:46 - 2018-08-28 07:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-18 07:46 - 2018-08-28 07:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-18 07:46 - 2018-08-28 06:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-18 07:46 - 2018-08-14 03:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-18 07:46 - 2018-08-09 10:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-18 07:46 - 2018-08-09 10:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-18 07:46 - 2018-08-09 10:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-18 07:46 - 2018-08-09 10:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-18 07:46 - 2018-08-09 10:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-18 07:46 - 2018-08-09 10:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-18 07:46 - 2018-08-09 10:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-18 07:46 - 2018-08-09 10:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-18 07:46 - 2018-08-09 10:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-18 07:46 - 2018-08-09 10:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-18 07:46 - 2018-08-09 10:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-18 07:46 - 2018-08-09 10:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-18 07:46 - 2018-08-09 09:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-18 07:46 - 2018-08-09 09:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-18 07:46 - 2018-08-09 09:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-18 07:46 - 2018-08-09 09:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-18 07:46 - 2018-08-09 09:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-18 07:46 - 2018-08-09 09:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-18 07:46 - 2018-08-09 09:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-18 07:46 - 2018-08-09 09:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-18 07:46 - 2018-08-09 09:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-18 07:46 - 2018-08-09 06:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-18 07:46 - 2018-08-09 05:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-18 07:46 - 2018-08-09 05:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-18 07:46 - 2018-08-09 05:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-18 07:46 - 2018-08-09 05:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-18 07:46 - 2018-08-09 05:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-18 07:46 - 2018-08-09 05:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-18 07:46 - 2018-08-09 05:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-18 07:46 - 2018-08-09 05:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-18 07:46 - 2018-08-09 05:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-18 07:46 - 2018-08-09 05:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-18 07:46 - 2018-08-09 05:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-18 07:46 - 2018-08-09 05:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-18 07:46 - 2018-08-09 05:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-18 07:46 - 2018-08-09 05:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-18 07:46 - 2018-08-09 05:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-18 07:46 - 2018-08-09 05:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-18 07:46 - 2018-08-09 05:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-18 07:46 - 2018-08-09 05:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-18 07:46 - 2018-08-09 05:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-18 07:46 - 2018-08-09 05:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-18 07:46 - 2018-08-09 05:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-18 07:46 - 2018-08-09 05:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-18 07:46 - 2018-08-09 05:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-18 07:46 - 2018-08-09 05:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-18 07:46 - 2018-08-09 05:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-18 07:46 - 2018-08-09 05:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-18 07:46 - 2018-08-09 05:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-18 07:46 - 2018-08-09 05:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-18 07:46 - 2018-08-09 05:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-18 07:46 - 2018-08-09 05:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-18 07:45 - 2018-09-15 03:51 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-18 07:45 - 2018-09-15 03:33 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-18 07:45 - 2018-09-15 01:59 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-18 07:45 - 2018-08-31 08:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-18 07:45 - 2018-08-31 08:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-18 07:45 - 2018-08-31 08:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-18 07:45 - 2018-08-31 08:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-18 07:45 - 2018-08-31 08:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-18 07:45 - 2018-08-31 08:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-18 07:45 - 2018-08-31 08:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-18 07:45 - 2018-08-31 08:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-18 07:45 - 2018-08-31 08:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-18 07:45 - 2018-08-31 08:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-18 07:45 - 2018-08-31 08:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-18 07:45 - 2018-08-31 07:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-18 07:45 - 2018-08-31 07:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-18 07:45 - 2018-08-31 07:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-18 07:45 - 2018-08-31 07:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-18 07:45 - 2018-08-31 07:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-18 07:45 - 2018-08-31 07:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-18 07:45 - 2018-08-31 04:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-18 07:45 - 2018-08-31 04:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-18 07:45 - 2018-08-31 04:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-18 07:45 - 2018-08-31 04:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-18 07:45 - 2018-08-31 04:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-18 07:45 - 2018-08-31 04:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-18 07:45 - 2018-08-31 04:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-18 07:45 - 2018-08-31 04:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-18 07:45 - 2018-08-31 04:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-18 07:45 - 2018-08-31 04:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-18 07:45 - 2018-08-31 04:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-18 07:45 - 2018-08-31 04:11 - 001057792 _____ (Microsoft Corporation)

Sheepdisease · 2018/10/07

C:\WINDOWS\system32\SearchIndexer.exe
2018-09-18 07:45 - 2018-08-31 04:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-18 07:45 - 2018-08-31 04:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-18 07:45 - 2018-08-31 04:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-18 07:45 - 2018-08-31 04:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-18 07:45 - 2018-08-31 04:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-18 07:45 - 2018-08-31 04:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-18 07:45 - 2018-08-31 04:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-18 07:45 - 2018-08-31 04:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-18 07:45 - 2018-08-31 04:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-18 07:45 - 2018-08-28 07:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-18 07:45 - 2018-08-14 03:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-18 07:45 - 2018-08-09 10:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-18 07:45 - 2018-08-09 10:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-18 07:45 - 2018-08-09 10:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-18 07:45 - 2018-08-09 10:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-18 07:45 - 2018-08-09 10:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-18 07:45 - 2018-08-09 10:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-18 07:45 - 2018-08-09 10:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-18 07:45 - 2018-08-09 10:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-18 07:45 - 2018-08-09 10:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-18 07:45 - 2018-08-09 10:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-18 07:45 - 2018-08-09 10:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-18 07:45 - 2018-08-09 10:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-18 07:45 - 2018-08-09 10:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-18 07:45 - 2018-08-09 10:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-18 07:45 - 2018-08-09 09:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-18 07:45 - 2018-08-09 09:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-18 07:45 - 2018-08-09 09:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-18 07:45 - 2018-08-09 09:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-18 07:45 - 2018-08-09 09:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-18 07:45 - 2018-08-09 09:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-18 07:45 - 2018-08-09 09:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-18 07:45 - 2018-08-09 06:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-18 07:45 - 2018-08-09 05:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-18 07:45 - 2018-08-09 05:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-18 07:45 - 2018-08-09 05:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-18 07:45 - 2018-08-09 05:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-18 07:45 - 2018-08-09 05:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-18 07:45 - 2018-08-09 05:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-18 07:45 - 2018-08-09 05:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-18 07:45 - 2018-08-09 05:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-18 07:45 - 2018-08-09 05:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-18 07:45 - 2018-08-09 05:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-18 07:45 - 2018-08-09 05:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-18 07:45 - 2018-08-09 05:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-18 07:45 - 2018-08-09 05:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-18 07:45 - 2018-08-09 05:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-18 07:45 - 2018-08-09 05:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-18 07:45 - 2018-08-09 05:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-18 07:45 - 2018-08-09 05:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-18 07:45 - 2018-08-09 05:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-18 07:45 - 2018-08-09 05:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-18 07:45 - 2018-08-09 05:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-18 07:45 - 2018-08-09 05:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-18 07:45 - 2018-08-09 05:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-18 07:45 - 2018-08-09 05:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-18 07:45 - 2018-08-09 05:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-18 07:45 - 2018-08-09 05:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-18 07:45 - 2018-08-09 05:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-18 07:45 - 2018-08-09 04:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-18 07:45 - 2018-08-09 04:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-06 21:09 - 2018-09-30 04:44 - 000000000 ____D C:\Program Files (x86)\CCleaner
2018-09-06 21:04 - 2018-09-06 21:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-09-06 20:50 - 2018-09-19 06:25 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-09-06 20:50 - 2018-09-06 21:04 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-09-06 19:16 - 2018-09-24 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost
2018-09-05 23:16 - 2018-09-05 23:16 - 000000000 ____D C:\WINDOWS\Panther
2018-09-05 21:57 - 2018-09-05 21:57 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2018-09-05 21:55 - 2018-09-05 21:55 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-05 19:56 - 2018-10-05 07:41 - 000002516 _____ C:\WINDOWS\System32\Tasks\Chameleon Folder-User
2018-09-05 19:56 - 2018-09-05 23:15 - 000000000 ____D C:\Program Files (x86)\Chameleon Explorer
2018-09-05 19:54 - 2018-09-05 22:43 - 000000000 ____D C:\Program Files (x86)\Freez
2018-09-05 11:29 - 2018-09-05 11:29 - 000096397 _____ C:\WINDOWS\uninstaller.dat
2018-09-04 20:48 - 2018-09-04 20:48 - 000000000 ____D C:\Users\User\AppData\Local\GMap.NET
2018-09-04 20:47 - 2018-09-30 04:43 - 000000000 ____D C:\Users\User\AppData\Roaming\Acrylic Wi-Fi HeatMaps
2018-09-04 20:47 - 2018-09-30 04:43 - 000000000 ____D C:\Program Files\Acrylic Wi-Fi HeatMaps
2018-09-04 08:02 - 2018-09-04 08:02 - 000000000 ____D C:\Users\User\AppData\Local\Plex Media Server
2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation)
C:\WINDOWS\SysWOW64\msvcp140_1.dll
2018-08-20 08:08 - 2018-08-03 04:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-08-20 08:08 - 2018-08-03 04:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-08-20 08:08 - 2018-08-03 04:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-20 08:08 - 2018-08-03 04:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-08-20 08:08 - 2018-08-03 04:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-08-20 08:08 - 2018-08-03 04:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-08-20 08:08 - 2018-08-03 04:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-08-20 08:08 - 2018-08-03 04:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-08-20 08:08 - 2018-08-03 04:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-08-20 08:08 - 2018-08-03 04:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-20 08:08 - 2018-08-03 04:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-08-20 08:08 - 2018-08-03 04:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-08-20 08:08 - 2018-07-15 01:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-08-20 08:08 - 2018-07-15 01:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-08-20 08:08 - 2018-07-14 05:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-08-20 08:08 - 2018-07-14 05:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-08-20 08:08 - 2018-07-14 04:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-08-20 08:08 - 2018-07-14 04:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-08-20 08:08 - 2018-07-14 04:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-08-20 08:08 - 2018-07-14 04:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-08-20 08:08 - 2018-07-14 04:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-08-20 08:08 - 2018-07-14 04:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-08-20 08:08 - 2018-07-14 04:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-08-20 08:08 - 2018-07-14 04:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-08-20 08:08 - 2018-07-14 04:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-08-20 08:08 - 2018-07-14 04:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-08-20 08:08 - 2018-07-14 04:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-08-20 08:08 - 2018-07-14 04:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-08-20 08:08 - 2018-07-14 04:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-08-20 08:08 - 2018-07-14 04:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-08-20 08:08 - 2018-07-14 04:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-08-20 08:08 - 2018-07-14 04:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-08-20 08:08 - 2018-07-14 04:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-08-20 08:08 - 2018-07-14 04:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-08-20 08:08 - 2018-07-14 04:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-08-20 08:08 - 2018-07-14 04:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-08-20 08:07 - 2018-08-03 09:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-20 08:07 - 2018-08-03 09:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-08-20 08:07 - 2018-08-03 09:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-20 08:07 - 2018-08-03 09:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-20 08:07 - 2018-08-03 09:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-20 08:07 - 2018-08-03 09:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-08-20 08:07 - 2018-08-03 09:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-08-20 08:07 - 2018-08-03 09:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-20 08:07 - 2018-08-03 04:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-08-20 08:07 - 2018-08-03 04:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-08-20 08:07 - 2018-08-03 04:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-20 08:07 - 2018-08-03 04:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-08-20 08:07 - 2018-08-03 04:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-08-20 08:07 - 2018-08-03 04:14 - 000113664 _____ (Microsoft Corporation)
C:\WINDOWS\system32\WaaSAssessment.dll
2018-08-20 08:07 - 2018-08-03 04:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-08-20 08:07 - 2018-08-03 04:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-08-20 08:07 - 2018-08-03 04:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-08-20 08:07 - 2018-08-03 04:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-20 08:07 - 2018-08-03 04:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-20 08:07 - 2018-08-03 04:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-08-20 08:07 - 2018-07-15 01:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-08-20 08:07 - 2018-07-15 01:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-08-20 08:07 - 2018-07-15 01:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-08-20 08:07 - 2018-07-15 01:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-08-20 08:07 - 2018-07-15 01:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-08-20 08:07 - 2018-07-15 01:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-08-20 08:07 - 2018-07-14 05:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-08-20 08:07 - 2018-07-14 05:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-08-20 08:07 - 2018-07-14 05:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-08-20 08:07 - 2018-07-14 05:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-08-20 08:07 - 2018-07-14 05:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-08-20 08:07 - 2018-07-14 05:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-08-20 08:07 - 2018-07-14 05:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-08-20 08:07 - 2018-07-14 05:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-08-20 08:07 - 2018-07-14 05:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-08-20 08:07 - 2018-07-14 04:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-08-20 08:07 - 2018-07-14 04:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-08-20 08:07 - 2018-07-14 04:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-08-20 08:07 - 2018-07-14 04:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-08-20 08:07 - 2018-07-14 04:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-08-20 08:07 - 2018-07-14 04:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-08-20 08:07 - 2018-07-14 04:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-08-20 08:07 - 2018-07-14 04:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-08-20 08:07 - 2018-07-14 04:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-08-20 08:07 - 2018-07-14 04:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-08-20 08:07 - 2018-07-14 04:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-08-20 08:07 - 2018-07-14 04:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-08-20 08:07 - 2018-07-14 04:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-08-20 08:07 - 2018-07-14 04:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-08-20 08:07 - 2018-07-14 04:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-08-20 08:07 - 2018-07-14 04:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-08-20 08:07 - 2018-07-14 04:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-08-20 08:07 - 2018-07-14 04:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-08-20 08:07 - 2018-07-14 04:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-08-20 08:07 - 2018-07-14 04:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-08-20 08:07 - 2018-07-14 04:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-08-20 08:07 - 2018-07-14 04:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-08-20 08:07 - 2018-07-14 04:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-08-20 08:07 - 2018-07-14 04:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-08-20 08:07 - 2018-07-14 04:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-08-20 08:07 - 2018-07-14 04:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-08-20 08:07 - 2018-07-14 04:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-08-20 08:07 - 2018-07-14 04:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-08-20 08:07 - 2018-07-14 04:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-08-20 08:07 - 2018-07-14 04:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-08-20 08:07 - 2018-07-14 04:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-08-20 08:07 - 2018-07-14 04:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-08-20 08:07 - 2018-07-14 04:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-08-20 08:07 - 2018-07-14 04:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-08-20 08:07 - 2018-07-14 04:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-08-20 08:07 - 2018-07-14 04:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-08-20 08:07 - 2018-07-14 04:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-08-20 08:07 - 2018-07-14 04:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-08-20 08:07 - 2018-07-14 04:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-08-20 08:07 - 2018-07-14 04:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-08-20 08:07 - 2018-07-14 04:49 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-08-20 08:07 - 2018-07-14 04:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-08-20 08:06 - 2018-08-03 08:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-08-20 08:06 - 2018-08-03 08:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-20 08:06 - 2018-08-03 08:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-20 08:06 - 2018-08-03 08:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-20 08:06 - 2018-08-03 08:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-20 08:06 - 2018-08-03 08:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-20 08:06 - 2018-08-03 04:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-08-20 08:06 - 2018-08-03 04:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-20 08:06 - 2018-08-03 04:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-20 08:06 - 2018-08-03 04:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-20 08:06 - 2018-08-03 04:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-20 08:06 - 2018-08-03 04:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-20 08:06 - 2018-07-15 00:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-08-20 08:06 - 2018-07-15 00:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-08-20 08:06 - 2018-07-15 00:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-08-20 08:06 - 2018-07-14 07:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-08-20 08:06 - 2018-07-14 05:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-08-20 08:06 - 2018-07-14 04:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-08-20 08:06 - 2018-07-14 04:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-08-20 08:06 - 2018-07-14 04:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-08-20 08:06 - 2018-07-14 04:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-08-20 08:06 - 2018-07-14 04:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-08-20 08:06 - 2018-07-14 04:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-08-20 08:06 - 2018-07-14 04:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-08-20 08:06 - 2018-07-14 04:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-08-20 08:05 - 2018-08-03 04:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2018-08-20 08:05 - 2018-08-03 04:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-08-20 08:05 - 2018-07-14 05:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-08-20 08:05 - 2018-07-14 05:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-08-20 08:05 - 2018-07-14 05:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-08-20 08:05 - 2018-07-14 05:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-08-20 08:05 - 2018-07-14 05:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-08-20 08:05 - 2018-07-14 05:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-08-20 08:05 - 2018-07-14 05:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-08-20 08:05 - 2018-07-14 05:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-08-20 08:05 - 2018-07-14 05:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-08-20 08:05 - 2018-07-14 05:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-08-20 08:05 - 2018-07-14 04:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-08-20 08:05 - 2018-07-14 04:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-08-20 08:05 - 2018-07-14 04:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-08-20 08:05 - 2018-07-14 04:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-08-20 08:05 - 2018-07-14 04:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-08-20 08:05 - 2018-07-14 04:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-08-20 08:05 - 2018-07-14 04:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-08-20 08:05 - 2018-07-14 04:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-07-31 22:28 - 2018-07-31 22:28 - 000045024 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2018-07-27 06:37 - 2018-07-27 06:37 - 000000000 ____D C:\Users\User\AppData\Roaming\WinBatch
2018-07-25 20:14 - 2018-07-25 22:13 - 000000000 ____D C:\Users\User\AppData\Roaming\ScreenToGif
2018-07-25 20:13 - 2018-07-25 21:16 - 000000000 ____D C:\Program Files (x86)\ScreenToGif
2018-07-25 20:13 - 2018-07-25 20:13 - 000001079 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScreenToGif.lnk
2018-07-24 15:50 - 2018-07-24 15:50 - 000044896 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapnordvpn.sys
2018-07-22 05:32 - 2018-07-22 05:32 - 000000000 ____D C:\Users\User\AppData\Local\LyricsFetcher
2018-07-22 04:13 - 2018-07-22 04:13 - 000000000 ____D C:\Users\User\AppData\Local\SourceForge,_Inc
2018-07-22 04:04 - 2018-07-22 04:04 - 000000000 ____D C:\Users\User\AppData\Roaming\iTSfv
2018-07-22 04:03 - 2018-07-22 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetaONE
2018-07-22 04:03 - 2018-07-22 04:03 - 000000000 ____D C:\Program Files (x86)\iTSfv
2018-07-21 21:02 - 2018-09-06 21:40 - 000000000 ____D C:\Strawberry
2018-07-20 18:53 - 2018-07-20 18:53 - 000000000 ____D C:\Users\User\AppData\Roaming\FlacSquisher
2018-07-18 22:46 - 2018-10-04 08:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-18 22:27 - 2018-07-18 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-07-15 05:54 - 2018-07-15 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\XnViewMP
2018-07-15 05:54 - 2018-07-15 05:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP
2018-07-15 05:53 - 2018-07-15 05:54 - 000000000 ____D C:\Program Files\XnViewMP
2018-07-14 06:20 - 2018-07-14 06:20 - 000000258 __RSH C:\Users\User\ntuser.pol
2018-07-13 22:44 - 2018-07-14 06:56 - 000000000 ____D C:\Program Files\Remo Duplicate Photos Remover 1.0
2018-07-13 22:44 - 2018-07-13 22:44 - 000000000 ____D C:\Users\User\AppData\Roaming\Remo
2018-07-13 22:44 - 2018-07-13 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Duplicate Photos Remover
2018-07-13 22:19 - 2018-07-13 22:19 - 000000000 ____D C:\Users\User\AppData\Roaming\Ashisoft
2018-07-13 22:19 - 2018-07-13 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Finder
2018-07-13 22:19 - 2018-07-13 22:19 - 000000000 ____D C:\Program Files (x86)\Duplicate Photo Finder
2018-07-13 21:35 - 2018-07-06 15:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-13 21:35 - 2018-07-06 15:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-13 21:35 - 2018-07-06 15:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-13 21:35 - 2018-07-06 15:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-13 21:35 - 2018-07-06 15:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-13 21:35 - 2018-07-06 15:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-13 21:35 - 2018-07-06 15:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-13 21:35 - 2018-07-06 15:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-13 21:35 - 2018-07-06 15:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-13 21:35 - 2018-07-06 15:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-13 21:35 - 2018-07-06 14:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-13 21:35 - 2018-07-06 14:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-13 21:35 - 2018-07-06 14:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-13 21:35 - 2018-07-06 12:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-13 21:35 - 2018-07-06 08:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-13 21:35 - 2018-07-06 08:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-13 21:35 - 2018-07-06 08:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-13 21:35 - 2018-07-06 08:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-13 21:35 - 2018-07-06 08:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-13 21:35 - 2018-07-06 08:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-13 21:35 - 2018-07-06 08:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-13 21:35 - 2018-07-06 08:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-13 21:35 - 2018-07-06 08:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-13 21:35 - 2018-07-06 08:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-13 21:35 - 2018-07-06 08:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-13 21:35 - 2018-07-06 08:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-13 21:35 - 2018-07-06 08:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-13 21:35 - 2018-07-06 08:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-13 21:35 - 2018-07-06 08:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-13 21:35 - 2018-07-06 08:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-13 21:35 - 2018-07-06 08:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-13 21:35 - 2018-07-06 08:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-13 21:35 - 2018-07-06 08:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-13 21:35 - 2018-07-06 08:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-13 21:35 - 2018-07-06 07:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-13 21:35 - 2018-07-06 07:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-13 21:35 - 2018-07-06 07:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-13 21:35 - 2018-07-06 07:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-13 21:35 - 2018-07-06 07:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-13 21:35 - 2018-07-06 07:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-13 21:35 - 2018-07-06 07:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-13 21:35 - 2018-07-06 07:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-13 21:35 - 2018-07-06 07:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-13 21:35 - 2018-07-06 07:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-13 21:35 - 2018-07-06 07:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-13 21:35 - 2018-07-06 07:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-13 21:35 - 2018-07-06 07:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-13 21:35 - 2018-07-06 07:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-13 21:35 - 2018-07-06 07:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-13 21:35 - 2018-07-06 07:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-13 21:35 - 2018-07-06 07:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-13 21:35 - 2018-07-06 07:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-13 21:35 - 2018-07-06 07:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-13 21:35 - 2018-07-06 07:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-13 21:35 - 2018-07-06 07:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-13 21:35 - 2018-07-06 07:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-13 21:35 - 2018-07-06 07:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-13 21:35 - 2018-06-15 18:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll

Sheepdisease · 2018/10/07

2018-07-13 21:35 - 2018-06-15 18:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-13 21:35 - 2018-06-15 18:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-13 21:35 - 2018-06-15 18:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-13 21:35 - 2018-06-15 18:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-13 21:35 - 2018-06-15 18:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-13 21:35 - 2018-06-15 18:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-13 21:35 - 2018-06-15 18:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-13 21:35 - 2018-06-15 18:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-13 21:35 - 2018-06-15 18:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-13 21:35 - 2018-06-15 18:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-13 21:35 - 2018-06-15 18:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-13 21:35 - 2018-06-15 18:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-13 21:35 - 2018-06-15 18:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-13 21:35 - 2018-06-15 18:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-13 21:35 - 2018-06-15 18:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-13 21:35 - 2018-06-15 18:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-13 21:35 - 2018-06-15 18:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-13 21:35 - 2018-06-15 16:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-13 21:35 - 2018-06-15 16:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-13 21:35 - 2018-06-15 16:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-13 21:35 - 2018-06-15 16:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-13 21:35 - 2018-06-15 16:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-13 21:35 - 2018-06-15 16:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-13 21:35 - 2018-06-15 16:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-13 21:35 - 2018-06-15 08:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-13 21:35 - 2018-06-15 08:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-13 21:35 - 2018-06-15 06:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-13 21:35 - 2018-06-15 06:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-13 21:35 - 2018-06-15 06:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-13 21:35 - 2018-06-15 06:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-13 21:35 - 2018-06-15 06:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-13 21:35 - 2018-06-15 06:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-13 21:35 - 2018-06-15 06:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-13 21:35 - 2018-06-15 06:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-13 21:35 - 2018-06-15 06:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-13 21:35 - 2018-06-15 06:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-13 21:35 - 2018-06-15 06:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-13 21:35 - 2018-06-15 06:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-13 21:35 - 2018-06-15 06:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-13 21:35 - 2018-06-15 06:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-13 21:35 - 2018-06-15 06:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-13 21:35 - 2018-06-15 06:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-13 21:35 - 2018-06-15 06:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-13 21:35 - 2018-06-15 06:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-13 21:35 - 2018-06-15 06:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-13 21:35 - 2018-06-15 06:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-13 21:35 - 2018-06-15 06:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-13 21:35 - 2018-06-15 06:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-13 21:35 - 2018-06-15 06:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-13 21:35 - 2018-06-15 06:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-13 21:35 - 2018-06-15 06:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-13 21:35 - 2018-06-15 06:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-13 21:35 - 2018-06-15 06:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-13 21:35 - 2018-06-15 06:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-13 21:35 - 2018-06-15 06:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-13 21:35 - 2018-06-15 05:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-13 21:35 - 2018-06-15 05:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-13 21:35 - 2018-06-15 05:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-13 21:35 - 2018-06-15 05:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-13 21:35 - 2018-06-15 05:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-13 21:35 - 2018-06-15 05:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-13 21:35 - 2018-06-15 05:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-13 21:35 - 2018-06-15 05:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-13 21:35 - 2018-06-15 05:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-13 21:35 - 2018-06-15 05:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-13 21:35 - 2018-06-15 05:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-13 21:35 - 2018-06-15 05:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-13 21:35 - 2018-06-15 05:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-13 21:35 - 2018-06-15 05:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-13 21:35 - 2018-06-15 05:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-13 21:35 - 2018-06-15 05:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-13 21:35 - 2018-06-15 05:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-13 21:35 - 2018-06-15 05:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-13 21:35 - 2018-06-15 05:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-13 21:35 - 2018-06-15 05:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-13 21:35 - 2018-06-15 05:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-13 21:35 - 2018-06-15 05:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-13 21:35 - 2018-06-15 05:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-13 21:35 - 2018-06-15 05:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-13 21:35 - 2018-06-15 05:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-13 21:35 - 2018-06-15 05:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-13 21:35 - 2018-06-15 05:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-13 21:35 - 2018-06-15 05:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-13 21:35 - 2018-06-15 05:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-13 21:35 - 2018-06-15 05:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-13 21:35 - 2018-06-15 05:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-13 21:35 - 2018-06-15 05:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-13 21:35 - 2018-06-15 05:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-13 21:35 - 2018-06-15 05:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-13 21:35 - 2018-06-15 05:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-13 21:35 - 2018-06-15 05:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-13 21:35 - 2018-06-15 05:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-13 21:35 - 2018-06-15 05:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-13 21:35 - 2018-06-15 05:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-13 21:35 - 2018-06-15 05:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-13 21:35 - 2018-06-15 05:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-13 21:35 - 2018-06-15 05:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-13 21:35 - 2018-06-15 05:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-13 21:35 - 2018-06-15 05:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-13 21:35 - 2018-06-15 05:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-13 21:35 - 2018-06-15 05:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-13 21:35 - 2018-06-15 05:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-13 21:35 - 2018-06-15 05:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-13 21:35 - 2018-06-15 05:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-13 21:35 - 2018-06-15 05:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-13 21:35 - 2018-06-15 05:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-13 21:35 - 2018-06-15 05:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-13 21:35 - 2018-06-15 05:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-13 21:35 - 2018-06-01 06:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-13 21:34 - 2018-07-06 13:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-13 21:34 - 2018-07-06 07:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-13 21:34 - 2018-07-06 07:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-13 21:34 - 2018-07-06 07:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-13 21:34 - 2018-07-06 07:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-13 21:34 - 2018-06-15 18:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-13 21:34 - 2018-06-15 18:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-13 21:34 - 2018-06-15 16:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-13 21:34 - 2018-06-15 14:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-13 21:34 - 2018-06-15 08:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-13 21:34 - 2018-06-15 06:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-13 21:34 - 2018-06-15 06:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-13 21:34 - 2018-06-15 06:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-13 21:34 - 2018-06-15 06:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-13 21:34 - 2018-06-15 06:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-13 21:34 - 2018-06-15 05:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-13 21:34 - 2018-06-15 05:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-13 21:34 - 2018-06-15 05:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-13 21:33 - 2018-07-06 08:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-13 21:33 - 2018-07-06 08:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-13 21:33 - 2018-06-15 18:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-13 21:33 - 2018-06-15 18:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-13 21:33 - 2018-06-15 06:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-13 21:33 - 2018-06-15 06:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-13 21:33 - 2018-06-15 06:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-13 21:33 - 2018-06-15 06:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-13 21:33 - 2018-06-15 06:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-13 21:33 - 2018-06-15 06:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-13 21:33 - 2018-06-15 06:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-13 21:33 - 2018-06-15 06:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-13 21:33 - 2018-06-15 06:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-13 21:33 - 2018-06-15 06:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-13 21:33 - 2018-06-15 06:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-13 21:33 - 2018-06-15 06:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-13 21:33 - 2018-06-15 06:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-13 21:33 - 2018-06-15 05:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-13 21:33 - 2018-06-15 05:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

Sheepdisease · 2018/10/07

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-06 15:08 - 2016-08-14 20:24 - 287753216 _____ C:\Users\User\AppData\Local\SageThumbs.db3
2018-10-06 15:07 - 2018-07-01 22:30 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2EAC8851-6744-427F-AAB4-685EFE1412F6}
2018-10-06 15:04 - 2017-04-01 06:52 - 003357876 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2018-10-06 15:02 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-06 13:55 - 2016-08-10 08:20 - 000000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2018-10-06 12:39 - 2016-04-09 16:27 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2018-10-06 09:02 - 2017-04-01 06:36 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2018-10-06 06:46 - 2018-05-27 18:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-05 21:58 - 2018-05-17 17:42 - 000000000 ____D C:\Users\User\AppData\Roaming\MIDI2LR
2018-10-05 15:54 - 2016-04-09 08:01 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-10-05 15:50 - 2017-04-15 13:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-05 14:43 - 2018-03-10 17:55 - 000000000 ____D C:\Users\User\AppData\Roaming\Toolkit
2018-10-05 14:41 - 2018-03-10 17:57 - 000001187 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolkit.lnk
2018-10-05 14:39 - 2017-04-15 13:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-10-05 14:39 - 2015-03-06 16:08 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2018-10-05 14:38 - 2018-05-27 19:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-05 14:38 - 2017-04-15 13:20 - 000000000 ____D C:\ProgramData\Synaptics
2018-10-05 14:38 - 2016-08-26 22:32 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-10-05 14:38 - 2016-08-26 22:32 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-10-05 14:37 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-05 14:35 - 2018-05-29 09:57 - 000000000 ____D C:\Users\User\AppData\Local\Everything
2018-10-05 14:35 - 2017-01-03 09:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Everything
2018-10-05 07:42 - 2018-05-27 19:39 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-10-05 07:42 - 2018-05-27 19:39 - 000003498 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-10-05 07:42 - 2018-05-27 19:39 - 000003274 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-10-05 07:42 - 2018-05-27 19:39 - 000002826 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-redacted@hotmail.com
2018-10-05 07:42 - 2018-05-27 19:39 - 000002702 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2018-10-05 07:41 - 2018-05-27 19:39 - 000002916 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3028567812-2178505071-757855141-1001
2018-10-05 07:41 - 2018-05-27 19:39 - 000002366 _____ C:\WINDOWS\System32\Tasks\{6D1D546D-AEA9-4C03-BB91-F6B08A3FA62E}
2018-10-05 07:41 - 2018-05-27 19:39 - 000002360 _____ C:\WINDOWS\System32\Tasks\{DA212052-D3CB-4505-A7EA-0E4490185BCD}
2018-10-05 00:21 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-04 18:35 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-04 16:07 - 2015-03-11 08:40 - 000000000 ____D C:\Users\User\Shared
2018-10-04 08:47 - 2018-06-25 20:37 - 000000000 ____D C:\Users\User\AppData\Local\Google
2018-10-04 08:35 - 2016-07-08 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-10-04 08:29 - 2017-12-03 02:40 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2018-10-04 08:27 - 2017-08-22 07:28 - 000000000 ____D C:\Users\User\AppData\Local\Discord
2018-10-04 08:23 - 2016-07-11 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-10-04 08:17 - 2016-05-15 06:53 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2018-10-04 08:11 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-10-04 08:11 - 2017-03-09 22:16 - 000000000 ____D C:\Users\User\AppData\Local\Comodo
2018-10-04 08:11 - 2017-03-09 22:16 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-10-04 08:10 - 2016-04-09 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2018-10-04 06:15 - 2016-04-09 13:24 - 000000000 ____D C:\Users\User\AppData\Roaming\Comodo
2018-10-04 06:15 - 2016-04-09 08:11 - 000000000 ____D C:\ProgramData\Comodo
2018-10-04 06:07 - 2016-04-09 09:03 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-03 21:31 - 2016-04-09 08:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-03 12:00 - 2016-05-12 06:52 - 000000000 ____D C:\Program Files (x86)\TagRename
2018-10-03 11:51 - 2016-08-18 18:58 - 000000033 _____ C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat
2018-10-03 10:56 - 2017-04-15 13:20 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2018-10-03 05:07 - 2016-04-09 10:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-02 21:40 - 2018-05-28 08:59 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2018-10-02 21:38 - 2018-05-27 18:53 - 005184608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-02 12:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-02 12:11 - 2018-05-27 19:39 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-10-02 12:10 - 2018-06-28 05:49 - 000000000 ____D C:\Users\User\AppData\Roaming\Mp3tag
2018-09-30 14:05 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-30 12:09 - 2016-04-09 08:03 - 000000000 ____D C:\Program Files\CCleaner
2018-09-30 08:44 - 2016-04-09 08:48 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-30 08:28 - 2016-04-24 19:37 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2018-09-30 08:12 - 2016-04-24 19:37 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2018-09-30 07:13 - 2017-10-21 11:27 - 000000000 ____D C:\Program Files (x86)\Audials
2018-09-30 07:13 - 2017-01-03 00:32 - 000000000 ____D C:\ProgramData\RapidSolution
2018-09-30 07:12 - 2017-01-03 00:29 - 000000000 ____D C:\Users\User\AppData\Local\RapidSolution
2018-09-30 05:37 - 2018-06-21 06:58 - 000000000 ____D C:\Users\User\AppData\Roaming\TIDAL
2018-09-30 05:37 - 2018-06-21 06:58 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TIDAL
2018-09-30 05:37 - 2018-06-21 06:58 - 000000000 ____D C:\Users\User\AppData\Local\TIDAL
2018-09-30 05:37 - 2016-05-21 17:20 - 000000000 ____D C:\ProgramData\Skype
2018-09-30 05:34 - 2017-08-21 07:18 - 000000000 ____D C:\Users\User\AppData\Local\Razer
2018-09-30 05:34 - 2017-08-21 07:18 - 000000000 ____D C:\ProgramData\Razer
2018-09-30 05:34 - 2017-08-21 07:02 - 000000000 ____D C:\Program Files (x86)\Razer
2018-09-30 05:33 - 2018-06-25 21:18 - 000000000 ____D C:\Users\User\AppData\Local\Deployment
2018-09-30 05:33 - 2016-07-08 20:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-09-30 04:58 - 2016-05-04 06:02 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2018-09-30 04:49 - 2017-01-16 20:00 - 000000000 ____D C:\ProgramData\Globus Privacy
2018-09-30 04:48 - 2017-12-01 22:25 - 000000000 ____D C:\ProgramData\Elcomsoft Password Recovery
2018-09-30 04:46 - 2017-10-03 08:45 - 000000000 ____D C:\Users\User\AppData\Roaming\CoffeeCup Software
2018-09-30 04:44 - 2016-04-09 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-30 04:39 - 2018-07-07 08:33 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-29 06:17 - 2018-05-27 19:13 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-28 22:03 - 2018-06-28 05:46 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2018-09-28 19:38 - 2018-07-04 05:58 - 000000000 ____D C:\ProgramData\Packages
2018-09-28 19:07 - 2018-05-27 19:00 - 000000000 ____D C:\Users\User
2018-09-28 08:11 - 2016-08-26 22:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-09-27 19:26 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-23 14:29 - 2018-05-27 19:00 - 000002407 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-23 14:29 - 2015-03-08 09:09 - 000000000 ___RD C:\Users\User\OneDrive
2018-09-20 21:50 - 2018-05-27 19:39 - 000004458 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2018-09-20 21:50 - 2018-05-27 19:39 - 000003786 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2018-09-20 21:50 - 2016-04-09 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2018-09-20 07:38 - 2017-10-09 20:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-19 06:54 - 2018-05-27 19:39 - 000003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-09-19 06:22 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-19 06:22 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-19 06:21 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-19 06:21 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-19 06:21 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-18 07:59 - 2018-04-12 00:34 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-09-14 04:37 - 2016-04-09 07:52 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2018-09-13 20:58 - 2018-05-27 19:39 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-13 20:57 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-09-13 20:57 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-09-13 20:39 - 2016-04-09 07:53 - 000000000 ____D C:\Users\User\AppData\Local\Publishers
2018-09-08 21:12 - 2017-10-29 19:45 - 000000000 ____D C:\Users\User\AppData\Local\RoboForm
2018-09-06 06:02 - 2018-03-10 17:55 - 000000000 ____D C:\Program Files (x86)\Toolkit
2018-09-06 05:55 - 2016-04-10 12:12 - 000000000 ___RD C:\Users\User\3D Objects
2018-09-06 05:55 - 2015-03-06 15:53 - 000000000 __RHD C:\Users\Public\AccountPictures

==================== Files in the root of some directories =======

2017-03-09 22:32 - 2016-09-29 18:54 - 003604152 _____ (COMODO) C:\ProgramData\cisF62A.exe
2018-05-17 17:43 - 2018-05-17 17:43 - 007494812 _____ (MIDI2LR) C:\Users\User\MIDI2LR-2.8.1.0-windows-installer.exe
2016-08-18 18:58 - 2018-10-03 11:51 - 000000033 _____ () C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat
2016-09-24 08:16 - 2016-09-24 09:04 - 000130048 _____ () C:\Users\User\AppData\Roaming\Loxley Designer PRO Prefsv3
2017-04-28 22:04 - 2017-05-28 07:11 - 000000670 _____ () C:\Users\User\AppData\Roaming\Tribler.exe.old.log
2016-08-19 00:39 - 2017-10-06 10:31 - 000001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-02-02 14:00 - 2016-02-02 14:00 - 000000331 ____H () C:\Users\User\AppData\Local\CacheConfig.dat
2018-09-29 06:22 - 2018-09-29 06:22 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2016-08-10 14:42 - 2016-08-10 15:00 - 000000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2016-08-14 20:24 - 2018-10-06 15:08 - 287753216 _____ () C:\Users\User\AppData\Local\SageThumbs.db3

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ise_installer_temp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{899056b9-e079-11e6-afdf-806e6f6e6963}
{673cb3cb-a34b-11e4-b307-f8d3b0b7638f}
{673cb3cc-a34b-11e4-b307-f8d3b0b7638f}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-GB
inherit {globalsettings}
default {current}
resumeobject {0aa67f3c-61df-11e8-aaaa-94bf89e61f51}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Firmware Application (101fffff)
-------------------------------
identifier {673cb3cb-a34b-11e4-b307-f8d3b0b7638f}
description EFI USB Device

Firmware Application (101fffff)
-------------------------------
identifier {673cb3cc-a34b-11e4-b307-f8d3b0b7638f}
description EFI DVD/CDROM

Firmware Application (101fffff)
-------------------------------
identifier {899056b9-e079-11e6-afdf-806e6f6e6963}
description Internal Hard Disk or Solid State Disk

Windows Boot Loader
-------------------
identifier {048fe1f5-61d7-11e8-8058-f6e9a3e37ffc}
device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{048fe1f6-61d7-11e8-8058-f6e9a3e37ffc}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-GB
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{048fe1f6-61d7-11e8-8058-f6e9a3e37ffc}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-GB
inherit {bootloadersettings}
recoverysequence {048fe1f5-61d7-11e8-8058-f6e9a3e37ffc}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {0aa67f3c-61df-11e8-aaaa-94bf89e61f51}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {673cb3d8-a34b-11e4-b307-f8d3b0b7638f}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{673cb3d9-a34b-11e4-b307-f8d3b0b7638f}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-GB
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{673cb3d9-a34b-11e4-b307-f8d3b0b7638f}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {0aa67f3c-61df-11e8-aaaa-94bf89e61f51}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-GB
inherit {resumeloadersettings}
recoverysequence {048fe1f5-61d7-11e8-8058-f6e9a3e37ffc}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-GB
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {048fe1f6-61d7-11e8-8058-f6e9a3e37ffc}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume5
ramdisksdipath \Recovery\WindowsRE\boot.sdi

LastRegBack: 2018-05-27 18:53

==================== End of FRST.txt ============================

Sheepdisease · 2018/10/07

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by User (06-10-2018 15:11:38)
Running from A:\Downloads\Software\Security\FRST\scoped_dir15356_581
Windows 10 Home Version 1803 17134.286 (X64) (2018-05-27 18:40:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3028567812-2178505071-757855141-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3028567812-2178505071-757855141-503 - Limited - Disabled)
Guest (S-1-5-21-3028567812-2178505071-757855141-501 - Limited - Disabled)
User (S-1-5-21-3028567812-2178505071-757855141-1001 - Administrator - Enabled) => C:\Users\User
HomeGroupUser$ (S-1-5-21-3028567812-2178505071-757855141-1003 - Limited - Enabled)
sheep (S-1-5-21-3028567812-2178505071-757855141-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3028567812-2178505071-757855141-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_0) (Version: 22.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2018 (HKLM-x32\...\IDSN_13_0) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version: - Leo Davidson / Pretentious Name)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Audials (HKLM-x32\...\{14F6AD9A-929D-4651-9C41-6C5BF706B3CD}) (Version: 18.1.41600.0 - Audials AG)
Audials (HKLM-x32\...\{73F15672-31F3-4711-83B6-085EBC79A318}) (Version: 19.0.3700.0 - Audials AG)
Belarc Advisor 8.6b (HKLM-x32\...\Belarc Advisor) (Version: 8.6.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
ColorMunki Display 1.1.4 (HKLM-x32\...\ColorMunki Display_is1) (Version: 1.1.4 - X-Rite)
COMODO Internet Security Pro (HKLM\...\{67DA4459-33A8-4E69-9C7B-FB5CBADA60AB}) (Version: 10.2.0.6526 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Pro (HKLM\...\COMODO Internet Security) (Version: 10.2.0.6526 - COMODO Security Solutions Inc.)
Dashcam Viewer version 2.7.6 (64-bit) (HKLM-x32\...\Dashcam Viewer_is1) (Version: 2.7.6 (64-bit) - )
DDC Driver 1.5 (HKLM-x32\...\DDC Driver_is1) (Version: - )
DeezLoader Remaster 4.1.2 (only current user) (HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\cf593a38-21bb-5a94-b76f-49ad187dd0c1) (Version: 4.1.2 - Ivan de la Beldad Fernandez)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.11 - NVIDIA Corporation) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 58.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Duplicate Photo Finder (HKLM-x32\...\{BD3E81AE-877E-4AFB-BF62-13C32F9DE12D}}_is1) (Version: 1.4.4 - Ashisoft)
DWG FastView - English (HKLM-x32\...\DWG FastView_en_ww) (Version: - Gstarsoft Co.,Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EaseUS Todo Backup 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Everything 1.4.1.895 (x64) (HKLM\...\Everything) (Version: 1.4.1.895 - David Carpenter)
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
FontForge version 07-04-2016 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 07-04-2016 - FontForgeBuilds)
Fundy Designer 7 version 7.6.19 (HKLM\...\{85dee4e3-c2e4-4fb2-8ae9-78a06e1c96d7}_is1) (Version: 7.6.19 - Fundy Software)
GameSessions Data Delivery x64 (HKLM\...\{6AC64924-363E-4CBD-BAD6-1CA9B6C1A4D4}) (Version: 1.28.455.0 - Tangentix Ltd)
GameSessions Data Delivery x86 (HKLM-x32\...\{5C45AB3B-862A-4BC7-8725-492835D3E52F}) (Version: 1.28.470.0 - Tangentix Ltd)
GameSessions Runtime x64 (HKLM\...\{65DF8FB2-E3A4-4D88-9500-50B1013CFA9E}) (Version: 1.28.445.0 - Tangentix Ltd)
GameSessions Runtime x86 (HKLM-x32\...\{CB298992-0A07-470C-B176-6045432A506C}) (Version: 1.28.470.0 - Tangentix Ltd)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.)
Grapholite (HKLM-x32\...\{A043A728-C0CD-4B5E-BA65-E7DC543FFCC4}) (Version: 3.0.1 - Aphalina)
iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
iExplorer (HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\2ee35ebaf226322a) (Version: 4.1.11.0 - Macroplant LLC)
Imagenomic Portraiture 2 Lightroom Plug-in (build 2343) (HKLM\...\ImagenomicPortraitureLightroomPlugin) (Version: - )
Indigo Renderer x64 v4.0.64 (HKLM-x32\...\Indigo Renderer x64 v4.0.64) (Version: 4.0.64 - Glare Technologies Ltd.)
Intel(R) Driver Update Utility 2.4 (HKLM-x32\...\{B731F5C4-E304-4DFA-9C84-F67FF849B408}) (Version: 2.4.0.15 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Intel(R) Product Improvement Program (HKLM-x32\...\{59801D62-FD8D-45AD-865D-6FC80C4C70DF}) (Version: 2.1.26 - Intel) Hidden
Intel(R) Product Improvement Program (HKLM-x32\...\{E954D7C1-36FA-4FE8-8927-97DBDEB5A15F}) (Version: 2.1.27.3 - Intel) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{1b09c4de-9cae-4122-b17c-65d395062b50}) (Version: 2.4.0.15 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.438464.135 - Comodo)
iTSfv 5.60.25 BETA (HKLM-x32\...\iTSfv_is1) (Version: - BetaONE)
iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.5 - PandoraTV)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Makesoft DuplicateFinder version 1.1.4 (HKLM-x32\...\Makesoft DuplicateFinder_is1) (Version: 1.1.4 - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Core SDK - 2.1.201 (x64) (HKLM-x32\...\{d27a4039-4055-49f4-931d-8373d9449e3d}) (Version: 2.1.201 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.301 (x64) (HKLM-x32\...\{faf6feb2-1788-41aa-ae3b-4aed0ec403d7}) (Version: 2.1.301 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{5F01B3C4-9BEC-465D-9C68-BB97D381FFAD}) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (ENU) (HKLM-x32\...\{C80951BD-6904-474F-BBC5-03A6C777F37C}) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{A18D4C2A-07A8-40E4-9797-DD324E6EA4FC}) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2012 (HKLM\...\{ECD4DC16-1BCA-4857-A54F-CE37E546EA78}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft SQL Server 2005 Analysis Services 9.0 OLEDB Provider (HKLM\...\{B76C25FB-559A-45F4-AC66-C2B71E334030}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server 2012 ADOMD.NET (HKLM\...\{CCE53EB0-428B-4AA7-B691-D8A543333937}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{EE99006A-F227-41BA-884C-C3AF9642D95A}) (Version: 14.0.3006.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM-x32\...\{FBD0D997-4E36-4B10-8471-BD7CF42ECE7F}) (Version: 14.0.3006.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{5e4b593b-ca3c-429c-bc49-b51cbf46e72a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.16.1247.518 - Microsoft Corporation)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version: - MiniTool Solution Ltd.)
Mp3tag v2.90a (HKLM-x32\...\Mp3tag) (Version: 2.90a - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.4.2 - MusicBrainz)
NordVPN (HKLM-x32\...\{CFCB0189-C54E-4FDF-9D27-F2D886DEFE18}) (Version: 6.17.6 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.17.6) (Version: 6.17.6 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NoteBurner iTunes DRM Audio Converter 2.2.2 (HKLM-x32\...\NoteBurner iTunes DRM Audio Converter) (Version: 2.2.2 - NoteBurner)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA Graphics Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.11 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Update 2.13.0.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.13.0.21 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Opera Stable 55.0.2994.44 (HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Opera 55.0.2994.44) (Version: 55.0.2994.44 - Opera Software)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Photo Mechanic 5 (HKLM-x32\...\{DE924CF0-B8BB-42BA-BDA0-14535F79DF3F}) (Version: 5.0 - Camera Bits, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8451 - Realtek Semiconductor Corp.)
Remo Duplicate Photos Remover (HKLM\...\Remo Duplicate Photos Remover_is1) (Version: 1.0.0.4 - Remo Software)
Remove Empty Directories version 2.2 (Admin Editon) (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 (Admin Editon) - Jonas John)
RoboForm 8-5-4-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-5-4-4 - Siber Systems)
RogueKiller version 12.13.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.3.0 - Adlice Software)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScreenToGif (HKLM-x32\...\{06B887AB-AD16-43F4-AAEB-B113EB2CDD8C}) (Version: 2.13.3 - Nicke Manarin)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 1.40.002 - Portrait Displays, Inc.) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18052.28 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18052.28 - Samsung Electronics Co., Ltd.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Spotify (HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\Spotify) (Version: 1.0.83.318.g6c07039d - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SQL Server 2008 R2 Analysis Services OLE DB Provider (HKLM\...\{59DB5B2B-7DAB-4F99-A727-B1D3D418FAA1}) (Version: 10.53.6000.34 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1264 - SUPERAntiSpyware.com)
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
Synaptics WBF DDK (HKLM\...\{963DDEF5-52CF-4313-81D9-B186B89C0A57}) (Version: 4.5.289.0 - Synaptics)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.4 - Synthesia LLC)
Tag&Rename 3.9.15 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.15 - Softpointer Inc)
TeamDrive (HKLM-x32\...\TeamDrive) (Version: 4.5.2.1774 - TeamDrive Systems GmbH)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.4.10.2 - Seagate)
TunesKit Audio Capture 1.0.6.6 (HKLM-x32\...\TunesKit Audio Capture_is1) (Version: - TunesKit, Inc.)
TypeScript SDK (HKLM-x32\...\{6BCAE42F-7CA9-49BA-AA9E-078A21E2A3BD}) (Version: 2.8.4.0 - Microsoft Corporation) Hidden
UltraSearch V2.1.2 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.1.2 - JAM Software)
Visual Studio Community 2017 (HKLM-x32\...\41ef9162) (Version: 15.7.27703.2035 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VS Script Debugging Common (HKLM\...\{48C2D1FA-9F23-40E1-9F16-6A3CA6A78915}) (Version: 16.0.94.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{5DFEB1ED-29B8-44F0-8615-DE758242B0E2}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{B6600254-A9D1-4265-826B-28B0E28C1F37}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{EF15DAFE-8E43-48E6-AE94-CBA196675318}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9B1DD088-CF09-46A1-8B42-18D231B19E39}) (Version: 15.7.27604 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{F5BCAD30-D22C-4B08-A581-1EBE3A35C6B1}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\WinDirStat) (Version: - )
Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XnView 2.43 (HKLM-x32\...\XnView_is1) (Version: 2.43 - Gougelet Pierre-e)
XnViewMP 0.90 (HKLM\...\XnViewMP_is1) (Version: 0.90 - Gougelet Pierre-e)
XRD i1d3 (HKLM-x32\...\{2FBECB25-33F6-4964-81D1-A2CCF555CAE6}) (Version: 1.0.135 - X-Rite) Hidden
X-Rite Device Services Manager (HKLM-x32\...\{C665E881-CE55-4156-A4A6-7C55D645FD4E}) (Version: 2.4.1 - X-Rite)

Sheepdisease · 2018/10/07

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3028567812-2178505071-757855141-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-844DDF8B2988}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3028567812-2178505071-757855141-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ teamdrive_1_Sync] -> {E94EFFA4-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [ teamdrive_2_Warning] -> {E94EFFA5-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [ teamdrive_3_Folder] -> {E94EFFA6-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [ teamdrive_4_Published] -> {E94EFFA7-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [ teamdrive_5_Locked] -> {E94EFFA8-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [ teamdrive_6_Old] -> {E94EFFA9-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [ teamdrive_7_Download] -> {E94EFFAA-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [ teamdrive_8_ReadConf] -> {E94EFFAB-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ teamdrive_1_Sync] -> {E94EFFA4-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [ teamdrive_2_Warning] -> {E94EFFA5-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [ teamdrive_3_Folder] -> {E94EFFA6-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [ teamdrive_4_Published] -> {E94EFFA7-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [ teamdrive_5_Locked] -> {E94EFFA8-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [ teamdrive_6_Old] -> {E94EFFA9-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [ teamdrive_7_Download] -> {E94EFFAA-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [ teamdrive_8_ReadConf] -> {E94EFFAB-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-13] (COMODO)
ContextMenuHandlers1: [DropboxExt] -> [CC]{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> [CC]{6351E20C-35FA-4BE3-98FB-4CABF1363E12} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> [CC]{89D984B3-813B-406A-8298-118AFA3A22AE} => -> No File
ContextMenuHandlers1: [SageThumbs] -> [CC]{4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => -> No File
ContextMenuHandlers1: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers1: [TagRenameShellExt] -> [CC]{B806EC81-446D-40C8-A955-315B8519E938} => -> No File
ContextMenuHandlers1: [teamdrive] -> [CC]{E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-13] (COMODO)
ContextMenuHandlers2: [Mp3tagShell] -> [CC]{6351E20C-35FA-4BE3-98FB-4CABF1363E12} => -> No File
ContextMenuHandlers2: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [DropboxExt] -> [CC]{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> [CC]{6351E20C-35FA-4BE3-98FB-4CABF1363E12} => -> No File
ContextMenuHandlers4: [PMShellExt] -> [CC]{D33CAA34-6010-4798-A3A3-11600C03EDDB} => -> No File
ContextMenuHandlers4: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers4: [teamdrive] -> [CC]{E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-01] (NVIDIA Corporation)
ContextMenuHandlers5: [teamdrive] -> {E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll [2017-08-11] (TeamDrive Systems GmbH)
ContextMenuHandlers6: [AccExt] -> [CC]{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => -> No File
ContextMenuHandlers6: [Comodo Antivirus] -> [CC]{4255A182-CAD9-4214-A19B-7BA7FB633BBD} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [TagRenameShellExt] -> [CC]{B806EC81-446D-40C8-A955-315B8519E938} => -> No File
ContextMenuHandlers6: [teamdrive] -> [CC]{E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02540FFC-2D68-4872-98BE-B456AF21044C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-22] (NVIDIA Corporation)
Task: {04207033-1333-48EB-A837-E3D07A17E11F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0E4EBDE5-FBB6-4A27-8B27-8B1C012D9BDA} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation)
Task: {14E15CC4-E332-4B2F-8F4A-3DC587FFB489} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-22] (NVIDIA Corporation)
Task: {1CFCE1DC-1DF2-4303-8D8D-0E3023FBC8FD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-22] (NVIDIA Corporation)
Task: {207AD0E9-29D8-4D0F-AA9A-02472333CD54} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLJJMGMIMOJHMLJLMCNGMKMKMKJCNLMNJIMIMCNOJHMNMLMCNOMKMOJPMJMGMJJLJKMNMGMKJJNJICMHMCNKMCNLMFMOMOMCNNMHMKMCNOMIMOMMMLMFMPMCNPMCNOMIMOMMMLMCNNMJNPICMOMFMEKMICNJJCKFMHMGMLMJNHICMEKMICNJJCKJNBJCMMKHJKJKJPILJGJMIKJOJMIKJPLIJCJOJGJD (the data entry has 126 more characters).
Task: {20B6D3C7-048B-415A-B943-7C8656A18CA6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-02] (Microsoft Corporation)
Task: {2F5BDDB2-B9BF-4395-B0D3-601697BA4274} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-07] (Piriform Ltd)
Task: {4114B3A6-775D-4746-B7FF-5937117E2F10} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-02] (Microsoft Corporation)
Task: {44DE3F19-F9D9-4D57-8914-1F22BD0AB405} - System32\Tasks\{6D1D546D-AEA9-4C03-BB91-F6B08A3FA62E} => c:\users\User\appdata\local\programs\opera\launcher.exe [2018-08-23] (Opera Software)
Task: {47EE4EC8-266A-44A1-A384-1ED5AC954A7F} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2016-08-15] (X-Rite Inc.)
Task: {4A7D2ED9-79C6-4E6E-BB91-2D152BF943CF} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe [2017-08-04] ()
Task: {4CF4E659-E613-4B64-9498-6D36A2873D7D} - System32\Tasks\Opera scheduled Autoupdate 1460185523 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [2018-08-23] (Opera Software)
Task: {4D72C6F7-94C8-4F45-93E7-F20EF8EC7680} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {52DAAAC1-0497-43F0-A865-E2E3A2D6B591} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-02] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6AC97FA3-AA92-4609-BA1D-362741B0BD91} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-03-13] (COMODO)
Task: {6D3D6124-FAC2-4FC3-87AE-DE89DBB8B2EF} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation)
Task: {70CCF8BE-6D7B-44D9-84A3-98C32A692CD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-02] (Microsoft Corporation)
Task: {757C3245-5666-4D49-96DA-152D6600F6AC} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {77F4B09B-F4D9-4CF6-9CDD-098E4EB47DA6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-06-26] (Apple Inc.)
Task: {7CB55390-CFE4-4216-9DD6-53D6C607CA8F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-26] (Dropbox, Inc.)
Task: {7FFF0CCB-0984-46A7-9AC1-BADCE06B6BBB} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {824E7054-2212-4531-BDFF-B4A6C9D1A4E3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-09-20] (Siber Systems)
Task: {83D65EE3-E430-4F78-950D-425406F2164B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-02] (Microsoft Corporation)
Task: {87EB4248-6487-4F52-9E25-B5098ABB0B72} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-07] (Piriform Ltd)
Task: {93C57449-14A5-4A79-85FB-DA7F75E63F87} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {A0D71701-7DAF-42D2-9146-24C0218ADF6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {AC891FFE-5F39-496E-964D-F55367D5D9DB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-26] (Dropbox, Inc.)
Task: {AEF22AD5-C1B7-4EF3-A0AB-6C31E614FCD2} - System32\Tasks\Chameleon Folder-User => "C:\Program Files (x86)\Chameleon Explorer\ChameleonFolder.exe"
Task: {B31D4BEB-8A7E-48EE-95C2-6564109F09EE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {B686EAD9-5506-4752-9946-4223BEBAFEE4} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {BA717FD3-0673-4506-8D9C-223C330EA694} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-03-13] (COMODO)
Task: {BC64EEB9-520C-4AF4-B5A1-886C3598EF08} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {C0707833-9D77-461F-8D93-2D868B8A73B1} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {D24B3DBD-823A-4613-BA37-C6CF28933382} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {D28C2620-89FB-4E96-92DE-001C84A225C4} - System32\Tasks\{DA212052-D3CB-4505-A7EA-0E4490185BCD} => c:\users\User\appdata\local\programs\opera\launcher.exe [2018-08-23] (Opera Software)
Task: {D31EB9D8-1A57-45D1-B570-FDD00EC2EB88} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-04-09] (Intel Corporation)
Task: {DDC91E66-A5D9-4444-919C-47D69F1900D3} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-mrsgemmaUser@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {DE0DAC4E-38AB-41BC-837A-40B59E101361} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {E0A3C134-686F-4004-9823-5BD0EEB3C048} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {E501281F-CAA8-43F7-B044-55131E845975} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {E80D62BD-1EC5-4DA2-A7BF-398CEA081451} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation)
Task: {EFAF80CC-A080-40C3-BD30-0E53DE88F4B8} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-03-13] (COMODO)
Task: {EFF372CE-6C92-4968-9FBB-70878F336FBF} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {FD3AD88F-EB59-44EE-A063-2BF3D0D41871} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

Sheepdisease · 2018/10/07

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-12 18:56 - 2016-08-12 18:56 - 000093376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
2016-12-28 00:17 - 2018-03-13 18:18 - 000160960 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-12-28 00:16 - 2018-03-13 18:17 - 000244416 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-12-28 00:16 - 2018-03-13 18:17 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-18 07:46 - 2018-09-15 03:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-14 17:05 - 2017-08-14 17:05 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-08-29 01:43 - 2017-08-29 01:43 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-04-15 13:22 - 2018-06-01 09:39 - 000137664 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2018-09-28 19:42 - 2018-09-28 19:42 - 004178432 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1808.2461.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-28 19:42 - 2018-09-28 19:42 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1808.2461.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-29 19:47 - 2018-09-05 19:55 - 102209112 _____ () C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\opera_browser.dll
2018-08-29 19:47 - 2018-08-29 19:47 - 004832856 _____ () C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\libglesv2.dll
2018-08-29 19:47 - 2018-08-29 19:47 - 000116312 _____ () C:\Users\User\AppData\Local\Programs\Opera\55.0.2994.44\libegl.dll
2017-10-08 08:48 - 2017-10-08 08:48 - 000579032 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\AgKernel.dll
2017-10-08 09:02 - 2017-10-08 09:02 - 069764056 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\libcef.dll
2017-10-08 08:58 - 2017-10-08 08:58 - 000827352 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\WFCore.dll
2017-10-08 08:58 - 2017-10-08 08:58 - 000262616 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\WFSQLite.dll
2017-10-08 08:58 - 2017-10-08 08:58 - 000079320 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\WFWeb.dll
2017-10-08 08:58 - 2017-10-08 08:58 - 001696728 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\WFOzClient.dll
2017-10-08 08:58 - 2017-10-08 08:58 - 000028632 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\LightroomModels.dll
2017-10-08 09:02 - 2017-10-08 09:02 - 000116184 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\moxplugins\AppManagerLR.mox
2017-10-08 09:02 - 2017-10-08 09:02 - 000203224 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\moxplugins\wpdmanager.mox
2018-10-02 14:20 - 2018-06-23 05:58 - 003014144 _____ () C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\MIDI2LR.lrplugin\MIDI2LR.exe
2017-10-08 08:52 - 2017-10-08 08:52 - 000124376 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MOVOEM_Handler.xpi
2017-10-08 08:52 - 2017-10-08 08:52 - 000124376 _____ () C:\Program Files\Adobe\Adobe Lightroom Classic CC\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MP4OEM_Handler.xpi
2018-07-12 07:23 - 2018-07-12 07:23 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-12-02 07:30 - 2017-11-26 23:20 - 004588032 _____ () C:\Program Files (x86)\Makesoft\DuplicateFinder\MakesoftDuplicateFinder.exe
2018-09-11 12:10 - 2018-09-11 12:10 - 000437200 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2018-07-24 13:50 - 2018-07-24 13:50 - 000119167 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libpkcs11-helper-1.dll
2018-07-24 13:50 - 2018-07-24 13:50 - 000217887 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\liblzo2-2.dll
2018-05-24 13:45 - 2018-05-24 13:45 - 000178176 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.OpenvpnFwHelperPlugin.dll
2018-05-24 13:45 - 2018-05-24 13:45 - 000337920 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.Firewall.dll
2016-03-16 10:25 - 2017-09-07 09:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2018-06-17 20:53 - 2018-06-08 10:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-17 20:53 - 2018-06-08 10:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 001296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000173760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000056512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000128192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000485416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL
2016-08-12 18:55 - 2016-08-12 18:55 - 000085184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000298024 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000473640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000114880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000220864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000021184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000021696 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\fsclog.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000114368 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\RemoteInstall.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000025280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCInit.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000207552 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCMsgCenter.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000196288 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\NetComm.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000126656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCLogCli.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000037568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\LocalDB.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000536256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\sqlite.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000151232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCTaskCli.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000045760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCNetToken.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000846016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\HostMgr.dll
2016-08-12 18:56 - 2016-08-12 18:56 - 000048320 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\TBActivation.dll
2015-07-13 10:33 - 2015-07-13 10:33 - 001592832 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 14:03 - 2013-06-21 14:03 - 002633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2016-08-12 18:55 - 2016-08-12 18:55 - 000224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2018-05-24 13:45 - 2018-05-24 13:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2017-04-03 21:18 - 2017-04-03 21:18 - 000213504 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2017-08-29 01:43 - 2017-08-29 01:43 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2017-08-14 17:05 - 2017-08-14 17:05 - 000073384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

Sheepdisease · 2018/10/07

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\RtCamU64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Caf64api.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CAF64APO2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64Proxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fbnative.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ftd2xx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4380.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4474.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4483.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4568.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LkmdfCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LMouFiltCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6436472.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6436869.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6436881.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437633.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6436472.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6436869.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6436881.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437633.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCamO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCamP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCamX64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SynTPCo31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPCo45.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\valWBFPolicyService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vcomp110.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vcsAPIFORWBF.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFUpdate_01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFUpdate_01009.dll:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftd2xx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftUpdateCatalogWebControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RtCamP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RtCamX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bcbuvmmq.sys:changelist [1090]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DDCDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eubakup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EUBKMON.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eudskacs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EuFdDisk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\HpqKbFiltr64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\LEqdUsb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\LHidEqd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\LHidFilt.Sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\LMouFilt.Sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdiports.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rtsuvc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SNTUSB64.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\taphss6.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cisF62A.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

Sheepdisease · 2018/10/07

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33833765.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33833765.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: SageThumbsImage.scr => <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-04-09 08:16 - 2018-09-30 04:37 - 000001431 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3028567812-2178505071-757855141-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 103.86.99.99 - 103.86.96.96
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: dnscrypt-proxy => 2
MSCONFIG\Services: dnscrypt-proxy-secondary => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: Everything => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: ViscosityService => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "DeathAdder"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "AudialsNotifier"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "ElcomSoft DPR Server"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "TIDAL"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-3028567812-2178505071-757855141-1001\...\StartupApproved\Run: => "utweb"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E86B6B7B-F56B-4E65-A34D-E23099D06934}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [UDP Query User{452A4939-47CE-465D-B6C7-0A82FA3495B9}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{55D25A06-6CCF-4621-BDA2-09B0E5A413D0}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{28F66E89-38B1-442C-8782-27E183F500F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{061CC09B-327F-4493-91BC-170BB12CD001}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86433E36-FCD2-4133-A1FD-A9F96FA33148}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EF157B6-63E0-4BB6-A865-3A37044765CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97E56AFB-78D1-479B-A039-5076C8F0FDCE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7019C2EA-92EE-4FF9-BF64-4306DC034F6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AAADAD53-D156-4EE6-9BA8-70A7F5DCD648}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5120C827-C077-4EB7-805A-4E1673C1CDB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{236F7DCB-28FE-45C8-BD80-273E023E2E6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DCAAA16B-7B62-419C-86B5-2B04D3CEC83B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{B5AE8BC9-6A41-4873-B765-9BE924125FF9}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{2FE5021C-B38E-4135-8818-BE86FF568589}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{B92E1496-C48E-4577-934C-C84278781654}C:\users\User\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\User\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8899CA4D-3AB7-4866-9E2A-4A3627FCB28F}C:\users\User\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\User\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{9D6D5ED0-9750-45DB-9302-81B1E7D17FF0}C:\users\User\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\User\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3892B479-3C16-459D-841E-B8B3973B6979}C:\users\User\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\User\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DE897CCA-76A1-4BA8-B909-C68DACACA418}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
FirewallRules: [{84D0AA9D-E4FC-459D-9BCA-58D61EF31D64}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{D51EFBAF-7352-4642-9613-FD1DC574E63E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{CB9B7758-3D4E-4FB5-944A-ACC40863E60A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{3425B261-DAF8-437E-BBF4-329F58C2B38A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{C0DE4584-AE29-4DBB-98A2-496F2F38F8AE}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{39411C81-1367-4CA1-8622-DBD519F6D2C4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{6FAC284D-0EA5-4175-96E2-7C3EE2D927A9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7B8BBA8C-BA3D-4FE9-9C31-B21C8328DAB3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{37396E74-63D3-445C-8164-741A078C8F20}] => (Allow) LPort=5454
FirewallRules: [TCP Query User{8E3ED4F9-9004-4B35-9695-801E18545CA9}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [UDP Query User{23D32B55-CAC6-4115-808A-34CC45008D7A}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [{690C263B-71A8-48C4-B12B-735A77D392DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2F1FE9DD-9F24-4962-91A9-87C64958B7A8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{984A1307-654B-40AD-8EA7-F5287618FBC1}] => (Allow) C:\Program Files\Tangentix\DDRuntime\GSLauncher.exe
FirewallRules: [{3F18AF2C-8CF6-4092-89E5-73FCEC7407DB}] => (Allow) LPort=8733
FirewallRules: [TCP Query User{DEA88639-75D0-4CE0-92DC-E9B7F34A1877}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe
FirewallRules: [UDP Query User{2BBE2770-F15B-43C6-A93C-403B655BB1BF}C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe] => (Allow) C:\program files (x86)\camera bits\photo mechanic 5\photo mechanic.exe
FirewallRules: [{F62467C4-4F5D-4955-B544-0A748F2BD359}] => (Allow) LPort=5454
FirewallRules: [{E746797D-435A-4399-9711-00FC79BBE09C}] => (Allow) C:\Program Files (x86)\Tangentix\DDRuntime\GSLauncher.exe
FirewallRules: [{38384B13-F930-4B16-BFE4-F7CE65CC222A}] => (Allow) C:\Program Files (x86)\Audials\Audials 2018\Audials.exe
FirewallRules: [TCP Query User{CBEADB88-535A-48CD-B84F-0175148DBEF6}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{CABAB761-5559-4063-BD12-BE2B6FE502BD}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{F7507A13-C841-43E2-B425-93027CAD64F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{26FB5297-CFA8-4E51-97B0-83A77C23F4C1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B4561661-2E64-472A-A47D-B36160939260}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C772F88A-FB5F-43A5-B393-8ADFF99454A6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6399B41B-D90C-4E92-89F1-D45F31009497}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{500776E9-5291-4CD0-9689-148C227C6CD9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BC411090-056A-4CD8-A030-3508AC7CF6A1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{500C7CC0-2E50-4511-A3E7-BF3DC4989773}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{9C1DFA01-9D5B-4FBF-8B21-FF212E0260F9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{75551F16-731B-4134-A5C9-C5BEE1CFBD38}] => (Allow) C:\Program Files (x86)\Audials\Audials 2019\Audials.exe
FirewallRules: [{F3D6177C-8584-445D-BCEC-E7C78D5AB921}] => (Allow) LPort=12972
FirewallRules: [{FE8769D3-2F87-4833-85A9-CCE5028FD6EF}] => (Allow) LPort=14714
FirewallRules: [{F0F1D298-DF5A-42FC-945C-C76F4F6954FA}] => (Allow) LPort=31931

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2018 02:59:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "A:\Downloads\Software\Security\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_fb43982d306480cc.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_42f0cf0444e0a9d2.manifest.

Error: (10/06/2018 12:38:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Faulting module name: launcher.exe, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Exception code: 0x80000003
Fault offset: 0x0000000000040483
Faulting process ID: 0x1fc0
Faulting application start time: 0x01d45d690e356137
Faulting application path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Faulting module path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Report ID: b1ee9e1c-64d3-4462-914c-cc6f9777dcd5
Faulting package full name:
Faulting package-relative application ID:

Error: (10/06/2018 08:07:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "A:\Downloads\Software\Security\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_fb43982d306480cc.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.286_none_42f0cf0444e0a9d2.manifest.

Error: (10/06/2018 06:37:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Faulting module name: launcher.exe, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Exception code: 0x80000003
Fault offset: 0x0000000000040483
Faulting process ID: 0x4494
Faulting application start time: 0x01d45d36b156bca9
Faulting application path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Faulting module path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Report ID: e9414606-6298-4166-b4c1-7000cc6e5de5
Faulting package full name:
Faulting package-relative application ID:

Error: (10/06/2018 12:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Faulting module name: launcher.exe, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Exception code: 0x80000003
Fault offset: 0x0000000000040483
Faulting process ID: 0x41b8
Faulting application start time: 0x01d45d0452db4465
Faulting application path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Faulting module path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Report ID: ee4501b7-14e4-4906-86ef-1c045f6e62b1
Faulting package full name:
Faulting package-relative application ID:

Error: (10/05/2018 07:48:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Faulting module name: launcher.exe, version: 55.0.2994.44, time stamp: 0x5b7dd74a
Exception code: 0x80000003
Fault offset: 0x0000000000040483
Faulting process ID: 0x42c0
Faulting application start time: 0x01d45cdbf6a29de8
Faulting application path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Faulting module path: C:\Users\User\AppData\Local\Programs\Opera\launcher.exe
Report ID: 68b4be85-b861-4478-8016-72c785267920
Faulting package full name:
Faulting package-relative application ID:

Error: (10/05/2018 06:56:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/05/2018 06:56:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

System errors:
=============
Error: (10/06/2018 03:15:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/06/2018 03:13:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/06/2018 03:11:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/06/2018 03:09:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/06/2018 03:07:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/06/2018 03:05:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/06/2018 03:03:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (10/06/2018 03:01:06 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================

Date: 2018-10-06 15:15:38.517
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-06 15:15:15.645
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-06 15:02:37.888
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-06 14:47:37.345
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-06 14:32:37.333
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-06 14:16:00.440
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-06 14:08:55.175
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-06 14:01:08.417
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 79%
Total physical RAM: 8114.27 MB
Available physical RAM: 1642.16 MB
Total Virtual: 15961.17 MB
Available Virtual: 3706.37 MB

==================== Drives ================================

Drive a: (Documents) (Fixed) (Total:780.47 GB) (Free:219.75 GB) NTFS
Drive c: (Windows) (Fixed) (Total:125.27 GB) (Free:30.79 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.79 GB) (Free:2.63 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{c3c2d54a-79fa-4c15-b823-b2c490e3258f}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.33 GB) NTFS
\\?\Volume{0bbec159-f267-4528-bd5b-64530b75b4db}\ () (Fixed) (Total:0.96 GB) (Free:0.32 GB) NTFS
\\?\Volume{cbeff987-c052-487f-9bb7-4825f02aeef3}\ () (Fixed) (Total:0.25 GB) (Free:0.14 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 71537D16)

Partition: GPT.

==================== End of Addition.txt ============================

Sheepdisease · 2018/10/07

Shortcut.txt

Users shortcut scan result (x64) Version: 06.10.2018
Ran by User (06-10-2018 15:18:57)
Running from A:\Downloads\Software\Security\FRST\scoped_dir15356_581
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge\FontForge console.lnk -> C:\Program Files (x86)\FontForgeBuilds\fontforge.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bliss\Uninstall bliss.lnk -> C:\Program Files (x86)\bliss\bin\uninstall.bat ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> A:\ ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> A:\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> A:\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> A:\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> A:\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\User ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk -> C:\Program Files\Adobe\Adobe Illustrator CC 2018\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2018.lnk -> C:\Program Files\Adobe\Adobe InDesign CC 2018\InDesign.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic CC.lnk -> C:\Program Files\Adobe\Adobe Lightroom Classic CC\Lightroom.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk -> C:\Program Files\Adobe\Adobe Media Encoder CC 2017\Adobe Media Encoder.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk -> C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{A30EA700-5515-48F0-88B0-9E99DC356B88}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 2018.lnk -> C:\Program Files (x86)\Audials\Audials 2018\AudialsStarter.exe (Audials AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 2019.lnk -> C:\Program Files (x86)\Audials\Audials 2019\AudialsStarter.exe (Audials AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beats Audio.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk -> C:\Program Files (x86)\Belarc\BelarcAdvisor\BelarcAdvisor.exe (Belarc, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\Blend.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dashcam Viewer.lnk -> C:\Program Files (x86)\Dashcam Viewer\Dashcam Viewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk -> C:\Program Files (x86)\MusicBrainz Picard\picard.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia.lnk -> C:\Program Files (x86)\Synthesia\Synthesia.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolkit.lnk -> C:\Program Files (x86)\Toolkit\Toolkit.exe (Seagate Technology LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP\XnViewMP - Homepage.lnk -> C:\Program Files\XnViewMP\XnView Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP\XnViewMP.lnk -> C:\Program Files\XnViewMP\xnviewmp.exe (XnView, hxxp://www.xnview.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView\XnView - Homepage.lnk -> C:\Program Files (x86)\XnView\website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView\XnView.lnk -> C:\Program Files (x86)\XnView\xnview.exe (XnView, hxxp://www.xnview.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Rite\ColorMunki Display.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplay.exe (X-Rite)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch\UltraSearch Help.lnk -> C:\Program Files\JAM Software\UltraSearch\UltraSearch.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch\UltraSearch.lnk -> C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe (JAM Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch\Uninstall UltraSearch.lnk -> C:\Program Files\JAM Software\UltraSearch\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit Audio Capture\TunesKit Audio Capture.lnk -> C:\Program Files\TunesKit Audio Capture\AudioCapture.exe (TunesKit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit Audio Capture\Uninstall TunesKit Audio Capture.lnk -> C:\Program Files\TunesKit Audio Capture\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom HOME 2.lnk -> C:\Windows\Installer\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}\NewShortcut1_BB5D96B1D05B428EBAD4A437B7244768.exe (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive\TeamDrive.lnk -> C:\Program Files (x86)\TeamDrive\TeamDrive.exe (TeamDrive Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive\Uninstall TeamDrive.lnk -> C:\Program Files (x86)\TeamDrive\uninstall.exe (TeamDrive Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename\Tag&Rename help.lnk -> C:\Program Files (x86)\TagRename\TagRename.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename\Tag&Rename.lnk -> C:\Program Files (x86)\TagRename\TagRename.exe (Softpointer Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ColorMunki Display Tray.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\XRGamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Display\XRGamma.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster Help.lnk -> C:\Program Files (x86)\SpywareBlaster\sbhelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster.lnk -> C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt\SoulseekQt.lnk -> C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\Sophos Virus Removal Tool.lnk -> C:\Windows\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2018\LayOut.lnk -> C:\Program Files\SketchUp\SketchUp 2018\LayOut\LayOut.exe (Trimble, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2018\SketchUp 2018.lnk -> C:\Program Files\SketchUp\SketchUp 2018\SketchUp.exe (Trimble, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2018\Style Builder.lnk -> C:\Program Files\SketchUp\SketchUp 2018\Style Builder\Style Builder.exe (Trimble, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Smart Switch.lnk -> C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPC.exe (Samsung)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs\License.lnk -> C:\Program Files (x86)\SageThumbs\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs\Read Me.lnk -> C:\Program Files (x86)\SageThumbs\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs\Repair SageThumbs.lnk -> C:\Program Files (x86)\SageThumbs\repair.exe (Cherubic Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs\Uninstall SageThumbs.lnk -> C:\Program Files (x86)\SageThumbs\Uninst.exe (Cherubic Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\Generate Passwords.lnk -> C:\Program Files (x86)\Siber Systems\AI RoboForm\passwordgenerator.exe (Siber Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\RoboForm Editor.lnk -> C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe (Siber Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\TaskBar Icon.lnk -> C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remove Empty Directories\Remove Empty Directories.lnk -> C:\Program Files (x86)\Remove Empty Directories\RED2.exe (Remove Empty Directories)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remove Empty Directories\Uninstall Remove Empty Directories.lnk -> C:\Program Files (x86)\Remove Empty Directories\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Duplicate Photos Remover\Help Manual.lnk -> C:\Program Files\Remo Duplicate Photos Remover 1.0\rs-rduplicate.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Duplicate Photos Remover\Remo Duplicate Photos Remover.lnk -> C:\Program Files\Remo Duplicate Photos Remover 1.0\rs-rduplicate.exe (Remo Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Duplicate Photos Remover\Uninstall Remo Duplicate Photos Remover.lnk -> C:\Program Files\Remo Duplicate Photos Remover 1.0\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Duplicate Photos Remover\Update Wizard.lnk -> C:\Program Files\Remo Duplicate Photos Remover 1.0\rsupdate.EXE (Sunisoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Mechanic 5\Photo Mechanic 5.lnk -> C:\Program Files (x86)\Camera Bits\Photo Mechanic 5\Photo Mechanic.exe (Camera Bits, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Mechanic 5\ReadMe.lnk -> C:\Program Files (x86)\Camera Bits\Photo Mechanic 5\ReadMe.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Uninstall PeerBlock.lnk -> C:\Program Files\PeerBlock\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\ReadMe.lnk -> C:\Program Files\PeerBlock\readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN\NordVPN.lnk -> C:\Program Files (x86)\NordVPN\NordVPN.exe (NordVPN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag Help.lnk -> C:\Program Files (x86)\Mp3tag\help\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag.lnk -> C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Version history.lnk -> C:\Program Files (x86)\Mp3tag\Mp3tagVersion.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0\MiniTool Power Data Recovery 7.0.lnk -> C:\Program Files\PowerDataRecovery\powerdatarecovery.exe (MiniTool Solution Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0\Uninstall MiniTool Power Data Recovery.lnk -> C:\Program Files\PowerDataRecovery\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI2LR\Uninstall MIDI2LR.lnk -> C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\MIDI2LR.lrplugin\uninstallMIDI2LR.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Makesoft\DuplicateFinder.lnk -> C:\Program Files (x86)\Makesoft\DuplicateFinder\MakesoftDuplicateFinder.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Unifying\Logitech Unifying Software.lnk -> C:\Program Files\Common Files\LogiShrd\Unifying\DJCUHost.exe (Logitech, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.8.0_131\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility\Intel(R) Driver Update Utility 2.4.lnk -> C:\Program Files (x86)\Intel Driver Update Utility\DriverUpdateUI.exe (Intel)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic\Portraiture 2 Lightroom Plug-in\License Agreement.lnk -> C:\Program Files\Imagenomic\Portraiture 2 Lightroom Plug-in\EULA.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic\Portraiture 2 Lightroom Plug-in\Portraiture 2 Lightroom Plug-in User's Guide.lnk -> C:\Program Files\Imagenomic\Portraiture 2 Lightroom Plug-in\PortraiturePluginUsersGuide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic\Portraiture 2 Lightroom Plug-in\Uninstall Portraiture 2 Lightroom Plug-in.lnk -> C:\Program Files\Imagenomic\Portraiture 2 Lightroom Plug-in\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GstarSoft\DWG FastView\DWG FastView.lnk -> C:\Program Files\Gstarsoft\DWG FastView\gcad.exe (Gstarsoft Co.,Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GstarSoft\DWG FastView\Uninstall DWG FastView.lnk -> C:\Program Files\Gstarsoft\DWG FastView\Setup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GstarSoft\DWG FastView\Website.lnk -> C:\Program Files\Gstarsoft\DWG FastView\Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grapholite\Grapholite.lnk -> C:\Windows\Installer\{A043A728-C0CD-4B5E-BA65-E7DC543FFCC4}\_F7979825AF49359E0E1C9B.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript Readme 9.19.LNK -> C:\Program Files\gs\gs9.19\doc\Readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript\Uninstall Ghostscript 9.19.LNK -> C:\Program Files\gs\gs9.19\uninstgs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge\FontForge interactive console.lnk ->

Sheepdisease · 2018/10/07

C:\Program Files (x86)\FontForgeBuilds\fontforge-console.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge\FontForge.lnk -> C:\Program Files (x86)\FontForgeBuilds\run_fontforge.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge\Uninstall FontForge.lnk -> C:\Program Files (x86)\FontForgeBuilds\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files\FileZilla FTP Client\uninstall.exe (Tim Kosse)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2\EaseUS Todo Backup 9.2.lnk -> C:\Program Files (x86)\EaseUS\Todo Backup\bin\Loader.exe (CHENGDU YIWO Tech Development Co., Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2\Generate report.lnk -> C:\Program Files (x86)\EaseUS\Todo Backup\bin\ErrorReport.exe (CHENGDU YIWO Tech Development Co., Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2\Uninstall EaseUS Todo Backup 9.2.lnk -> C:\Program Files (x86)\EaseUS\Todo Backup\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard\EaseUS Data Recovery Wizard.lnk -> C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW.exe (CHENGDU YIWO Tech Development Co., Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard\Uninstall EaseUS Data Recovery Wizard.lnk -> C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Finder\Duplicate Photo Finder.lnk -> C:\Program Files (x86)\Duplicate Photo Finder\dpf.exe (Ashisoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Finder\Uninstall Duplicate Photo Finder.lnk -> C:\Program Files (x86)\Duplicate Photo Finder\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin\Dolphin.lnk -> C:\Program Files\Dolphin\Dolphin.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin\Uninstall Dolphin.lnk -> C:\Program Files\Dolphin\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost\Uninstall.lnk -> C:\Program Files\CyberGhost 6\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bliss\Start bliss.lnk -> C:\Program Files (x86)\bliss\bin\bliss.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetaONE\iTSfv\iTSfv.lnk -> C:\Program Files (x86)\iTSfv\iTSfv.exe (SourceForge, Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 64-bit fixes\Adobe PDF preview handler 64-bit fixer.lnk -> C:\Program Files (x86)\Adobe Reader 64-bit fixes\Adobe Reader preview handler x64 fixer.exe (www.pretentiousname.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\User\Links\Desktop.lnk -> A:\Desktop ()
Shortcut: C:\Users\User\Links\Downloads.lnk -> A:\Downloads ()
Shortcut: C:\Users\User\Links\extcr2 OR extjpg OR extjpeg OR extnef.lnk -> C:\Users\User\Searches\extcr2 OR extjpg OR extjpeg OR extnef.search-ms ()
Shortcut: C:\Users\User\Links\iCloud Drive.lnk -> C:\Users\User\iCloudDrive ()
Shortcut: C:\Users\User\Links\Mirror.lnk -> A:\Mirror ()
Shortcut: C:\Users\User\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\User\Links\Spaces.lnk -> A:\Spaces
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk -> C:\Users\User\AppData\Local\Programs\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScreenToGif.lnk -> C:\Program Files (x86)\ScreenToGif\ScreenToGif.exe (Nicke Manarin)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk -> A:\Desktop\Tor Browser\Browser\firefox.exe
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolkit.lnk -> C:\Program Files (x86)\Toolkit\Toolkit.exe (Seagate Technology LLC)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Help (ENG).lnk -> C:\Program Files (x86)\WinDirStat\windirstat.chm ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\Uninstall WinDirStat.lnk -> C:\Program Files (x86)\WinDirStat\Uninstall.exe (WDS Team)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat\WinDirStat.lnk -> C:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk -> C:\KMPlayer\KMPlayer.exe (PandoraTV)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk -> C:\KMPlayer\uninstall.exe (PandoraTV)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Indigo Renderer\Indigo Manual.lnk -> C:\Program Files\Indigo Renderer\Indigo Manual.pdf ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Indigo Renderer\Indigo Network Manager.lnk -> C:\Program Files\Indigo Renderer\network_manager.exe ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Indigo Renderer\Indigo Renderer.lnk -> C:\Program Files\Indigo Renderer\indigo.exe (Glare Technologies Limited)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Indigo Renderer\Uninstall Indigo Renderer.lnk -> C:\Program Files\Indigo Renderer\Uninstall.exe ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Drive.lnk -> C:\Users\User\iCloudDrive ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript Readme 8.54.LNK -> C:\Program Files\gs\gs8.54\doc\Readme.htm ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Search Everything.lnk -> C:\Program Files\Everything\Everything.exe ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Uninstall Everything.lnk -> C:\Program Files\Everything\Uninstall.exe ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk -> C:\Program Files (x86)\Belarc\BelarcAdvisor\BelarcAdvisor.exe (Belarc, Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Globus.lnk -> C:\Program Files (x86)\Globus\PrivacyBrowser\GlobusPrivacyBrowser.exe (No File)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk -> C:\Program Files (x86)\Samsung\Kies3\Kies3.exe (Samsung)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk -> C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPC.exe (Samsung)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera browser.lnk -> C:\Users\User\AppData\Local\Programs\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search Everything.lnk -> C:\Program Files\Everything\Everything.exe ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4565479ed336a5ae\Visual Studio Installer.lnk -> C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\24d74df691dad432\Heroes and generals.lnk -> C:\Program Files (x86)\Heroes & Generals\live\hngdesktoplauncher.exe (No File)
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\DWG FastView.lnk -> C:\Program Files\Gstarsoft\DWG FastView\gcad.exe (Gstarsoft Co.,Ltd)
Shortcut: C:\Users\Public\Desktop\Synthesia.lnk -> C:\Program Files (x86)\Synthesia\Synthesia.exe ()

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Developer Command Prompt for VS 2017.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\Tools\VsDevCmd.bat"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017\Visual Studio Tools\Debuggable Package Manager.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -Command "& { Import-Module Appx; Import-Module .\AppxDebug.dll; Show-AppxDebug}"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\NewShortcut3.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {30E6FC43-C31F-4968-9A06-AA38E3C3CF73}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) -> /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\setup.exe (Samsung Electronics Co., Ltd.) -> /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs\SageThumbs 32-bit Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> "C:\Program Files (x86)\SageThumbs\32\SageThumbs.dll"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs\SageThumbs 64-bit Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> "C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\New Version Check.lnk -> C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) -> vc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\RoboForm Start Page.lnk -> C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe (Siber Systems) -> -startpage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\Search Box.lnk -> C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe (Siber Systems) -> -sb
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\Search Files.lnk -> C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe (Siber Systems) -> -s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Keynote.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> keynote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Numbers.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> numbers
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Pages.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> pages
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript 9.19.LNK -> C:\Program Files\gs\gs9.19\bin\gswin64.exe () -> "-IC:\Program Files\gs\gs9.19\lib;C:\Program Files\gs\gs9.19\..\fonts"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\Internet Security Essentials\Internet Security Essentials.lnk -> C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe (COMODO) -> -Setting
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\COMODO Internet Security\COMODO Internet Security Pro 10.lnk -> C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) -> --shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Indigo Renderer\Indigo Renderer Network Slave.lnk -> C:\Program Files\Indigo Renderer\indigo.exe (Glare Technologies Limited) -> -n s
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript 8.54.LNK -> C:\Program Files\gs\gs8.54\bin\gswin32.exe () -> "-IC:\Program Files\gs\gs8.54\lib;C:\Program Files\gs\fonts;C:\Program Files\gs\gs8.54\Resource"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\User\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView\XnView - Help.url -> URL: hxxp://wiki.xnview.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive\On The Web\TeamDrive FAQ.url -> URL: hxxps://www.teamdrive.com/redirector.php?lang=en&distr=TMDR&page=faq
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive\On The Web\TeamDrive Forum.url -> URL: hxxps://www.teamdrive.com/redirector.php?lang=en&distr=TMDR&page=forum
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamDrive\On The Web\TeamDrive Website.url -> URL: hxxps://www.teamdrive.com/redirector.php?lang=en&distr=TMDR&page=home
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SageThumbs\SageThumbs Online.url -> URL: hxxp://sagethumbs.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\Buy RoboForm.url -> URL: hxxps://online.roboform.com/login?authReturnUrl=pums_rf&lang=
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm\Uninstall.url -> URL: file:///C:/Program%20Files%20(x86)/Siber%20Systems/AI%20RoboForm/Uninstall.lnk
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Forums.url -> URL: hxxp://forums.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Homepage.url -> URL: hxxp://www.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\User Manual.url -> URL: hxxp://www.peerblock.com/userguide
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag Website.url -> URL: hxxp://www.mp3tag.de
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0\MiniTool Power Data Recovery on the Web.url -> URL: hxxp://www.PowerDataRecovery.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI2LR\MIDI2LR instructions.url -> URL: hxxps://github.com/rsjaffe/MIDI2LR/wiki
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url -> URL: hxxp://docs.oracle.com/javase/8/docs
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2\EaseUS Todo Backup 9.2 Help.url -> URL: hxxp://www.easeus.com/support.htm
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2\Visit EaseUS on the Web.url -> URL: hxxp://www.easeus.com/backup-software/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard\ Visit EaseUS.url -> URL: hxxp://www.easeus.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Finder\Visit Us.url -> URL: hxxp://www.ashisoft.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL ->
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 64-bit fixes\Fixes for 64-bit Adobe Reader on the Web.url -> URL: hxxp://www.pretentiousname.com/adobe_pdf_x64_fix/
InternetURL: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Home Page.url -> URL: hxxp://www.kmplayer.com/forums
InternetURL: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macroplant LLC\iExplorer online support.url -> BASEURL: hxxp://iexplorer-support.macroplant.com/ URL: hxxp://iexplorer-support.macroplant.com/

==================== End of Shortcut.txt =============================

TonyT · 2018/10/07

Sheepdisease said: ↑

It looks like a scam but am not sure how they connected the password with the email address (which is for a custom domain, and isn't an email address I give out often)
Click to expand...

More likely the server was hacked. Just because the message "came from you" does not mean it was sent from your computer. Any email client software can be set to use a From: field with any email address. If I knew your email address I could set my Thunderbird so all messages sent by me used your email address in the From: field.

Sheepdisease · 2018/10/07

TonyT said: ↑

More likely the server was hacked. Just because the message "came from you" does not mean it was sent from your computer. Any email client software can be set to use a From: field with any email address. If I knew your email address I could set my Thunderbird so all messages sent by me used your email address in the From: field.
Click to expand...

Hello Tony,

Thanks for your reply. I realise this could be true, but could you or someone else please check my logs and make sure my PC is fine?

PeteC · 2018/10/07

I am sure that Broni - our Malware & Virus Removal expert will look at your logs when he is available.

broni · 2018/10/07

This is a known scam which came up pretty recently.
As a matter of fact I received similar email as well as many other people.
Simply delete that email and that's it.
More info: Business Insider

Sheepdisease · 2018/10/07

Thanks for the reply, how did they know my password though?

broni · 2018/10/07

There is really no bulletproof way to say.
Possibly from some hacked website.
Data leaks happen all the time.
Sensitive passwords should be changed once in a while.

Sheepdisease · 2018/10/08

broni said: ↑

There is really no bulletproof way to say.
Possibly from some hacked website.
Data leaks happen all the time.
Sensitive passwords should be changed once in a while.
Click to expand...

Just wondering if you did have a look through the logs for anything suspicious?

broni · 2018/10/08

Yes, of course. Nothing there.

Log in or Sign up

Solved Received a creepy email demanding bitcoin, sent to me by my own email address with password quoted

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

TonyT SuperGeek Staff

Sheepdisease New Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Sheepdisease New Member Thread Starter

broni Moderator Malware Analyst

Sheepdisease New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Received a creepy email demanding bitcoin, sent to me by my own email address with password quoted

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

Sheepdisease New Member Thread Starter

TonyT SuperGeek Staff

Sheepdisease New Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Sheepdisease New Member Thread Starter

broni Moderator Malware Analyst

Sheepdisease New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches