Results 1 to 10 of 19

Thread: Infected by HKU\S-1-5-21

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Sep 2017
    Posts
    10

    Default Infected by HKU\S-1-5-21

    Hi, I found that my computer is infected by HKU\S-1-5-21, and even I fixed it with spybot, it came back when I re-scanned the computer.

    Could someone please help?

    The below is the log for your reference.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01
    Ran by user (administrator) on DESKTOP-C7E41P4 (18-09-2017 16:12:02)
    Running from C:\Users\user\Downloads
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 10 Pro Version 1703 (X64) Language: 中文 (繁體,台灣)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\pcas.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\secbizsrv.exe
    (LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\creator-ws.exe
    (LULU Software Limited) C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe
    (Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    () C:\Program Files (x86)\Windscribe\WindscribeService.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
    (Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\aliwssv.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (阿里巴巴(中国)有限公司) C:\Users\user\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
    (Octoshape ApS) C:\Users\user\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    (Alibaba software (Shanghai) Corporation.) C:\Program Files (x86)\AliWangWang\AliIM.exe
    () C:\Program Files (x86)\AliWangWang\9.11.02C\AliExternal.exe
    () C:\Program Files (x86)\AliWangWang\9.11.02C\AliExternal.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    (Tonec Inc.) C:\Users\user\Downloads\IDM6.28.11\IDM\IDMan.exe
    (Internet Download Manager, Tonec Inc.) C:\Users\user\Downloads\IDM6.28.11\IDM\IDMIntegrator64.exe
    (Tonec Inc.) C:\Users\user\Downloads\IDM6.28.11\IDM\IEMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\System32\SurfaceService.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Alibaba Group) C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
    (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
    HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2602248 2015-09-03] (FSPro Labs)
    HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [475016 2015-08-16] (Acronis)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-15] (Dropbox, Inc.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-05-26] (Fuji Xerox Co., Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Fuji Xerox\BrStMonW.exe [4513280 2014-06-17] (Fuji Xerox Co., Ltd.)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [690992 2015-08-14] (Acronis International GmbH)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7090888 2015-08-17] ()
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [Octoshape Streaming Services] => C:\Users\user\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [2712328 2016-02-22] (pCloud AG)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [aliim] => C:\Program Files (x86)\AliWangWang\AliIM.exe [312720 2017-08-04] (Alibaba software (Shanghai) Corporation.)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [SharewareOnSale Notifier] => C:\ProgramData\SharewareOnSale Notifier\SharewareOnSale Notifier.exe [1008816 2016-12-27] ()
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7948392 2016-12-08] ()
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [IDMan] => C:\Users\user\Downloads\IDM6.28.11\IDM\IDMan.exe [4035696 2017-05-26] (Tonec Inc.)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Run: [5KPlayer] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [26574144 2017-06-20] (Dearmob)
    HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-20] (Microsoft Corporation)
    SSODL: EldosMountNotificator-cbfs6 - {C3C8E330-7B27-438C-BD10-3198890E2740} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator-cbfs6 - {C3C8E330-7B27-438C-BD10-3198890E2740} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-30]
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-30]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-3992126083-2723911071-3783806095-1001] => http=127.0.0.1:8889;https=127.0.0.1:8889
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.3
    Tcpip\..\Interfaces\{98c719cf-438f-4545-ba4a-c32c69f36d33}: [DhcpNameServer] 10.110.110.1
    Tcpip\..\Interfaces\{a2d04654-8bb8-4d18-900a-43ce66d6825a}: [DhcpNameServer] 192.168.1.3
    Tcpip\..\Interfaces\{e36fd73e-8962-43f6-b339-d76749ca9180}: [DhcpNameServer] 192.168.1.3

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-12-30] (LastPass)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
    BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2017-07-19] (iTools.hk)
    BHO-x32: Soda PDF 8 Helper -> {33779F20-17D7-4CC6-8248-78A4A78CEBFC} -> C:\Program Files (x86)\Soda PDF 8\creator-ie-helper.dll [2015-12-14] (LULU SOFTWARE LIMITED)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-12-30] (LastPass)
    BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2017-07-19] (iTools.hk)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-12-30] (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-12-30] (LastPass)
    Toolbar: HKLM-x32 - Soda PDF 8 Toolbar - {A2689669-AD38-4AFD-B370-23E97E2B9D18} - C:\Program Files (x86)\Soda PDF 8\creator-ie-plugin.dll [2015-12-14] (LULU SOFTWARE LIMITED)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: gu2anee7.default
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gu2anee7.default [2017-09-18]
    FF Homepage: Mozilla\Firefox\Profiles\gu2anee7.default -> hxxp://mail.avic.com.hk/webmail/
    FF Extension: (Windscribe) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gu2anee7.default\Extensions\@windscribeff.xpi [2017-06-08]
    FF Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gu2anee7.default\Extensions\support@lastpass.com [2017-07-11]
    FF Extension: (Greasemonkey) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gu2anee7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-06-07]
    FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension
    FF Extension: (Soda PDF 8 Creator) - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension [2015-12-30] [not signed]
    FF HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Users\user\Downloads\IDM6.28.11\IDM\idmmzcc3.xpi
    FF Extension: (No Name) - C:\Users\user\Downloads\IDM6.28.11\IDM\idmmzcc3.xpi [2017-05-17]
    FF HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2017-06-07] [not signed]
    FF HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\user\Downloads\IDM6.28.11\IDM\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Users\user\Downloads\IDM6.28.11\IDM\idmmzcc2.xpi [2017-01-26]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
    FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalicdo64.dll [2015-01-14] (alipay.com)
    FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAlipaydhc64.dll [2015-01-14] (Alipay.com Inc. )
    FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAliSecCtrl64.dll [2015-01-14] (Alipay.com Inc. )
    FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-07-19] ()
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-12-30] (LastPass)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
    FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [No File]
    FF Plugin-x32: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalicdo.dll [2015-01-14] (alipay.com)
    FF Plugin-x32: @alipay.com/npalidcp -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npalidcp.dll [2014-07-03] (Alipay.com co.,ltd)
    FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npaliedit.dll [2014-07-03] (Alipay.com co.,ltd)
    FF Plugin-x32: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAlipaydhc.dll [2015-01-14] (Alipay.com Inc. )
    FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\npAliSecCtrl.dll [2015-01-14] (Alipay.com Inc. )
    FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\WINDOWS\system32\itruscert\NPComBrg701.dll [No File]
    FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-07-19] ()
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-12-30] (LastPass)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
    FF Plugin-x32: Soda PDF 8 -> C:\Program Files (x86)\Soda PDF 8\np-previewer.dll [2015-12-14] (LULU SOFTWARE LIMITED)
    FF Plugin HKU\S-1-5-21-3992126083-2723911071-3783806095-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\9.11.02C\npAliSSOLogin.dll [2017-08-04] (Alibaba software (Shanghai) Corporation.)
    FF Plugin HKU\S-1-5-21-3992126083-2723911071-3783806095-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\9.11.02C\npwangwang.dll [2017-08-04] ( )
    FF Plugin HKU\S-1-5-21-3992126083-2723911071-3783806095-1001: @alipay.com/npalicert -> C:\Users\user\AppData\Roaming\alipay\cf\npalicdo.dll [2014-09-03] (alipay.com)
    FF Plugin HKU\S-1-5-21-3992126083-2723911071-3783806095-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\user\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll [2016-01-26] ( )
    FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-01-10] (Octoshape ApS)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://hk.yahoo.com/
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-09-18]
    CHR Extension: (Google 投影片) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-25]
    CHR Extension: (Google 文件) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-25]
    CHR Extension: (Google 雲端硬碟) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
    CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
    CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
    CHR Extension: (Tampermonkey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14]
    CHR Extension: (Google 試算表) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-25]
    CHR Extension: (Google 文件離線版) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-09-15]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-14]
    CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2017-08-03]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-06]
    CHR Extension: (Chrono下載管理器) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2017-05-15]
    CHR Extension: (Chrome 線上應用程式商店付款系統) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
    CHR Extension: (HubSpot Sales) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2017-09-02]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]
    CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-01]
    CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
    CHR HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2014-05-26] (Fuji Xerox Co., Ltd.) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-29] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-29] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-15] (Dropbox, Inc.)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET)
    S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
    S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
    R2 pcas; C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\pcas.exe [589784 2015-01-14] (Alipay.com Inc. )
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    R2 secbizsrv; C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\secbizsrv.exe [591320 2015-01-14] (Alipay.com Inc. )
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
    S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2262296 2015-12-14] (LULU SOFTWARE LIMITED)
    S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920344 2015-12-14] (LULU SOFTWARE LIMITED)
    R2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733464 2015-12-14] (LULU SOFTWARE LIMITED)
    R2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [876024 2015-12-21] (LULU Software Limited)
    R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2016-08-12] (Alibaba (China) Co., LTD. All rights reserved.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
    R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [53352 2016-12-08] ()
    R2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [1911128 2017-07-21] (Alibaba Group)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
    S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
    R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [441536 2016-02-11] (EldoS Corporation)
    R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-08] (Disc Soft Ltd)
    R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-08] (Disc Soft Ltd)
    R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
    S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-08-26] (ESET)
    R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
    R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [70960 2017-01-17] (ESET)
    R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [323040 2017-05-17] (Acronis International GmbH)
    R0 FSProFilter2; C:\WINDOWS\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
    R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-04-27] (CACE Technologies, Inc.)
    S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [354624 2016-08-07] (Realtek )
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
    R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1057728 2017-05-17] (Acronis International GmbH)
    R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [206800 2017-05-17] (Acronis International GmbH)
    S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [567888 2017-05-17] (Acronis International GmbH)
    R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-02-11] (EldoS Corporation)
    R3 VPPP; C:\WINDOWS\System32\drivers\VPPP.sys [41640 2012-12-19] (DrayTek, Corp.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-18 15:31 - 2017-09-18 15:31 - 000000000 ___HD C:\OneDriveTemp
    2017-09-18 14:24 - 2017-09-18 16:12 - 000029898 _____ C:\Users\user\Downloads\FRST.txt
    2017-09-18 14:24 - 2017-09-18 16:12 - 000000000 ____D C:\FRST
    2017-09-18 14:24 - 2017-09-18 14:25 - 000088974 _____ C:\Users\user\Downloads\Addition.txt
    2017-09-18 14:22 - 2017-09-18 14:22 - 002399744 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
    2017-09-16 18:49 - 2017-09-16 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-09-15 05:41 - 2017-09-15 05:41 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2017-09-15 05:41 - 2017-09-15 05:41 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2017-09-15 05:41 - 2017-09-15 05:41 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2017-09-15 05:41 - 2017-09-15 05:41 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2017-09-13 12:43 - 2017-09-05 13:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-09-13 12:43 - 2017-09-05 12:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2017-09-13 12:43 - 2017-09-05 12:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-09-13 12:43 - 2017-09-05 12:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-09-13 12:43 - 2017-09-05 12:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2017-09-13 12:43 - 2017-09-05 12:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-09-13 12:43 - 2017-09-05 12:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-09-13 12:43 - 2017-09-05 12:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-09-13 12:43 - 2017-09-05 12:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-09-13 12:43 - 2017-09-05 12:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-09-13 12:43 - 2017-09-05 12:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2017-09-13 12:43 - 2017-09-05 12:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-09-13 12:43 - 2017-09-05 12:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-09-13 12:43 - 2017-09-05 12:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2017-09-13 12:43 - 2017-09-05 12:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2017-09-13 12:43 - 2017-09-05 12:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-09-13 12:43 - 2017-09-05 12:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-09-13 12:43 - 2017-09-05 12:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-09-13 12:43 - 2017-09-05 12:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2017-09-13 12:43 - 2017-09-05 12:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2017-09-13 12:43 - 2017-09-05 12:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-09-13 12:43 - 2017-09-05 12:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-09-13 12:43 - 2017-09-05 12:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-09-13 12:43 - 2017-09-05 12:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-09-13 12:43 - 2017-09-05 12:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
    2017-09-13 12:42 - 2017-09-05 13:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-09-13 12:42 - 2017-09-05 13:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-09-13 12:42 - 2017-09-05 13:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
    2017-09-13 12:42 - 2017-09-05 13:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-09-13 12:42 - 2017-09-05 13:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-09-13 12:42 - 2017-09-05 13:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-09-13 12:42 - 2017-09-05 13:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2017-09-13 12:42 - 2017-09-05 13:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-09-13 12:42 - 2017-09-05 13:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-09-13 12:42 - 2017-09-05 13:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-09-13 12:42 - 2017-09-05 13:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2017-09-13 12:42 - 2017-09-05 13:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-09-13 12:42 - 2017-09-05 13:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2017-09-13 12:42 - 2017-09-05 13:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2017-09-13 12:42 - 2017-09-05 13:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-09-13 12:42 - 2017-09-05 13:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2017-09-13 12:42 - 2017-09-05 13:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-09-13 12:42 - 2017-09-05 13:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-09-13 12:42 - 2017-09-05 13:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-09-13 12:42 - 2017-09-05 13:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-09-13 12:42 - 2017-09-05 13:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2017-09-13 12:42 - 2017-09-05 13:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-09-13 12:42 - 2017-09-05 13:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-09-13 12:42 - 2017-09-05 13:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-09-13 12:42 - 2017-09-05 13:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2017-09-13 12:42 - 2017-09-05 13:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-09-13 12:42 - 2017-09-05 13:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2017-09-13 12:42 - 2017-09-05 13:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2017-09-13 12:42 - 2017-09-05 13:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-09-13 12:42 - 2017-09-05 13:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2017-09-13 12:42 - 2017-09-05 13:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-09-13 12:42 - 2017-09-05 13:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2017-09-13 12:42 - 2017-09-05 13:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2017-09-13 12:42 - 2017-09-05 13:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-09-13 12:42 - 2017-09-05 13:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-09-13 12:42 - 2017-09-05 13:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-09-13 12:42 - 2017-09-05 13:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-09-13 12:42 - 2017-09-05 13:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2017-09-13 12:42 - 2017-09-05 13:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2017-09-13 12:42 - 2017-09-05 13:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-09-13 12:42 - 2017-09-05 13:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-09-13 12:42 - 2017-09-05 13:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-09-13 12:42 - 2017-09-05 13:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2017-09-13 12:42 - 2017-09-05 13:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
    2017-09-13 12:42 - 2017-09-05 13:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-09-13 12:42 - 2017-09-05 13:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2017-09-13 12:42 - 2017-09-05 13:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-09-13 12:42 - 2017-09-05 12:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-09-13 12:42 - 2017-09-05 12:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-09-13 12:42 - 2017-09-05 12:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-09-13 12:42 - 2017-09-05 12:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
    2017-09-13 12:42 - 2017-09-05 12:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-09-13 12:42 - 2017-09-05 12:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-09-13 12:42 - 2017-09-05 12:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-09-13 12:42 - 2017-09-05 12:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
    2017-09-13 12:42 - 2017-09-05 12:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2017-09-13 12:42 - 2017-09-05 12:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2017-09-13 12:42 - 2017-09-05 12:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2017-09-13 12:42 - 2017-09-05 12:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2017-09-13 12:42 - 2017-09-05 12:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2017-09-13 12:42 - 2017-09-05 12:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
    2017-09-13 12:42 - 2017-09-05 12:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2017-09-13 12:42 - 2017-09-05 12:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-09-13 12:42 - 2017-09-05 12:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
    2017-09-13 12:42 - 2017-09-05 12:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-09-13 12:42 - 2017-09-05 12:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-09-13 12:42 - 2017-09-05 12:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-09-13 12:42 - 2017-09-05 12:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2017-09-13 12:42 - 2017-09-05 12:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2017-09-13 12:42 - 2017-09-05 12:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2017-09-13 12:42 - 2017-09-05 12:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
    2017-09-13 12:42 - 2017-09-05 12:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-09-13 12:42 - 2017-09-05 12:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2017-09-13 12:42 - 2017-09-05 12:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2017-09-13 12:42 - 2017-09-05 12:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2017-09-13 12:42 - 2017-09-05 12:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2017-09-13 12:42 - 2017-09-05 12:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-09-13 12:42 - 2017-09-05 12:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2017-09-13 12:42 - 2017-09-05 12:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
    2017-09-13 12:42 - 2017-09-05 12:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-09-13 12:42 - 2017-09-05 12:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-09-13 12:42 - 2017-09-05 12:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2017-09-13 12:42 - 2017-09-05 12:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
    2017-09-13 12:42 - 2017-09-05 12:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-09-13 12:42 - 2017-09-05 12:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-09-13 12:42 - 2017-09-05 12:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2017-09-13 12:42 - 2017-09-05 12:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2017-09-13 12:42 - 2017-09-05 12:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
    2017-09-13 12:42 - 2017-09-05 12:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-09-13 12:42 - 2017-09-05 12:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2017-09-13 12:42 - 2017-09-05 12:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
    2017-09-13 12:42 - 2017-09-05 12:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2017-09-13 12:42 - 2017-09-05 12:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2017-09-13 12:42 - 2017-09-05 12:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2017-09-13 12:42 - 2017-09-05 12:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
    2017-09-13 12:42 - 2017-09-05 12:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2017-09-13 12:42 - 2017-09-05 12:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-09-13 12:42 - 2017-09-05 12:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-09-13 12:42 - 2017-09-05 12:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2017-09-13 12:42 - 2017-09-05 12:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2017-09-13 12:42 - 2017-09-05 12:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-09-13 12:42 - 2017-09-05 12:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
    2017-09-13 12:42 - 2017-09-05 12:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2017-09-13 12:42 - 2017-09-05 12:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
    2017-09-13 12:42 - 2017-09-05 12:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2017-09-13 12:42 - 2017-09-05 12:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
    2017-09-13 12:42 - 2017-09-05 12:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2017-09-13 12:42 - 2017-09-05 12:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-09-13 12:42 - 2017-09-05 12:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2017-09-13 12:42 - 2017-09-05 12:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2017-09-13 12:42 - 2017-09-05 12:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2017-09-13 12:42 - 2017-09-05 12:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-09-13 12:42 - 2017-09-05 12:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2017-09-13 12:42 - 2017-09-05 12:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2017-09-13 12:42 - 2017-09-05 12:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
    2017-09-13 12:42 - 2017-09-05 12:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-09-13 12:42 - 2017-09-05 12:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-09-13 12:42 - 2017-09-05 12:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-09-13 12:42 - 2017-09-05 12:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2017-09-13 12:42 - 2017-09-05 12:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-09-13 12:42 - 2017-09-05 12:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-09-13 12:42 - 2017-09-05 12:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2017-09-13 12:42 - 2017-09-05 12:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
    2017-09-13 12:42 - 2017-09-05 12:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2017-09-13 12:42 - 2017-09-05 12:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2017-09-13 12:42 - 2017-09-05 12:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
    2017-09-13 12:42 - 2017-09-05 12:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
    2017-09-13 12:42 - 2017-09-05 12:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2017-09-13 12:42 - 2017-09-05 12:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2017-09-13 12:42 - 2017-09-05 12:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2017-09-13 12:42 - 2017-09-05 12:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-09-13 12:42 - 2017-09-05 12:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2017-09-13 12:42 - 2017-09-05 12:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2017-09-13 12:42 - 2017-09-05 12:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-09-13 12:42 - 2017-09-05 12:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-09-13 12:42 - 2017-09-05 12:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-09-13 12:42 - 2017-09-05 12:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-09-13 12:42 - 2017-09-05 12:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2017-09-13 12:42 - 2017-09-05 12:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2017-09-13 12:42 - 2017-09-05 12:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-09-13 12:42 - 2017-09-05 12:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2017-09-13 12:42 - 2017-09-05 12:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2017-09-13 12:42 - 2017-09-05 12:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-09-13 12:42 - 2017-09-05 12:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-09-13 12:42 - 2017-09-05 12:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-09-13 12:42 - 2017-09-05 12:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-09-13 12:42 - 2017-09-05 12:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-09-13 12:42 - 2017-09-05 12:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-09-13 12:42 - 2017-09-05 12:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-09-13 12:42 - 2017-09-05 12:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-09-13 12:42 - 2017-09-05 12:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-09-13 12:42 - 2017-09-05 12:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2017-09-13 12:42 - 2017-09-05 12:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
    2017-09-13 12:42 - 2017-09-05 12:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
    2017-09-13 12:42 - 2017-09-05 12:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-09-13 12:42 - 2017-09-05 12:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2017-09-13 12:42 - 2017-09-05 12:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2017-09-13 12:42 - 2017-09-05 12:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-09-13 12:42 - 2017-09-01 13:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
    2017-09-13 12:41 - 2017-09-05 13:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-09-13 12:41 - 2017-09-05 13:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2017-09-13 12:41 - 2017-09-05 13:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2017-09-13 12:41 - 2017-09-05 13:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
    2017-09-13 12:41 - 2017-09-05 13:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2017-09-13 12:41 - 2017-09-05 13:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2017-09-13 12:41 - 2017-09-05 13:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2017-09-13 12:41 - 2017-09-05 13:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
    2017-09-13 12:41 - 2017-09-05 13:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2017-09-13 12:41 - 2017-09-05 13:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
    2017-09-13 12:41 - 2017-09-05 13:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-09-13 12:41 - 2017-09-05 13:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-09-13 12:41 - 2017-09-05 13:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
    2017-09-13 12:41 - 2017-09-05 13:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
    2017-09-13 12:41 - 2017-09-05 13:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
    2017-09-13 12:41 - 2017-09-05 13:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
    2017-09-13 12:41 - 2017-09-05 13:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
    2017-09-13 12:41 - 2017-09-05 12:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-09-13 12:41 - 2017-09-05 12:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-09-13 12:41 - 2017-09-05 12:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-09-13 12:41 - 2017-09-05 12:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
    2017-09-13 12:41 - 2017-09-05 12:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
    2017-09-13 12:41 - 2017-09-05 12:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2017-09-13 12:41 - 2017-09-05 12:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2017-09-13 12:41 - 2017-09-05 12:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
    2017-09-13 12:41 - 2017-09-05 12:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2017-09-13 12:41 - 2017-09-05 12:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2017-09-13 12:41 - 2017-09-05 12:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-09-13 12:41 - 2017-09-05 12:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-09-13 12:41 - 2017-09-05 12:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-09-13 12:41 - 2017-09-05 12:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
    2017-09-13 12:41 - 2017-09-05 12:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
    2017-09-13 12:41 - 2017-09-05 12:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
    2017-09-13 12:41 - 2017-09-05 12:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2017-09-13 12:41 - 2017-09-05 12:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2017-09-13 12:41 - 2017-09-05 12:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2017-09-13 12:41 - 2017-09-05 12:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2017-09-13 12:41 - 2017-09-05 12:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
    2017-09-13 12:41 - 2017-09-05 12:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-09-13 12:41 - 2017-09-05 12:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2017-09-13 12:41 - 2017-09-05 12:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
    2017-09-13 12:41 - 2017-09-05 12:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
    2017-09-13 12:41 - 2017-09-05 12:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2017-09-13 12:41 - 2017-09-05 12:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2017-09-13 12:41 - 2017-09-05 12:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-09-13 12:41 - 2017-09-05 12:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-09-13 12:41 - 2017-09-05 12:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2017-09-13 12:41 - 2017-09-05 12:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2017-09-13 12:41 - 2017-09-05 12:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
    2017-09-13 12:41 - 2017-09-05 12:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2017-09-13 12:41 - 2017-09-05 12:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2017-09-13 12:41 - 2017-09-05 12:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
    2017-09-13 12:41 - 2017-09-05 12:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2017-09-13 12:41 - 2017-09-05 12:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2017-09-13 12:41 - 2017-09-05 12:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-09-13 12:41 - 2017-09-05 12:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-09-13 12:41 - 2017-09-05 12:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2017-09-13 12:41 - 2017-09-05 12:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2017-09-13 12:41 - 2017-09-05 12:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2017-09-12 10:41 - 2017-09-12 10:41 - 002100852 _____ C:\WINDOWS\Minidump\091217-12234-01.dmp
    2017-09-09 17:23 - 2017-08-01 10:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2017-09-09 17:23 - 2017-08-01 10:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-09-09 17:23 - 2017-08-01 10:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2017-09-09 17:23 - 2017-08-01 10:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-09-09 17:23 - 2017-08-01 10:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
    2017-09-09 17:23 - 2017-08-01 10:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
    2017-09-09 17:23 - 2017-08-01 10:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
    2017-09-09 17:23 - 2017-08-01 10:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
    2017-09-09 17:23 - 2017-08-01 10:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
    2017-09-09 17:23 - 2017-08-01 10:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2017-09-09 17:23 - 2017-08-01 10:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
    2017-09-09 17:23 - 2017-08-01 10:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-09-09 17:23 - 2017-08-01 10:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2017-09-09 17:23 - 2017-08-01 09:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
    2017-09-09 17:23 - 2017-08-01 06:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
    2017-09-09 17:23 - 2017-07-28 13:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2017-09-09 17:23 - 2017-07-28 13:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2017-09-09 17:23 - 2017-07-28 13:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2017-09-09 17:23 - 2017-07-28 13:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2017-09-09 17:23 - 2017-07-28 12:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
    2017-09-09 17:23 - 2017-07-28 12:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2017-09-09 17:23 - 2017-07-28 12:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2017-09-09 17:23 - 2017-07-28 12:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-09-09 17:23 - 2017-07-28 12:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-09-09 17:23 - 2017-07-28 12:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2017-09-09 17:23 - 2017-07-28 12:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
    2017-09-09 17:23 - 2017-07-28 12:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-09-09 17:23 - 2017-07-28 12:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
    2017-09-09 17:23 - 2017-07-28 12:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
    2017-09-09 17:23 - 2017-07-28 12:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2017-09-09 17:23 - 2017-07-28 12:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
    2017-09-09 17:23 - 2017-07-28 12:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2017-09-09 17:23 - 2017-07-28 12:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2017-09-09 17:23 - 2017-07-28 12:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2017-09-09 17:23 - 2017-07-28 12:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
    2017-09-09 17:23 - 2017-07-28 12:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
    2017-09-09 17:23 - 2017-07-28 12:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
    2017-09-09 17:23 - 2017-07-28 12:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2017-09-09 17:23 - 2017-07-28 12:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
    2017-09-09 17:23 - 2017-07-28 12:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
    2017-09-09 17:23 - 2017-07-28 12:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2017-09-09 17:23 - 2017-07-28 12:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-09-09 17:23 - 2017-07-28 12:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
    2017-09-09 17:23 - 2017-07-28 12:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-09-09 17:23 - 2017-07-28 12:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2017-09-09 17:23 - 2017-07-28 12:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-09-09 17:23 - 2017-07-28 12:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2017-09-09 17:23 - 2017-07-28 12:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
    2017-09-09 17:23 - 2017-07-28 12:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-09-09 17:23 - 2017-07-28 12:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2017-09-09 17:23 - 2017-07-28 12:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-09-09 17:23 - 2017-07-28 12:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
    2017-09-09 17:23 - 2017-07-28 12:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-09-09 17:23 - 2017-07-28 12:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-09-09 17:23 - 2017-07-28 12:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2017-09-09 17:23 - 2017-07-28 12:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2017-09-09 17:23 - 2017-07-28 12:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-09-09 17:23 - 2017-07-28 12:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
    2017-09-09 17:23 - 2017-07-28 12:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2017-09-09 17:23 - 2017-07-28 12:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
    2017-09-09 17:23 - 2017-07-28 12:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
    2017-09-09 17:23 - 2017-07-28 12:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
    2017-09-09 17:22 - 2017-08-01 10:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2017-09-09 17:22 - 2017-08-01 10:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2017-09-09 17:22 - 2017-08-01 10:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-09-09 17:22 - 2017-08-01 10:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-09-09 17:22 - 2017-08-01 10:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2017-09-09 17:22 - 2017-08-01 10:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
    2017-09-09 17:22 - 2017-08-01 10:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
    2017-09-09 17:22 - 2017-08-01 10:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-09-09 17:22 - 2017-08-01 09:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
    2017-09-09 17:22 - 2017-08-01 09:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
    2017-09-09 17:22 - 2017-08-01 09:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2017-09-09 17:22 - 2017-08-01 09:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2017-09-09 17:22 - 2017-08-01 09:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
    2017-09-09 17:22 - 2017-08-01 09:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2017-09-09 17:22 - 2017-08-01 09:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
    2017-09-09 17:22 - 2017-08-01 09:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
    2017-09-09 17:22 - 2017-08-01 09:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
    2017-09-09 17:22 - 2017-08-01 09:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2017-09-09 17:22 - 2017-08-01 09:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
    2017-09-09 17:22 - 2017-08-01 09:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2017-09-09 17:22 - 2017-08-01 09:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2017-09-09 17:22 - 2017-08-01 09:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2017-09-09 17:22 - 2017-08-01 09:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-09-09 17:22 - 2017-08-01 09:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2017-09-09 17:22 - 2017-08-01 09:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2017-09-09 17:22 - 2017-08-01 09:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2017-09-09 17:22 - 2017-08-01 09:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2017-09-09 17:22 - 2017-08-01 09:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2017-09-09 17:22 - 2017-08-01 09:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
    2017-09-09 17:22 - 2017-08-01 09:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2017-09-09 17:22 - 2017-08-01 09:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2017-09-09 17:22 - 2017-07-28 13:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2017-09-09 17:22 - 2017-07-28 13:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-09-09 17:22 - 2017-07-28 13:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2017-09-09 17:22 - 2017-07-28 13:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
    2017-09-09 17:22 - 2017-07-28 13:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
    2017-09-09 17:22 - 2017-07-28 13:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2017-09-09 17:22 - 2017-07-28 13:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-09-09 17:22 - 2017-07-28 13:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2017-09-09 17:22 - 2017-07-28 13:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2017-09-09 17:22 - 2017-07-28 13:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-09-09 17:22 - 2017-07-28 13:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-09-09 17:22 - 2017-07-28 13:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-09-09 17:22 - 2017-07-28 13:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2017-09-09 17:22 - 2017-07-28 13:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
    2017-09-09 17:22 - 2017-07-28 13:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
    2017-09-09 17:22 - 2017-07-28 13:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-09-09 17:22 - 2017-07-28 13:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2017-09-09 17:22 - 2017-07-28 13:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
    2017-09-09 17:22 - 2017-07-28 13:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2017-09-09 17:22 - 2017-07-28 13:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2017-09-09 17:22 - 2017-07-28 13:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2017-09-09 17:22 - 2017-07-28 12:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
    2017-09-09 17:22 - 2017-07-28 12:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
    2017-09-09 17:22 - 2017-07-28 12:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
    2017-09-09 17:22 - 2017-07-28 12:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-09-09 17:22 - 2017-07-28 12:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
    2017-09-09 17:22 - 2017-07-28 12:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
    2017-09-09 17:22 - 2017-07-28 12:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
    2017-09-09 17:22 - 2017-07-28 12:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
    2017-09-09 17:22 - 2017-07-28 12:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
    2017-09-09 17:22 - 2017-07-28 12:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2017-09-09 17:22 - 2017-07-28 12:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2017-09-09 17:22 - 2017-07-28 12:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
    2017-09-09 17:22 - 2017-07-28 12:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
    2017-09-09 17:22 - 2017-07-28 12:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
    2017-09-09 17:22 - 2017-07-28 12:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
    2017-09-09 17:22 - 2017-07-28 12:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2017-09-09 17:22 - 2017-07-28 12:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-09-09 17:22 - 2017-07-28 12:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
    2017-09-09 17:22 - 2017-07-28 12:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
    2017-09-09 17:22 - 2017-07-28 12:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
    2017-09-09 17:22 - 2017-07-28 12:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2017-09-09 17:22 - 2017-07-28 12:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-09-09 17:22 - 2017-07-28 12:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-09-09 17:22 - 2017-07-28 12:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2017-09-09 17:22 - 2017-07-28 12:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
    2017-09-09 17:22 - 2017-07-28 12:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
    2017-09-09 17:22 - 2017-07-28 12:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2017-09-09 17:22 - 2017-07-28 12:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2017-09-09 17:22 - 2017-07-28 12:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2017-09-09 17:22 - 2017-07-28 12:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-09-09 17:22 - 2017-07-28 12:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2017-09-09 17:22 - 2017-07-28 12:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-09-09 17:22 - 2017-07-28 12:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2017-09-09 17:22 - 2017-07-28 12:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-09-09 17:22 - 2017-07-28 12:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2017-09-09 17:22 - 2017-07-28 12:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-09-09 17:22 - 2017-07-28 12:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2017-09-09 17:22 - 2017-07-28 12:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-09-09 17:22 - 2017-07-28 12:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2017-09-09 17:22 - 2017-07-28 12:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2017-09-09 17:22 - 2017-07-28 12:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2017-09-09 17:22 - 2017-07-28 12:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-09-09 17:22 - 2017-07-28 12:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-09-09 17:22 - 2017-07-28 12:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
    2017-09-09 17:22 - 2017-07-28 12:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
    2017-09-09 17:22 - 2017-07-28 12:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-09-09 17:22 - 2017-07-28 12:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-09-09 17:22 - 2017-07-28 12:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2017-09-09 17:22 - 2017-07-28 12:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-09-09 17:22 - 2017-07-28 12:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2017-09-09 17:22 - 2017-07-28 12:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-09-09 17:22 - 2017-07-28 12:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-09-09 17:22 - 2017-07-28 12:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-09-09 17:22 - 2017-07-28 12:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
    2017-09-09 17:22 - 2017-07-28 12:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2017-09-09 17:22 - 2017-07-28 12:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
    2017-09-09 17:22 - 2017-07-28 12:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2017-09-09 17:22 - 2017-07-28 12:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
    2017-09-09 17:22 - 2017-07-28 12:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2017-09-09 17:22 - 2017-07-28 12:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
    2017-09-09 17:22 - 2017-07-28 12:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2017-09-09 17:22 - 2017-07-28 12:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2017-09-09 17:22 - 2017-07-28 12:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
    2017-09-09 17:22 - 2017-07-28 12:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2017-09-09 17:22 - 2017-07-28 12:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2017-09-09 17:22 - 2017-07-28 12:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
    2017-09-09 17:22 - 2017-07-28 12:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
    2017-09-09 17:22 - 2017-07-28 12:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
    2017-09-03 18:25 - 2017-09-03 18:25 - 000000000 ____D C:\Program Files (x86)\directx
    2017-08-30 22:49 - 2017-09-12 22:15 - 000000000 ____D C:\Users\user\Downloads\Locale.Emulator.2.3.1.1
    2017-08-30 22:48 - 2017-08-30 22:48 - 000163516 _____ C:\Users\user\Downloads\Locale.Emulator.2.3.1.1.zip
    2017-08-29 23:45 - 2017-08-29 23:45 - 000000115 _____ C:\Users\user\Downloads\https---www.greenlam.com-sg-architects-designers-laminates-hpl-black-sea-pearl-hpl-custom.url
    2017-08-22 09:57 - 2017-08-22 09:57 - 000001058 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-18 16:09 - 2017-08-02 10:42 - 000004120 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CAFF5886-D97B-4A1C-9FBC-0507A8018A92}
    2017-09-18 16:05 - 2017-08-02 10:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-09-18 16:02 - 2016-03-05 19:40 - 000000000 ____D C:\Users\user\AppData\Roaming\TaobaoProtect
    2017-09-18 15:37 - 2017-03-19 05:03 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-09-18 15:37 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-09-18 15:36 - 2017-08-02 10:19 - 000603314 _____ C:\WINDOWS\system32\prfh0804.dat
    2017-09-18 15:36 - 2017-08-02 10:19 - 000280212 _____ C:\WINDOWS\system32\prfc0804.dat
    2017-09-18 15:36 - 2017-08-02 10:16 - 000664466 _____ C:\WINDOWS\system32\perfh011.dat
    2017-09-18 15:36 - 2017-08-02 10:16 - 000280342 _____ C:\WINDOWS\system32\perfc011.dat
    2017-09-18 15:36 - 2017-03-20 13:10 - 000616864 _____ C:\WINDOWS\system32\prfh0404.dat
    2017-09-18 15:36 - 2017-03-20 13:10 - 000280824 _____ C:\WINDOWS\system32\prfc0404.dat
    2017-09-18 15:36 - 2015-10-31 14:59 - 003948966 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-09-18 15:31 - 2017-08-02 10:42 - 000003444 _____ C:\WINDOWS\System32\Tasks\iToolsDaemon
    2017-09-18 15:31 - 2016-03-06 14:51 - 000000000 ___RD C:\Users\user\Google 雲端硬碟
    2017-09-18 15:31 - 2016-03-05 19:40 - 000000000 ____D C:\Users\user\AppData\Local\aef
    2017-09-18 15:31 - 2015-12-24 15:01 - 000000000 ___RD C:\Users\user\OneDrive
    2017-09-18 15:29 - 2017-08-02 10:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-09-18 15:29 - 2017-08-02 10:29 - 000495576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-09-18 15:29 - 2017-06-08 01:01 - 000000000 ____D C:\Users\user\AppData\Roaming\DMCache
    2017-09-18 15:29 - 2017-03-18 19:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI
    2017-09-18 15:29 - 2016-08-31 12:07 - 000039902 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
    2017-09-18 15:29 - 2016-08-10 18:01 - 000040190 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd
    2017-09-18 10:03 - 2015-12-28 09:45 - 000000000 ____D C:\Users\user\AppData\Local\Adobe
    2017-09-16 19:49 - 2015-12-30 09:13 - 000000000 ____D C:\Users\user\AppData\LocalLow\LastPass
    2017-09-16 18:49 - 2015-12-29 16:19 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2017-09-15 10:50 - 2017-03-19 05:01 - 000000000 ____D C:\WINDOWS\INF
    2017-09-14 10:46 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\rescache
    2017-09-14 10:32 - 2015-10-31 14:52 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-09-14 10:20 - 2017-08-02 10:19 - 000000000 ____D C:\WINDOWS\system32\zh-HANS
    2017-09-14 10:20 - 2017-08-02 10:16 - 000000000 ____D C:\WINDOWS\system32\ja
    2017-09-14 10:20 - 2017-03-20 13:10 - 000000000 ____D C:\WINDOWS\system32\zh-HANT
    2017-09-14 10:20 - 2017-03-19 05:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-09-14 10:20 - 2017-03-19 05:03 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-09-14 10:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2017-09-14 10:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
    2017-09-14 10:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-09-14 10:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\setup
    2017-09-14 10:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
    2017-09-14 10:19 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-09-14 10:19 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2017-09-14 10:19 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-09-13 14:10 - 2017-08-18 23:16 - 000004118 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2017-09-13 14:10 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-09-13 14:10 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-09-13 13:37 - 2015-12-24 16:52 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-09-13 13:35 - 2017-03-19 04:51 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-09-13 13:35 - 2015-12-24 16:52 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-09-12 18:32 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-09-12 10:41 - 2017-08-02 14:44 - 000000000 ____D C:\WINDOWS\Minidump
    2017-09-12 10:41 - 2017-07-07 21:07 - 1523657782 _____ C:\WINDOWS\MEMORY.DMP
    2017-09-12 00:09 - 2016-01-15 14:17 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2017-09-11 15:48 - 2015-12-29 16:23 - 000000000 ___RD C:\Users\user\Dropbox
    2017-09-10 00:18 - 2017-04-25 09:36 - 000000000 ____D C:\Program Files (x86)\mozilla firefox
    2017-09-10 00:18 - 2016-03-05 19:40 - 000000504 _____ C:\WINDOWS\Tasks\AliUpdater{026DBBFC-1CF5-4534-A7EC-0A9186E1F496}.job
    2017-09-10 00:18 - 2015-12-28 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-09-10 00:16 - 2017-03-19 05:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-09-10 00:16 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2017-09-10 00:16 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2017-09-10 00:16 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-09-09 11:10 - 2017-08-02 10:42 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3992126083-2723911071-3783806095-1001
    2017-09-09 11:10 - 2015-12-24 15:01 - 000002331 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-09-08 22:40 - 2016-04-27 20:53 - 000000000 ____D C:\Users\user\AppData\Local\NETGEARGenie
    2017-09-05 09:29 - 2015-12-28 09:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-09-04 10:00 - 2016-02-26 10:02 - 000000000 ____D C:\Anne's Personal
    2017-09-03 11:19 - 2016-01-07 15:18 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
    2017-09-03 11:13 - 2017-03-19 05:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-09-02 23:15 - 2017-03-19 05:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-09-02 23:15 - 2017-03-19 05:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-09-02 09:36 - 2016-11-30 17:54 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
    2017-09-02 09:10 - 2017-08-02 10:42 - 000003704 _____ C:\WINDOWS\System32\Tasks\AliUpdater{026DBBFC-1CF5-4534-A7EC-0A9186E1F496}
    2017-08-31 15:45 - 2015-12-28 09:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-08-30 19:44 - 2016-03-25 18:46 - 000000000 ____D C:\Locale.Emulator.2.2.0.0.pre2
    2017-08-28 01:06 - 2015-12-24 14:59 - 000000000 ____D C:\Users\user\AppData\Local\Packages
    2017-08-26 13:25 - 2015-12-25 21:49 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-26 13:25 - 2015-12-25 21:49 - 000002243 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-08-25 16:55 - 2016-12-07 09:47 - 000000000 ____D C:\Users\user\AppData\Roaming\AliWangWang
    2017-08-22 10:02 - 2017-03-20 13:14 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2017-08-22 10:02 - 2017-03-20 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
    2017-08-22 10:02 - 2017-03-20 13:10 - 000000000 ____D C:\WINDOWS\system32\WCN
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ___RD C:\Program Files\Windows Defender
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\IME
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\Help
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files\Common Files\System
    2017-08-22 10:02 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2017-08-22 10:02 - 2017-03-18 19:40 - 000000000 ____D C:\WINDOWS\servicing
    2017-08-22 09:59 - 2017-03-20 13:12 - 000000000 ____D C:\WINDOWS\OCR
    2017-08-19 21:23 - 2016-03-05 19:40 - 000000000 ____D C:\Program Files (x86)\AliWangWang

    ==================== Files in the root of some directories =======

    2015-12-30 09:13 - 2015-12-30 09:13 - 020320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2017-05-24 11:10 - 2017-05-24 11:10 - 000007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    2017-09-15 17:55 - 2017-09-15 17:55 - 000382760 _____ (Splashtop Inc.) C:\Users\user\AppData\Local\Temp\SetupUtil.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-09-18 11:41

    ==================== End of FRST.txt ============================

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hello and welcome

    When Farbar's Recovery Scan Tool was first run it should had created Addition.txt, I need to see this.

    Can you locate this please and post it in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Sep 2017
    Posts
    10

    Default

    Quote Originally Posted by Juliet View Post
    Hello and welcome

    When Farbar's Recovery Scan Tool was first run it should had created Addition.txt, I need to see this.

    Can you locate this please and post it in your next reply.
    Hi Juliet,

    Below is the Addition log.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
    Ran by user (18-09-2017 16:12:39)
    Running from C:\Users\user\Downloads
    Windows 10 Pro Version 1703 (X64) (2017-08-02 02:51:51)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3992126083-2723911071-3783806095-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3992126083-2723911071-3783806095-503 - Limited - Disabled)
    Guest (S-1-5-21-3992126083-2723911071-3783806095-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3992126083-2723911071-3783806095-1004 - Limited - Enabled)
    user (S-1-5-21-3992126083-2723911071-3783806095-1001 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
    AS: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    5KPlayer (HKLM-x32\...\5KPlayer) (Version: 4.5 - DearMob, Inc.)
    7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
    Acronis True Image 2016 (HKLM-x32\...\{986072E2-9A8A-4BE9-896B-18C3219BCE58}) (Version: 19.0.5518 - Acronis) Hidden
    Acronis True Image 2016 (HKLM-x32\...\{986072E2-9A8A-4BE9-896B-18C3219BCE58}Visible) (Version: 19.0.5518 - Acronis)
    Adobe Acrobat Reader DC - Chinese Traditional (HKLM-x32\...\{AC76BA86-7AD7-1028-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
    Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.5 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.1 - Adobe Systems Incorporated)
    Alipay Cert Component 2.5.0.0 (HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\AlipayCert) (Version: 2.5.0.0 - Alipay.com Co., Ltd.)
    Apowersoft Online Launcher 版本 1.6.1 (HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.6.1 - APOWERSOFT LIMITED)
    Apowersoft Phone Manager version 2.7.1 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.7.1 - APOWERSOFT LIMITED)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    Apple 應用程式支援 (32 位元) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
    Apple 應用程式支援 (64 位元) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
    Do Your Data Recovery for iPhone 4.0 (HKLM-x32\...\Do Your Data Recovery for iPhone 4.0_is1) (Version: - DoYourData)
    DrayTek Smart VPN Client (HKLM-x32\...\DrayTek Smart VPN Client) (Version: - )
    Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.22 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    EPubsoft Adobe PDF ePub DRM Removal 7.0.6 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 7.0.6 - EPUBSOFT)
    ESET NOD32 Antivirus (HKLM\...\{9170A3F6-8E7A-436B-B51F-C93FCF6EC0B4}) (Version: 10.0.390.0 - ESET, spol. s r.o.)
    Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
    Fuji Xerox BRAdmin Light 1.26.8102 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.26.8102 - Fuji Xerox)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
    Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Infinite HD™ App (HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4409 - Intel Corporation)
    iPhone Care Pro (HKLM-x32\...\iPhone Care Pro) (Version: - Tenorshare, Inc.)
    iSkysoft PDF Converter Pro (Build 4.0.5) (HKLM-x32\...\{92CBC677-A836-4784-978B-5989C86D2BC5}_is1) (Version: 4.0.5 - iSkysoft Software)
    iTools 3 (HKLM-x32\...\ThinkSky) (Version: - 深圳市创想天空科技有限公司)
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    LastPass (僅移除安裝) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Manager (HKLM-x32\...\{9B75BF47-AA7E-4781-9B8F-D34AB6463DC9}) (Version: 8.0.50.26417 - LULU Software Limited) Hidden
    Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
    Microsoft Office 家用版 2016 - zh-tw (HKLM\...\HomeStudentRetail - zh-tw) (Version: 16.0.8326.2096 - Microsoft Corporation)
    Microsoft Office 家庭和学生版 2016 - zh-cn (HKLM\...\HomeStudentRetail - zh-cn) (Version: 16.0.8326.2096 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft 滑鼠和鍵盤中心 (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.0.337.0 - Microsoft Corporation)
    Mozilla Firefox 55.0.3 (x86 zh-TW) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 zh-TW)) (Version: 55.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
    Multi-Function Suite DocuPrint M225 dw (HKLM-x32\...\{10D98D84-A981-4433-BE8F-0B6F944E27A9}) (Version: 1.0.1.0 - Fuji Xerox)
    My Lockbox 3.8.3 (HKLM\...\My Lockbox_is1) (Version: 3.8.3 - )
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
    NO,THANK YOU!!! (HKLM-x32\...\nothankyou) (Version: 1.00 - parade)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0404-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0804-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
    pCloud Drive (HKLM-x32\...\{74C24FB6-E21A-451B-B1CA-0664208D6442}) (Version: 3.2.4 - pCloud AG) Hidden
    pCloud Drive (HKLM-x32\...\{a4d74929-30fa-44a1-a540-369e3e993083}) (Version: 3.2.4.0 - pCloud AG)
    Perfect Effects 9 (HKLM-x32\...\Perfect Effects 9 PE) (Version: 9.5.0 - on1)
    PUB HTML5 (HKLM-x32\...\PUB HTML5_is1) (Version: - PubHtml5 Solution)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7424 - Realtek Semiconductor Corp.)
    SharewareOnSale Notifier (HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)
    Skype(TM) 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
    Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.39.24931 - LULU Software Limited)
    Soda PDF 8 Asian Fonts Pack (HKLM\...\{87FACA0E-BF54-4D3C-BCD1-8A65677E67CD}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 Convert Module (HKLM\...\{6DE3F77B-61B0-419B-92D8-23CE18D05D5C}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 Create Module (HKLM\...\{ACCE496C-C98C-4F6C-9591-B388E38DAEDB}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 Edit Module (HKLM\...\{3DBA10E0-4260-4784-BB89-1FC0B05E2D42}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 Forms Module (HKLM\...\{1104A62B-BE26-4ABD-80DB-53B7ABB1488F}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 Insert Module (HKLM\...\{5A613163-4365-4689-98CF-C8BE3EB57AD5}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 OCR Module (HKLM\...\{AE366222-E05E-4DB7-8DD2-F134E3C39274}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 Review Module (HKLM\...\{1941A961-293E-4E1C-924C-5818E1337D16}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 Secure Module (HKLM\...\{38BA55CC-1E28-4A62-9F6E-2627AF019D08}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soda PDF 8 View Module (HKLM\...\{7D857DD8-566A-4DE6-9B2B-85FCA7F22D18}) (Version: 8.0.50.26297 - LULU Software Limited) Hidden
    Soft Organizer version 5.11 (HKLM-x32\...\Soft Organizer_is1) (Version: 5.11 - ChemTable Software)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Streaming Video Recorder V5.1.6 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 5.1.6 - APOWERSOFT LIMITED)
    SurfacePro4 Update 17_020_01 (64 bit) (HKLM\...\{8318582C-7466-4F02-8EBF-C63DA6801CC4}) (Version: 17.05.02.0 - Microsoft)
    Sweet Home 3D version 5.2 (HKLM\...\Sweet Home 3D_is1) (Version: 5.2 - eTeks)
    TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
    VitalSource Bookshelf (HKLM-x32\...\{d25e882e-ebb7-4f14-b756-5fb52fe1d833}) (Version: 7.2.0003 - 您的公司名稱)
    Windscribe version 1.61 build 9 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.61 build 9 - Windscribe)
    WinUtilities Professional Edition 12.28 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043009}_is1) (Version: 12.28 - YL Computing, Inc)
    WinX DVD Ripper Platinum 7.5.14 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    WinX HD Video Converter Deluxe 5.9.9 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
    ZD Soft Screen Recorder (HKLM-x32\...\{7C6080F2-1A23-4E11-BD61-B6819C9B65ED}) (Version: 10.1.3 - ZD Soft)
    谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)
    阿里旺旺 (HKLM-x32\...\阿里旺旺) (Version: - 阿里巴巴(中国)有限公司)
    盓葆惘假諷璃 5.1.0.3754 (HKLM-x32\...\alieditplus) (Version: 5.1.0.3754 - Alipay.com Co., Ltd.)
    鳥籠のマリアージュ (HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\{BF2176C2-824A-46A8-99C4-D29D1655E289}) (Version: - Kalmia8)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001_Classes\CLSID\{08D512D2-7D97-4E22-B7DB-82791106C086}\InprocServer32 -> C:\Users\user\AppData\Roaming\alipay\cf\alicdo_x64.dll (Alipay)
    CustomCLSID: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    CustomCLSID: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\AliWangWang\9.11.02C\AliIMX_64.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Users\user\Downloads\IDM6.28.11\IDM\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-07-23] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-07-23] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-07-23] (Acronis)
    ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {08C16B0C-CEF0-44F3-837B-E42C4E91AE7F} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-02-11] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {08C16B0C-CEF0-44F3-837B-E42C4E91AE7F} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-02-11] (EldoS Corporation)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers1: [ContextMenuExtension] -> {a0b73fac-351f-3948-9d8a-1dad9d870193} => C:\WINDOWS\system32\mscoree.dll [2017-03-19] (Microsoft Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SodaPDF8_ManagerExt] -> {3515E187-6607-4A1B-B616-26C7A7B4B32A} => C:\Program Files\Soda PDF 8\creator-context-menu.dll [2015-12-14] (LULU SOFTWARE LIMITED)
    ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-07-23] (Acronis)
    ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
    ContextMenuHandlers4: [ContextMenuExtension] -> {a0b73fac-351f-3948-9d8a-1dad9d870193} => C:\WINDOWS\system32\mscoree.dll [2017-03-19] (Microsoft Corporation)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
    ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-07-23] (Acronis)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {017BBDE7-0243-4CAC-9491-1CBD7B3A517C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
    Task: {032BD197-572A-4E65-8947-34F1719F5CF4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-06-13] (Microsoft)
    Task: {0EDFF82E-09FD-415A-8D9B-D35059D31EDB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
    Task: {107688FC-E9BB-4973-A4E2-0BFBEDFC1E07} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-06-13] (Microsoft Corporation)
    Task: {1529AB3D-483C-44CD-9197-AD6491972C6F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-06-13] (Microsoft Corporation)
    Task: {1FCFC6CA-F5BB-4929-A74B-0BB56FC8F71D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
    Task: {24A5279B-29F2-439B-B308-8D8217DC124F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {27F36D85-6FB2-4069-B0E1-B9B222A51452} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-06-13] (Microsoft)
    Task: {29C874EA-B5D4-4085-8A0B-67F9FC4F335B} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2017-07-19] ()
    Task: {421946E1-9E40-452A-A90E-B3656A82871E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-06-13] (Microsoft Corporation)
    Task: {4730652B-B18F-4E8A-86D3-BA7D910D7C0E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
    Task: {50C4023A-7224-4CFC-8B8C-9E992BF07C46} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
    Task: {60ED09E4-21ED-4284-BD94-B56B5445F06C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
    Task: {61A6298C-C5A6-4E7E-959E-9806761D8F52} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
    Task: {6234BA77-1F21-43BB-A7B4-7F6BAC2F9E95} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
    Task: {7D0BCE0E-2AA6-43D5-A17F-A7092464969F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {8870958D-0116-4554-A336-A7F488D3F894} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-06-13] (Microsoft Corporation)
    Task: {B4F7B3A1-ECEF-4537-A904-64167A65B60A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-29] (Dropbox, Inc.)
    Task: {D101EBF7-C2FC-4DB1-BFBA-677E875D7E04} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {DA339F8F-747D-4D19-9E3A-D7BCF43C00D0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-29] (Dropbox, Inc.)
    Task: {DF685200-EAE8-4F1D-9622-B4DD6999F9AF} - System32\Tasks\AliUpdater{026DBBFC-1CF5-4534-A7EC-0A9186E1F496} => C:\Program Files (x86)\AliWangWang\AliTask.exe [2017-08-04] (Alibaba software (Shanghai) Corporation.)
    Task: {EF7D4AEC-697B-43FC-B0EA-615CE4788CC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
    Task: {F1F82F19-F33F-4008-B0D4-776E7E11040B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {F4E76629-B0DF-4148-AC93-23FF626B11CF} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2015-12-25] (Google Inc.)
    Task: {F556E42E-42CF-44BA-A464-46A2FBBBE812} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-annew1128@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\AliUpdater{026DBBFC-1CF5-4534-A7EC-0A9186E1F496}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-03-19 04:58 - 2017-03-19 04:58 - 000125440 _____ () C:\WINDOWS\system32\HeatCore.dll
    2017-01-13 11:56 - 2017-01-13 11:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-02-28 11:53 - 2005-04-22 12:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
    2016-12-27 12:22 - 2016-12-08 01:15 - 000053352 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe
    2016-01-30 21:18 - 2017-07-19 10:18 - 000494992 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
    2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2016-02-16 16:55 - 2016-01-22 13:55 - 000553136 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2017-03-19 04:59 - 2017-03-20 13:13 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-08-23 21:37 - 2017-08-23 21:37 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-08-23 21:37 - 2017-08-23 21:37 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-08-23 21:37 - 2017-08-23 21:37 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-08-23 21:37 - 2017-08-23 21:37 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000137104 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AliExternal.exe
    2017-08-26 13:25 - 2017-08-23 16:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
    2017-08-26 13:25 - 2017-08-23 16:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
    2017-09-14 10:11 - 2017-09-14 10:12 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-09-14 10:11 - 2017-09-14 10:12 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2017-09-14 10:11 - 2017-09-14 10:12 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
    2017-09-13 11:27 - 2017-09-13 11:27 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2017-09-13 11:27 - 2017-09-13 11:27 - 029621760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-08-18 10:03 - 2017-08-18 10:05 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
    2017-08-18 10:03 - 2017-08-18 10:05 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2017-09-13 11:27 - 2017-09-13 11:27 - 020305920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2017-08-18 10:03 - 2017-08-18 10:05 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2017-09-13 11:27 - 2017-09-13 11:27 - 003028992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2017-06-22 09:49 - 2017-06-22 09:49 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-08-02 12:02 - 2017-08-02 14:27 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
    2017-08-18 10:03 - 2017-08-18 10:05 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2017-05-23 10:32 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2017-05-23 10:32 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-05-23 10:32 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-05-23 10:32 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-05-23 10:32 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 002668944 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000164752 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 001430416 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000189840 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000469392 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000676240 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000051600 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000392592 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000555408 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
    2016-01-30 21:18 - 2017-07-19 10:18 - 000109968 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
    2017-01-13 11:56 - 2017-01-13 11:56 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-09 00:45 - 2017-05-09 00:45 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-03-05 19:40 - 2016-03-05 19:40 - 000698152 _____ () C:\Users\user\AppData\Roaming\TaobaoProtect\AliBench\AlibenchDLL.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 002542480 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\prgbase.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 042131344 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\aef.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000286608 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\pcre.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000585616 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\uparams.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 008590736 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\prgnet.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000162192 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\PerfTrace.dll
    2014-07-03 20:36 - 2014-07-03 20:36 - 000322376 _____ () C:\Program Files (x86)\alipay\aliedit\5.1.0.3754\aliedit.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000063376 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\UpdateAssist.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000073104 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\zlib1.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000741264 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AppBiz.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000101264 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\jmsdk.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000094096 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AliOfflinePkgLoader.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000174992 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AliOfflinePkg.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000461200 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AliAuthSDK.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000108944 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AppModel.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000146320 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\uac.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000097168 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\httplib.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000191888 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\unrar.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 001388432 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AUTHSDKResource\collina.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000219536 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\DCSDK.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 005038992 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\imsdkbiz.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 006174096 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\imsdkmodel.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000161680 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\zlibwapi.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000445840 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\AppUI.dll
    2017-08-07 13:56 - 2017-08-04 19:31 - 000975760 _____ () C:\Program Files (x86)\AliWangWang\9.11.02C\libalisua.dll
    2017-09-18 15:31 - 2017-09-18 15:31 - 000098816 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32api.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000110080 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\pywintypes27.dll
    2017-09-18 15:31 - 2017-09-18 15:31 - 000364544 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\pythoncom27.dll
    2017-09-18 15:31 - 2017-09-18 15:31 - 000320512 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32com.shell.shell.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000914432 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_hashlib.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 001176576 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._core_.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000806400 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._gdi_.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000816128 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._windows_.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 001067008 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._controls_.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000733184 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._misc_.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000682496 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\pysqlite2._sqlite.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000088064 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_ctypes.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000686080 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\unicodedata.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000119808 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32file.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000108544 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32security.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000007168 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\hashobjs_ext.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000017920 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\thumbnails_ext.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000088064 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\usb_ext.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000012800 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\common.time34.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000018432 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32event.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000167936 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32gui.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000046080 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_socket.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 001303552 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_ssl.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000128512 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_elementtree.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000127488 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\pyexpat.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000038912 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32inet.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000036864 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_psutil_windows.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000524248 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\windows._lib_cacheinvalidation.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000011264 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32crypt.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000123392 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._wizard.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000077312 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._html2.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000027648 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_multiprocessing.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000020480 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\_yappi.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000035840 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32process.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000078848 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\wx._animate.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000024064 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32pipe.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000010240 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\select.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000025600 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32pdh.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000017408 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32profile.pyd
    2017-09-18 15:31 - 2017-09-18 15:31 - 000022528 ____R () C:\Users\user\AppData\Local\Temp\_MEI122282\win32ts.pyd
    2017-09-16 18:49 - 2017-09-15 05:41 - 000771392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2017-09-16 18:49 - 2017-09-15 05:41 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2015-12-29 16:22 - 2017-09-15 05:40 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2015-12-29 16:22 - 2017-09-15 05:43 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2017-09-16 18:49 - 2017-09-15 05:40 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2017-09-16 18:49 - 2017-09-15 05:41 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2015-12-29 16:22 - 2017-09-15 05:40 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-08-06 11:25 - 2017-09-15 05:43 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2017-09-16 18:49 - 2017-09-15 05:40 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2017-09-16 18:49 - 2017-09-15 05:41 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2015-12-29 16:22 - 2017-09-15 05:43 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-08-06 11:25 - 2017-09-15 05:43 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2017-09-09 09:56 - 2017-09-15 05:43 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
    2017-05-18 02:21 - 2017-09-15 05:43 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
    2015-12-29 16:22 - 2017-09-15 05:43 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2017-02-28 06:42 - 2017-09-15 05:43 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
    2017-01-24 13:32 - 2017-09-15 05:43 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
    2016-04-16 09:56 - 2017-09-15 05:43 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
    2017-01-24 13:32 - 2017-09-15 05:43 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2017-01-24 13:32 - 2017-09-15 05:43 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
    2017-01-24 13:32 - 2017-09-15 05:43 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2015-12-29 16:22 - 2017-09-15 05:40 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
    2016-02-18 13:59 - 2017-09-15 05:43 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2017-09-16 18:49 - 2017-09-15 05:41 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2017-09-16 18:49 - 2017-09-15 05:42 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2017-09-16 18:49 - 2017-09-15 05:41 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2017-09-16 18:49 - 2017-09-15 05:42 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-07-12 16:06 - 2017-09-15 05:43 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2017-09-16 18:49 - 2017-09-15 05:42 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2017-02-28 06:42 - 2017-09-15 05:43 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.pyd
    2016-08-06 11:25 - 2017-09-15 05:43 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2017-04-07 08:02 - 2017-09-15 05:43 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2017-09-16 18:49 - 2017-09-15 05:42 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2015-08-16 23:44 - 2015-08-16 23:44 - 000036160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
    2015-08-16 23:44 - 2015-08-16 23:44 - 000446272 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    2015-08-16 23:44 - 2015-08-16 23:44 - 000116032 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 19:04 - 2017-05-23 12:36 - 000454548 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 activation.acronis.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15601 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "XeroxEndeavorBackgroundTask"
    HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
    HKLM\...\StartupApproved\Run32: => "5KPlayer.exe"
    HKLM\...\StartupApproved\Run32: => "ControlCenter4"
    HKLM\...\StartupApproved\Run32: => "BrStsMon00"
    HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
    HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\StartupApproved\Run: => "pCloud"
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\StartupApproved\Run: => "AshSnap"
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\StartupApproved\Run: => "NETGEARGenie"
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\StartupApproved\Run: => "SharewareOnSale Notifier"
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\StartupApproved\Run: => "Windscribe"
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\...\StartupApproved\Run: => "5KPlayer"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{90E19C34-B95C-40A3-9B44-C1C0A25A6D3F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{984DC5BD-2B9C-49EA-B669-1957159A04C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{789C7B38-2355-42EB-867C-B25FE01A25C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{BC16433D-1DB8-4118-8930-263CB48B93EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{9EB091FE-6A94-4BA5-ABE5-E1F63A8CF55A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [UDP Query User{B05500FA-0516-4FAF-9A51-07E6FAAF59A0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{A17C906A-41AD-4F04-A198-90A3CEB86D98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{AC8AF62D-9FA4-484D-B392-C1B6BE75964D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{69191855-C9AD-4675-83D5-2B55AA4825BE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{05242365-57B9-4E66-96D9-B54C2D509132}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{C02DE494-D9C4-4BDC-B3D3-B110BD2BFE8C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [UDP Query User{43936E50-106C-4A21-AF4A-C74E9E295235}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
    FirewallRules: [TCP Query User{E7ED7117-2F11-436D-BDA4-1F7466FC2117}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
    FirewallRules: [{B800A77B-ED45-4DB8-9592-34A442E118E5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{973372F3-DC83-4DE6-92DD-32339FB9EF66}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [UDP Query User{E1D2872B-014C-452D-BD43-94AD057012F1}C:\users\user\desktop\airplayer.exe] => (Allow) C:\users\user\desktop\airplayer.exe
    FirewallRules: [TCP Query User{0D1E8758-5172-4EFC-9233-C19201442842}C:\users\user\desktop\airplayer.exe] => (Allow) C:\users\user\desktop\airplayer.exe
    FirewallRules: [{5B965328-1AE3-4A4D-BE13-7CC99BAA8FF5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DE077EAC-E091-4BF9-8D81-7FA3A7738866}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C224E750-1C36-4935-9A8D-61271EE53461}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0373AD70-D996-48FF-AB42-65921197A7ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A4C579F8-7BFC-46EE-AEF0-661DDA1432F0}] => (Allow) LPort=54925
    FirewallRules: [{A80D5110-1D86-4860-95D5-88C7CB0C15D7}] => (Allow) C:\Program Files (x86)\Fuji Xerox\BRAdmin Light\BRAdmLight.exe
    FirewallRules: [{10135E52-1EA1-4C3F-BB05-9382B5A3DA85}] => (Block) C:\users\user\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
    FirewallRules: [{28ECED4E-E94F-41E4-8B98-687451BE096E}] => (Block) C:\users\user\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
    FirewallRules: [UDP Query User{6C0870F9-BB08-46F2-9C9F-BC968BE510E8}C:\users\user\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\user\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
    FirewallRules: [TCP Query User{1AD16F77-9E99-44C4-832B-23AB3B9B978D}C:\users\user\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\user\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
    FirewallRules: [{595CF718-81DA-4B0D-AE58-36D37FB74B13}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe
    FirewallRules: [{1F1BA068-B611-4842-ACFE-D1A471A91407}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe
    FirewallRules: [{10EDF30C-5AE8-4546-BE4C-6D756FF91223}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\baiduyunguanjia.exe
    FirewallRules: [{3AD5975D-8D4F-4CA8-B54D-A249E0C30A05}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\baiduyunguanjia.exe
    FirewallRules: [{7C25361F-FAF3-4651-8FFE-CFAA40E5A072}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\baiduyunguanjia.exe
    FirewallRules: [{B26F016A-0EA7-4E84-8C97-F4F688C10E6F}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\baiduyunguanjia.exe
    FirewallRules: [{64EDAA34-AFCD-4238-B3C5-9EF6F181BD39}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe
    FirewallRules: [{5ABF6801-93C3-48E2-96FF-1DEFD3B0991D}] => (Allow) C:\Users\user\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe
    FirewallRules: [UDP Query User{1E8DDFBC-432F-437A-B094-2708AA80328A}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
    FirewallRules: [TCP Query User{82A70278-9828-4AF8-83FA-C0F0DD80EA43}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
    FirewallRules: [{823FF87E-0BDC-4153-B30D-AA81D01B8629}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
    FirewallRules: [{BFFC089B-C4CF-4F71-ADE1-392D5173B217}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
    FirewallRules: [UDP Query User{8F815142-F3D1-45B3-AC7A-B5961003898F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
    FirewallRules: [TCP Query User{4B0C440D-B139-4B04-938B-AAB0B7661B94}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
    FirewallRules: [{E8F1CC0D-97F4-4BFA-B1C9-258F301DD15B}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
    FirewallRules: [{9DFFEAF3-EDDB-449D-9B49-CC748C65159A}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
    FirewallRules: [{7CEA199C-52B3-4214-9F5B-AAE3BFFA0E26}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
    FirewallRules: [{DC502E5D-61C8-4E97-85C5-9B85AB933449}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
    FirewallRules: [{60470330-EE08-42E5-8413-D8BD8E4C9A5F}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
    FirewallRules: [{CAC1166F-6C55-4132-B367-CE3CADD21C80}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
    FirewallRules: [{E03EBF6E-5A27-44ED-B7BC-71C10A268BFB}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
    FirewallRules: [{C19AC539-D69E-40EE-9935-DD51E8590056}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
    FirewallRules: [{01B8859F-BD48-448C-8C43-97516D6F03CB}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
    FirewallRules: [{3D5459E5-F1F5-4C74-99D5-20A026FB0441}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
    FirewallRules: [{EDB54F2F-9879-4578-90DF-7E2C6B1BDD32}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
    FirewallRules: [{FE661ABC-1EDE-48C2-8A8A-4558F1153824}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
    FirewallRules: [{E95C085A-7F72-47D9-AFD8-A49B927EA4BC}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
    FirewallRules: [{36956C2F-84DF-4B7B-80CC-EA20A6C16B1C}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
    FirewallRules: [{DBFAADE7-EC57-4A84-8EFC-AD615C6EF993}] => (Block) C:\programdata\a-pdf\pub html5\previewflash\previewhtmlserver.exe
    FirewallRules: [{D1289C22-1FD3-4B3A-ADD5-8F74BF7FC8D8}] => (Block) C:\programdata\a-pdf\pub html5\previewflash\previewhtmlserver.exe
    FirewallRules: [UDP Query User{67EF75A0-859D-4D83-B2AA-74E9F418C786}C:\programdata\a-pdf\pub html5\previewflash\previewhtmlserver.exe] => (Allow) C:\programdata\a-pdf\pub html5\previewflash\previewhtmlserver.exe
    FirewallRules: [TCP Query User{D9BB6878-BA9A-486D-ABBE-73E4E471CC42}C:\programdata\a-pdf\pub html5\previewflash\previewhtmlserver.exe] => (Allow) C:\programdata\a-pdf\pub html5\previewflash\previewhtmlserver.exe
    FirewallRules: [{85BF9B03-F155-46E4-82D9-51BCDF1C2EFE}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe
    FirewallRules: [{50C2C138-C1B5-47B2-9AE0-515D2E3A626E}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe
    FirewallRules: [{2C2E22B5-DA23-4FA6-A43C-C1C73A24B6EA}] => (Allow) C:\Program Files (x86)\pCloud Drive\pCloud.exe
    FirewallRules: [{6604E945-3979-48A9-918A-D182A38677B3}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
    FirewallRules: [{83D8EFB1-438A-444F-9C79-564CE6AFDF78}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
    FirewallRules: [UDP Query User{AA7D904C-0918-431A-A180-38A20A1B76C1}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
    FirewallRules: [TCP Query User{6D0D734C-A4DE-45B7-916E-A61ED0BDAC9B}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
    FirewallRules: [{7BE20346-7CC2-4255-9EC6-1A90E8C10351}] => (Allow) C:\users\user\appdata\roaming\thinksky\itools\plugin\airplayer.exe
    FirewallRules: [{0FFE3366-AB2D-406B-99FA-B109152C26C5}] => (Allow) C:\users\user\appdata\roaming\thinksky\itools\plugin\airplayer.exe
    FirewallRules: [UDP Query User{1889E9C0-6E01-469C-A754-928372206398}C:\users\user\appdata\roaming\thinksky\itools\plugin\airplayer.exe] => (Allow) C:\users\user\appdata\roaming\thinksky\itools\plugin\airplayer.exe
    FirewallRules: [TCP Query User{EAFCD3D2-42C9-46AD-829E-E59D3F222BBA}C:\users\user\appdata\roaming\thinksky\itools\plugin\airplayer.exe] => (Allow) C:\users\user\appdata\roaming\thinksky\itools\plugin\airplayer.exe
    FirewallRules: [{BB5E4144-E4AC-4039-ABD8-C2E5DC4F66A4}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
    FirewallRules: [{3BB072E2-2D55-470B-826D-EC17058C965D}] => (Allow) C:\Users\user\Downloads\iToolsSetup_3.3.0.6.exe
    FirewallRules: [{CF1628E9-A02A-4A04-A233-E823574CD451}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
    FirewallRules: [{CF652C0F-7030-471D-9568-9D37DAA3DA81}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
    FirewallRules: [{6B53A3E5-C9ED-4EA7-9E6E-ABE2C8DAB498}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
    FirewallRules: [{142D7D7F-5370-42F5-BAF1-FB0D840328A0}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
    FirewallRules: [{BB3981C6-FF02-4951-8D47-F30EFEC5B18E}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
    FirewallRules: [{F713D065-9282-4A7A-B392-A304AFDBC174}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
    FirewallRules: [{78C126EC-B9C2-4FB2-8D3E-5B221CDA3611}] => (Allow) C:\users\user\downloads\airplayer\airplayer\airplayer.exe
    FirewallRules: [{E0BA5EA8-4AF7-4853-A3FB-1088C1313A2A}] => (Allow) C:\users\user\downloads\airplayer\airplayer\airplayer.exe
    FirewallRules: [UDP Query User{18940AFF-1029-4731-9A12-1C9EC79641FC}C:\users\user\downloads\airplayer\airplayer\airplayer.exe] => (Allow) C:\users\user\downloads\airplayer\airplayer\airplayer.exe
    FirewallRules: [TCP Query User{AF7DFBC5-90DF-4ECC-A1F0-4A6614282AAC}C:\users\user\downloads\airplayer\airplayer\airplayer.exe] => (Allow) C:\users\user\downloads\airplayer\airplayer\airplayer.exe
    FirewallRules: [{A7CF3E5F-B46E-48F4-A8A5-91485941C0FE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    FirewallRules: [{139147B9-6D03-415E-9E36-7C520B630308}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    FirewallRules: [{DC09D471-8A51-4DCA-8643-00CB67C3D3FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{22CC49EC-FE4D-48B9-8804-B3528EBB502D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{0F5C6A8D-8B7B-40D2-9748-FA542EE308A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{3FF5CF87-FEE5-4D42-BED9-DBB1B95A35F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{3B748706-DD75-41B3-A9E8-2139470C5CF6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [UDP Query User{739F3C43-1343-45BE-8F63-7DDEC44D4E51}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [TCP Query User{F66AA2B7-9709-4011-A017-D9C009FF4858}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [{45BB0AE0-7B80-4856-A218-AF163687D20F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9C4083B6-D1FE-4533-BF7F-67AD6CF6F4BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{77CE9329-12EF-4BA9-89DA-481E77622AA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{221A1D8B-F0CC-48A0-8B7D-B13C0740FF31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{778D7F3C-3914-4868-923B-668953B566D5}] => (Allow) C:\Users\user\Downloads\iToolsSetup_3.3.0.2.exe
    FirewallRules: [{07710D1A-271E-4F8D-97E6-4E5C0B5DD122}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{92064896-92D8-4019-8D37-5976E5AA1A71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{099575A6-C5FE-4F5B-A45C-F18F5EFCF4D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{BF1CD87E-E22F-4A51-BE95-5673E79B05BB}C:\users\user\google 雲端硬碟\說明書\tp-link wifi extender\powerline utility\powerline scan\powerline scan.exe] => (Allow) C:\users\user\google 雲端硬碟\說明書\tp-link wifi extender\powerline utility\powerline scan\powerline scan.exe
    FirewallRules: [UDP Query User{C6392426-36FD-40D8-B13B-4144A8A8BBDC}C:\users\user\google 雲端硬碟\說明書\tp-link wifi extender\powerline utility\powerline scan\powerline scan.exe] => (Allow) C:\users\user\google 雲端硬碟\說明書\tp-link wifi extender\powerline utility\powerline scan\powerline scan.exe
    FirewallRules: [{49139F99-62B2-4862-B5E6-96A2C0951358}] => (Allow) C:\Program Files (x86)\DrayTek\Smart VPN Client\SmartVPNClient.exe
    FirewallRules: [{0A68710D-2C86-42D8-A949-EA8FEC405ECB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    15-09-2017 10:49:40 Windows Update
    18-09-2017 11:59:37 清除了HKU\S-1-5-21 後

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/18/2017 03:33:30 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe" 的啟用內容產生失敗。資訊清單或原則檔 "" 的第 行發生錯誤。
    應用程式所需的元件版本和另一個使用中的元件版本衝突。
    衝突的元件為:
    元件 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest。
    元件 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest。

    Error: (09/18/2017 03:32:07 PM) (Source: SideBySide) (EventID: 75) (User: )
    Description: "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的啟用內容產生失敗。在資訊清單或原則檔 "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的第 2 行發生錯誤。
    在資訊清單中不允許多個 requestedPrivileges 元素。

    Error: (09/18/2017 02:41:14 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe" 的啟用內容產生失敗。資訊清單或原則檔 "" 的第 行發生錯誤。
    應用程式所需的元件版本和另一個使用中的元件版本衝突。
    衝突的元件為:
    元件 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest。
    元件 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest。

    Error: (09/18/2017 02:40:25 PM) (Source: SideBySide) (EventID: 75) (User: )
    Description: "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的啟用內容產生失敗。在資訊清單或原則檔 "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的第 2 行發生錯誤。
    在資訊清單中不允許多個 requestedPrivileges 元素。

    Error: (09/18/2017 01:43:30 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe" 的啟用內容產生失敗。資訊清單或原則檔 "" 的第 行發生錯誤。
    應用程式所需的元件版本和另一個使用中的元件版本衝突。
    衝突的元件為:
    元件 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest。
    元件 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest。

    Error: (09/18/2017 01:42:19 PM) (Source: SideBySide) (EventID: 75) (User: )
    Description: "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的啟用內容產生失敗。在資訊清單或原則檔 "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的第 2 行發生錯誤。
    在資訊清單中不允許多個 requestedPrivileges 元素。

    Error: (09/18/2017 12:41:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
    Description: 透過 https://IFX-KeyId-40b8682b8d18450a2b...lates/Aik/scep 為 WORKGROUP\DESKTOP-C7E41P4$ 執行的「SCEP 憑證」註冊初始化失敗:

    GetCACaps

    方法: GET(78ms)
    階段: GetCACaps
    無法解析伺服器名稱或位址 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

    Error: (09/18/2017 10:04:47 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe" 的啟用內容產生失敗。資訊清單或原則檔 "" 的第 行發生錯誤。
    應用程式所需的元件版本和另一個使用中的元件版本衝突。
    衝突的元件為:
    元件 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest。
    元件 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest。

    Error: (09/18/2017 10:03:47 AM) (Source: SideBySide) (EventID: 75) (User: )
    Description: "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的啟用內容產生失敗。在資訊清單或原則檔 "c:\program files (x86)\thinksky\itools 3\DrvInst.exe" 的第 2 行發生錯誤。
    在資訊清單中不允許多個 requestedPrivileges 元素。

    Error: (09/17/2017 07:11:34 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: DLL "C:\Windows\System32\bitsperf.dll" 的服務 "BITS" 的開啟程序失敗。這個服務的效能資料將無法使用。Data 區段的前四個位元組 (DWORD) 包含錯誤碼。


    System errors:
    =============
    Error: (09/18/2017 03:30:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: 應用程式特定 權限設定無法將含有 CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    與 APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    之 COM 伺服器應用程式的 本機 啟用 權限授與來自位址 LocalHost (使用 LRPC) (在應用程式容器 無法使用 SID (無法使用) 中執行) 的使用者 NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19)。您可以使用元件服務系統管理工具修改此安全性權限。

    Error: (09/18/2017 03:30:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: 應用程式特定 權限設定無法將含有 CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    與 APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    之 COM 伺服器應用程式的 本機 啟用 權限授與來自位址 LocalHost (使用 LRPC) (在應用程式容器 無法使用 SID (無法使用) 中執行) 的使用者 NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19)。您可以使用元件服務系統管理工具修改此安全性權限。

    Error: (09/18/2017 03:29:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: SDWSCService 服務無法啟動,因為下列錯誤:
    與目前的系統時鐘或簽署檔案的時間戳記核對時,所需的憑證不在有效日期內。

    Error: (09/18/2017 03:29:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: CldFlt 服務無法啟動,因為下列錯誤:
    不支援這個要求。

    Error: (09/18/2017 03:29:32 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: Acronis Sync Agent Service 服務在接收到關機前控制之後未正確關機。

    Error: (09/18/2017 02:39:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: 應用程式特定 權限設定無法將含有 CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    與 APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    之 COM 伺服器應用程式的 本機 啟用 權限授與來自位址 LocalHost (使用 LRPC) (在應用程式容器 無法使用 SID (無法使用) 中執行) 的使用者 NT AUTHORITY\SYSTEM SID (S-1-5-18)。您可以使用元件服務系統管理工具修改此安全性權限。

    Error: (09/18/2017 02:38:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: 應用程式特定 權限設定無法將含有 CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    與 APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    之 COM 伺服器應用程式的 本機 啟用 權限授與來自位址 LocalHost (使用 LRPC) (在應用程式容器 無法使用 SID (無法使用) 中執行) 的使用者 NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19)。您可以使用元件服務系統管理工具修改此安全性權限。

    Error: (09/18/2017 02:38:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: 應用程式特定 權限設定無法將含有 CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    與 APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    之 COM 伺服器應用程式的 本機 啟用 權限授與來自位址 LocalHost (使用 LRPC) (在應用程式容器 無法使用 SID (無法使用) 中執行) 的使用者 NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19)。您可以使用元件服務系統管理工具修改此安全性權限。

    Error: (09/18/2017 02:38:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: SDWSCService 服務無法啟動,因為下列錯誤:
    與目前的系統時鐘或簽署檔案的時間戳記核對時,所需的憑證不在有效日期內。

    Error: (09/18/2017 02:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: CldFlt 服務無法啟動,因為下列錯誤:
    不支援這個要求。


    CodeIntegrity:
    ===================================
    Date: 2017-09-18 16:12:15.365
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-18 16:12:15.363
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-18 16:12:15.344
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-18 16:12:15.342
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-18 16:11:10.107
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-09-18 16:11:10.104
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-09-18 16:09:04.170
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-18 16:09:04.169
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-18 15:51:08.877
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-09-18 15:51:08.875
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-6650U CPU @ 2.20GHz
    Percentage of memory in use: 33%
    Total physical RAM: 16309.11 MB
    Available physical RAM: 10853.72 MB
    Total Virtual: 18741.11 MB
    Available Virtual: 13438.44 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:474.03 GB) (Free:298.07 GB) NTFS
    Drive g: () (Network) (Total:1860.26 GB) (Free:1717.76 GB) NTFS
    Drive i: () (Network) (Total:1860.26 GB) (Free:1717.76 GB) NTFS
    Drive m: () (Network) (Total:1860.26 GB) (Free:1717.76 GB) NTFS
    Drive p: () (Network) (Total:1860.26 GB) (Free:1717.76 GB) NTFS
    Drive s: () (Network) (Total:1860.26 GB) (Free:1717.76 GB) NTFS
    Drive y: () (Network) (Total:1860.26 GB) (Free:1717.76 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 476.9 GB) (Disk ID: EB3BCA0A)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Start Farbar Recovery Scan Tool (Please double-click on FRST/FRST64) with Administrator privileges
    or Right click on the FRST icon and select Run as administrator

    Right click/highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Start::
    CloseProcesses:
    CreateRestorePoint:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    2017-09-15 17:55 - 2017-09-15 17:55 - 000382760 _____ (Splashtop Inc.) C:\Users\user\AppData\Local\Temp\SetupUtil.exe
    CustomCLSID: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ******

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    • After the installation IS complete let it update if it asks.
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here

    ~~

    Malwarebytes AdwCleaner
    • Please download Malwarebytes AdwCleaner and save the file to your Desktop
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click [img=http://i.imgur.com/MqHawIb.png] Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.

    please post
    Fixlog.txt
    Malwarebytes Anti-Malware log
    AdwCleaner.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Sep 2017
    Posts
    10

    Default

    Thank you very much for your reply!

    The followings are the result for each step:

    1) FRST

    Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
    Ran by user (20-09-2017 10:28:38) Run:1
    Running from C:\Users\user\Downloads
    Loaded Profiles: user (Available Profiles: user)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************

    CloseProcesses:
    CreateRestorePoint:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    2017-09-15 17:55 - 2017-09-15 17:55 - 000382760 _____ (Splashtop Inc.) C:\Users\user\AppData\Local\Temp\SetupUtil.exe
    CustomCLSID: HKU\S-1-5-21-3992126083-2723911071-3783806095-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\SOFTWARE\Policies\Google => key removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
    C:\Users\user\AppData\Local\Temp\SetupUtil.exe => moved successfully
    HKU\S-1-5-21-3992126083-2723911071-3783806095-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} => key removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => key removed successfully
    HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => key not found.
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key removed successfully
    HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found.
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.

    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14027386 B
    Java, Flash, Steam htmlcache => 19580 B
    Windows/system/drivers => 3560481 B
    Edge => 6962530 B
    Chrome => 676040274 B
    Firefox => 446112292 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 57067345 B
    NetworkService => 0 B
    user => 368594202 B

    RecycleBin => 350680 B
    EmptyTemp: => 1.5 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 10:35:52 ====

    2) Malwarebytes Anti-Malware

    The interface is slightly different from what you described.

    Under Setting, I went to "Protection" (there is no "Detection and Protection"),
    and under PUP and PUM, I selected "Always detect PUPs and PUMs (recommended)"
    and then still under Setting\Protection, I selected "Automatically Quarantine Detected Items" (no Advanced Setting option available)

    And after scanning, I selected "Quarantine Selected" (no "Apply" button available).
    And it did not prompt me to reboot.

    The Report is as follows:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 9/20/17
    Scan Time: 10:46 AM
    Log File: e297c158-9dad-11e7-a565-b4ae2bdfb13e.json
    Administrator: Yes

    -Software Information-
    Version: 3.2.2.2029
    Components Version: 1.0.188
    Update Package Version: 1.0.2845
    License: Trial

    -System Information-
    OS: Windows 10 (Build 15063.608)
    CPU: x64
    File System: NTFS
    User: DESKTOP-C7E41P4\user

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 410565
    Threats Detected: 1
    Threats Quarantined: 1
    Time Elapsed: 1 min, 35 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 1
    PUP.Optional.DriverAssist, HKLM\SOFTWARE\DriverAssist, Quarantined, [1574], [346513],1.0.2845

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

    3) Malwarebytes AdwCleaner

    # AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 20 03:11:26 2017
    # Updated on 2017/29/08 by Malwarebytes
    # Running on Windows 10 Pro (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    Deleted: pcas
    Deleted: secbizsrv


    ***** [ Folders ] *****

    Deleted: C:\Program Files (x86)\DriverToolkit
    Deleted: C:\Users\user\AppData\Local\DriverToolkit
    Deleted: C:\ProgramData\Tencent
    Deleted: C:\ProgramData\Application Data\Tencent
    Deleted: C:\Program Files (x86)\Common Files\Tencent
    Deleted: C:\Users\All Users\Tencent
    Deleted: C:\Users\user\AppData\Roaming\Tencent


    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{595CF718-81DA-4B0D-AE58-36D37FB74B13}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1F1BA068-B611-4842-ACFE-D1A471A91407}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{10EDF30C-5AE8-4546-BE4C-6D756FF91223}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3AD5975D-8D4F-4CA8-B54D-A249E0C30A05}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7C25361F-FAF3-4651-8FFE-CFAA40E5A072}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B26F016A-0EA7-4E84-8C97-F4F688C10E6F}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{64EDAA34-AFCD-4238-B3C5-9EF6F181BD39}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5ABF6801-93C3-48E2-96FF-1DEFD3B0991D}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3BB072E2-2D55-470B-826D-EC17058C965D}
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{778D7F3C-3914-4868-923B-668953B566D5}
    Deleted: [Key] - HKU\S-1-5-21-3992126083-2723911071-3783806095-1001\Software\DriverToolkit
    Deleted: [Key] - HKCU\Software\DriverToolkit
    Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pinyin.sogou.com
    Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shouji.sogou.com
    Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sogou.com
    Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pinyin.sogou.com
    Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shouji.sogou.com
    Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sogou.com


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    SearchProvider deleted: AOL 搜尋 - slirsredirect.search.aol.com


    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [5476 B] - [2017/9/20 2:55:47]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Thank you for the headsup on MBAM.


    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~

    Emsisoft Emergency Kit

    Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
    1. After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
    2. The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
    3. When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
    4. When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
    5. When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
    6. Please save the log in Notepad on your desktop and post the contents in your next reply.
    7. When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.


    please post
    JRT.txt
    Emsisoft log


    How is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •