1. #1

    Unhappy infected win 10

    my pc is heavily infected to the extent that i notice some weird things on my eset sometimes
    and both it and malwarebytes antimalware found no infection they stated it as "clean"..

    the biggest issue is with my favorite browser that seems to be the most infected thing in this computer
    my Firefox browser.. no matter how many times i "REINSTALL" it or "REST" it to factory settings..
    i still feel that it is infected..
    proof: it is the only browser that shows up this massage:
    http://i.imgur.com/1me1KgP.png
    on any "https" site.. it appears from time to time.. and only WITH THIS BROWSER.
    if not, it appears broken(black and white; only black text with a white background, no images, no scripts, no colors)
    i guess that my alt pc's current state is hopeless q_q
    it has been like that for months
    help will be greatly appreciated..

    LOGS:

    FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
    Ran by ali (administrator) on ALI-PC (06-06-2016 04:04:57)
    Running from C:\Users\ali\Desktop
    Loaded Profiles: ali (Available Profiles: ali)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.20961.0_x64__8wekyb3d8bbwe\Video.UI.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe




    ==================== Registry (Whitelisted) ===========================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
    HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [771912 2015-11-21] (Kingsoft Corporation)
    HKU\S-1-5-21-3590428581-3526703336-596877012-1000\...\Run: [Steam] => D:\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
    HKU\S-1-5-21-3590428581-3526703336-596877012-1000\...\MountPoints2: {bd7eb6d3-cb85-11e5-ac17-902b342550a4} - "H:\VZW_Software_upgrade_assistant.exe"
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-08-19]
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-05-28]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 41.128.225.225 41.128.225.226 192.168.1.1
    Tcpip\..\Interfaces\{7d51bef2-afb5-47d4-8021-28be573c65e4}: [DhcpNameServer] 41.128.225.225 41.128.225.226 192.168.1.1


    Internet Explorer:
    ==================
    HKU\S-1-5-21-3590428581-3526703336-596877012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ye1.org/
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)


    Edge:
    ======
    Edge HomeButtonPage: HKU\S-1-5-21-3590428581-3526703336-596877012-1000 -> hxxp://www.ye1.org/


    FireFox:
    ========
    FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\vb1j5ulj.default-1455993501314
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-30] ()
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-30] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
    FF HKU\S-1-5-21-3590428581-3526703336-596877012-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found


    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.aden-today.net/"
    CHR Profile: C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12]
    CHR Extension: (Google Drive) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12]
    CHR Extension: (YouTube) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12]
    CHR Extension: (Adblock Plus) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-03]
    CHR Extension: (Google Search) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12]
    CHR Extension: (Google Sheets) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12]
    CHR Extension: (Google Docs Offline) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Flatbook) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-06-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
    CHR Extension: (Gmail) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>


    ==================== Services (Whitelisted) ========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    S4 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2015-11-21] (Kingsoft Corporation)
    S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-11-21] (EasyAntiCheat Ltd)
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-05-25] (ESET)
    R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
    S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
    S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]


    ===================== Drivers (Whitelisted) ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
    R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-03-18] (ESET)
    S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
    R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
    R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-03-18] (ESET)
    R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-03-18] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-03-18] (ESET)
    S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-11-21] (Kingsoft Corporation)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2016-05-16] (Malwarebytes Corporation)
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202656 2016-04-30] (Zemana Ltd.)
    U4 aspnet_state; no ImagePath
    S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
    U3 wpcsvc; no ImagePath
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]


    ========================== Drivers MD5 =======================


    C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
    C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
    C:\Windows\System32\drivers\ACPI.sys 469441BAE3FF8A16826FC62C51EF5E18
    C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
    C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
    C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
    C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
    C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
    C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7
    C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
    C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
    C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
    C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
    C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
    C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
    C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
    C:\Windows\System32\drivers\appid.sys EDDB0D726DBECDFC1DBCC6DB464E5A13
    C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
    C:\Windows\System32\drivers\aswTap.sys E4ABC023E251D2BB6B98C9FCAF5CF16D
    C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
    C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
    C:\Windows\System32\drivers\athwnx.sys F1F16542AC6404DDC44A447A875AD13A
    C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
    C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
    C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
    C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
    C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
    C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
    C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
    C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
    C:\Windows\System32\drivers\BthEnum.sys A0718F7B48F08347800FB29844A6AF91
    C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
    C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
    C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
    C:\Windows\System32\drivers\bthpan.sys 09C3DB1B137B269A822F941D867A6BB6
    C:\Windows\System32\drivers\BTHport.sys A289FE26F5D8B5121D84DDEE6241CC26
    C:\Windows\System32\drivers\BTHUSB.sys 281439D412441B2A39B63D20EE3E5D88
    C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
    C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2
    C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
    C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
    C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
    C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
    C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
    C:\Windows\System32\Drivers\cng.sys 3B866F8CB10719A5AF9E410B1B149714
    C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
    C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
    C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
    C:\Windows\System32\Drivers\dfsc.sys 935823F79CBEDB91637B63D37E3A5A36
    C:\Windows\system32\DRIVERS\ssudbus.sys 85137571AEC8AC757D497B9DD30D544D
    C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
    C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
    C:\Windows\System32\drivers\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
    C:\Windows\System32\drivers\dxgkrnl.sys 48D8729FACC784900B831212AE56F824
    C:\Windows\System32\DRIVERS\eamonm.sys B4B52D2D4976FB06C53DCC6F476EAE2F
    C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
    C:\Windows\System32\DRIVERS\eelam.sys 86F4D86CD3ABBD75EB578A91C403FF93
    C:\Windows\system32\DRIVERS\ehdrv.sys 2072E5C612C0C178A1E725433EB4E7EB
    C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
    C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
    C:\Windows\system32\DRIVERS\ekbdflt.sys 70350E9D75CE4479AA1A046887F11519
    C:\Windows\system32\DRIVERS\epfw.sys D0268AFCBE7E16A30D4C7A0D91526BD1
    C:\Windows\system32\DRIVERS\EpfwLWF.sys 6B19C4B37E06E275D9AE54F06B1DEAAA
    C:\Windows\System32\DRIVERS\epfwwfp.sys 75815E12D7B8209BD26E8DC4E6708A4F
    C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
    C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
    C:\Windows\System32\Drivers\fastfat.sys C330883C06E2D4CE4F6982F048265D37
    C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
    C:\Windows\System32\drivers\filecrypt.sys 8F2523C9D8F1448FF2156452AF60FA00
    C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
    C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
    C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
    C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
    C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
    C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
    C:\Windows\System32\DRIVERS\fvevol.sys 50DFE05C698E9B0A63D95E3D669A105C
    C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
    C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
    C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
    C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
    C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
    C:\Windows\system32\DRIVERS\HdAudio.sys 0F93EBE9071A6BB1548BF0F816EEA24B
    C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
    C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
    C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
    C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
    C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
    C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
    C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
    C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
    C:\Windows\System32\drivers\HTTP.sys 63C3F74DC398A1C1A77E39DFB9C312CA
    C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
    C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
    C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
    C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
    C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
    C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
    C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
    C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
    C:\Windows\system32\DRIVERS\igdkmd64.sys 83915E05E168AB63B48302F7DC5D8E00
    C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
    C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
    C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
    C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
    C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
    C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
    C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
    C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
    C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
    C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
    C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
    C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
    C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
    C:\Windows\system32\drivers\ksapi64.sys 6968FC608A61791C13CEFE6C8496CBD2
    C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
    C:\Windows\System32\Drivers\ksecpkg.sys 7D8B9214692C4D0F1646215D9984E19A
    C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
    C:\Windows\System32\drivers\L1C63x64.sys 4E444F41E69BBE2E0BAE34D5DFCB5732
    C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
    C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
    C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
    C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
    C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
    C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
    C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys E9CD058C79EA15B4AA93E259FA713B07
    C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
    C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
    C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
    C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
    C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
    C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
    C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
    C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
    C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
    C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
    C:\Windows\system32\drivers\mrxdav.sys BF6CA7EA5ECD6CF72D3D76652A9B8280
    C:\Windows\System32\DRIVERS\mrxsmb.sys 0B3B0C1D86050355676640488FA897D3
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 1A490555FD330CA2764D89191177C867
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
    C:\Windows\System32\drivers\bridge.sys A4411C522D41707D5BCA817A5BB9E30B
    C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
    C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
    C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
    C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
    C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
    C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
    C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
    C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
    C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
    C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
    C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
    C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
    C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
    C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
    C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
    C:\Windows\System32\DRIVERS\nwifi.sys AA4CD20708B7E0412A5316D7E2875103
    C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
    C:\Windows\System32\drivers\ndis.sys E582DA849A58524E645545FB68B6625D
    C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
    C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
    C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
    C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
    C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
    C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
    C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
    C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
    C:\Windows\System32\drivers\Ndu.sys D358DF634F52247CB43F0781218F4D6E
    C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
    C:\Windows\System32\DRIVERS\netbt.sys F51C02D992A8D6BC5EC4D990F227D4C7
    C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
    C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
    C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
    C:\Windows\System32\Drivers\NTFS.sys 19BD8A88AAC580592668B070AC0727D9
    C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
    C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
    C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
    C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
    C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
    C:\Windows\System32\drivers\partmgr.sys 24AC0FD10325FBC2303B29A5F237AEB0
    C:\Windows\System32\drivers\pci.sys CFFE69B6C276A3418687109EA8AC9E7D
    C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
    C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
    C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
    C:\Windows\System32\drivers\pdc.sys 67B9684B8272D5EBD1CCBB1DBD425EC8
    C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
    C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
    C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
    C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
    C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
    C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
    C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
    C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
    C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
    C:\Windows\System32\drivers\rasl2tp.sys E3C82823B22463BC38AA4F8ADA852624
    C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
    C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
    C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9
    C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
    C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
    C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
    C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
    C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
    C:\Windows\System32\drivers\rfcomm.sys AEEF76F938188EBF27DF70C1806877F2
    C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
    C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
    C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
    C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
    C:\Windows\system32\drivers\ScreamingBAudio64.sys 8B56BDCE6A303DDE63D63440D1CF9AD1
    C:\Windows\System32\drivers\sdbus.sys B24408471C1BCB17FC44F5B47EA8DEA3
    C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13
    C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
    C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
    C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
    C:\Windows\System32\drivers\serial.sys 249A563C48DFD9E42A37587653E003BB
    C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
    C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
    C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
    C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
    C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
    C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
    C:\Windows\System32\DRIVERS\srv.sys ACC1709EC7FE6EB8999DBC91C50C2B34
    C:\Windows\System32\DRIVERS\srv2.sys AFBCFC946FAE7483E27BD316D03F94A5
    C:\Windows\System32\DRIVERS\srvnet.sys 107C1EBE79710E4A759449BD6604245A
    C:\Windows\system32\DRIVERS\ssudmdm.sys 36C3697CA09B23C77BDF95A6B0B57310
    C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
    C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
    C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
    C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
    C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
    C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
    C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
    C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
    C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
    C:\Windows\System32\drivers\tcpip.sys 083A727D784009F9CCFB120C7841B7AF
    C:\Windows\System32\drivers\tcpip.sys 083A727D784009F9CCFB120C7841B7AF
    C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
    C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D
    C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
    C:\Windows\System32\drivers\tpm.sys 169B0A246067457FEF8A18EED7EED9D5
    C:\Windows\System32\drivers\TsUsbFlt.sys 48E828C66AB016E48F2CB4DD585315FD
    C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
    C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
    C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
    C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
    C:\Windows\System32\Drivers\UcmCx.sys 82D3B1F4D80057826AA649D78147DE36
    C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
    C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
    C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
    C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
    C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
    C:\Windows\System32\drivers\ufx01000.sys 28B8E1C6CBCF9FFE2FABFF3160C26ADF
    C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
    C:\Windows\System32\drivers\ufxsynopsys.sys 2A87EA182EA333D79AA0B03833EA67F2
    C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
    C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
    C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
    C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
    C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
    C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
    C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
    C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
    C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
    C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
    C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
    C:\Windows\System32\drivers\UsbHub3.sys E7463CE8579A0418A98BE9BE42C647D7
    C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
    C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
    C:\Windows\System32\drivers\usbser.sys 4AAD6547953D373A1EB5B2DF583D868B
    C:\Windows\System32\drivers\USBSTOR.SYS 8949F77132A4F8F3BA17C6727099F002
    C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
    C:\Windows\System32\drivers\USBXHCI.SYS 9E9D58F5E1702955B2F4D62996F80E8E
    C:\Windows\System32\drivers\usb8023x.sys FECB9A2BDE6DB505C346490C3746FEEA
    C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
    C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
    C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
    C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
    C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
    C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
    C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
    C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
    C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
    C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
    C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
    C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
    C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
    C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
    C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
    C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
    C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
    C:\Windows\system32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
    C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
    C:\Windows\system32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
    C:\Windows\System32\DRIVERS\wdiwifi.sys 2BC2E99623119521EEF7910A11D0FDE0
    C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
    C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
    C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4
    C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
    C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
    C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
    C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
    C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
    C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
    C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
    C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
    C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1
    C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
    C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
    C:\Windows\System32\drivers\WudfRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
    C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
    C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
    C:\Windows\System32\drivers\xboxgip.sys F279536122B83FD0D8E158AA753E1B7C
    C:\Windows\System32\drivers\xinputhid.sys DA0807D87A62D076C29C4E30F1E84F46
    C:\WINDOWS\System32\drivers\zamguard64.sys 97FB225914D1C3F29D38703A22AB494D


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-06-06 04:04 - 2016-06-06 04:05 - 00034637 _____ C:\Users\ali\Desktop\FRST.txt
    2016-06-06 04:03 - 2016-06-06 04:04 - 00000000 ____D C:\FRST
    2016-06-06 03:42 - 2016-06-06 03:42 - 00898560 _____ C:\Users\ali\Desktop\RGSA.exe
    2016-06-06 03:41 - 2016-06-06 03:42 - 02384896 _____ (Farbar) C:\Users\ali\Desktop\FRST64.exe
    2016-06-06 03:14 - 2016-06-06 03:14 - 00003938 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1465175694
    2016-06-06 03:14 - 2016-06-06 03:14 - 00001204 _____ C:\Users\Public\Desktop\Opera.lnk
    2016-06-06 03:14 - 2016-06-06 03:14 - 00001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2016-06-06 03:13 - 2016-06-06 03:15 - 00000000 ____D C:\Program Files (x86)\Opera
    2016-06-06 03:09 - 2016-06-06 03:13 - 00922496 _____ (Opera Software) C:\Users\ali\Downloads\OperaSetup.exe
    2016-05-31 20:40 - 2016-06-01 00:21 - 00000000 ____D C:\Users\ali\AppData\Roaming\Apple Computer
    2016-05-31 20:40 - 2016-05-31 20:40 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-05-31 20:40 - 2016-05-31 20:40 - 00000000 ____D C:\Users\ali\AppData\Local\Apple Computer
    2016-05-31 20:40 - 2016-05-31 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-05-31 20:40 - 2016-05-31 20:40 - 00000000 ____D C:\ProgramData\Apple Computer
    2016-05-31 20:40 - 2016-05-31 20:40 - 00000000 ____D C:\Program Files\iTunes
    2016-05-31 20:40 - 2016-05-31 20:40 - 00000000 ____D C:\Program Files\iPod
    2016-05-31 20:40 - 2016-05-31 20:40 - 00000000 ____D C:\Program Files (x86)\iTunes
    2016-05-31 20:39 - 2016-05-31 20:39 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-05-31 20:39 - 2016-05-31 20:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2016-05-31 20:39 - 2016-05-31 20:39 - 00000000 ____D C:\Users\ali\AppData\Local\Apple
    2016-05-31 20:39 - 2016-05-31 20:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2016-05-31 20:38 - 2016-05-31 20:40 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-05-31 20:38 - 2016-05-31 20:39 - 00000000 ____D C:\ProgramData\Apple
    2016-05-31 20:38 - 2016-05-31 20:38 - 00000000 ____D C:\Program Files\Bonjour
    2016-05-31 20:38 - 2016-05-31 20:38 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2016-05-31 18:18 - 2016-05-31 20:37 - 170490696 _____ (Apple Inc.) C:\Users\ali\Downloads\iTunes6464Setup.exe
    2016-05-30 21:06 - 2016-05-30 21:06 - 00025278 _____ C:\Users\ali\Downloads\download_youtube_videos_as_mp4-1.8.7-sm+fx.xpi
    2016-05-30 21:03 - 2016-05-30 21:03 - 00097981 _____ C:\Users\ali\Downloads\youtube_flash_video_player-46.0-sm+fx.xpi
    2016-05-30 21:03 - 2016-05-30 21:03 - 00005899 _____ C:\Users\ali\Downloads\youtube_html5_player-1.10-fx.xpi
    2016-05-30 21:01 - 2016-05-30 21:01 - 00032003 _____ C:\Users\ali\Downloads\youtube_html5_video-0.7.1-fx.xpi
    2016-05-30 20:54 - 2016-05-30 20:54 - 00085786 _____ C:\Users\ali\Downloads\1_click_youtube_video_download-2.4.0.4-sm+fx (1).xpi
    2016-05-30 20:49 - 2016-05-30 20:49 - 00085786 _____ C:\Users\ali\Downloads\1_click_youtube_video_download-2.4.0.4-sm+fx.xpi
    2016-05-30 19:24 - 2016-05-30 19:24 - 00121760 _____ C:\Users\ali\Downloads\xenForo-AR (1).zip
    2016-05-28 21:40 - 2016-05-28 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-05-28 21:40 - 2016-05-28 21:40 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-05-28 13:50 - 2016-05-28 13:50 - 00121760 _____ C:\Users\ali\Downloads\xenForo-AR.zip
    2016-05-27 21:10 - 2016-05-27 21:10 - 00000000 ____D C:\Users\ali\AppData\Roaming\.mono
    2016-05-27 09:36 - 2016-05-27 09:36 - 00001250 _____ C:\Users\Public\Desktop\Hearthstone.lnk
    2016-05-27 09:36 - 2016-05-27 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
    2016-05-27 09:01 - 2016-05-27 09:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
    2016-05-27 08:49 - 2016-05-28 06:40 - 00000000 __SHD C:\found.000
    2016-05-26 21:06 - 2016-05-31 01:06 - 00000000 ____D C:\Users\ali\AppData\Local\Battle.net
    2016-05-26 20:42 - 2016-05-30 22:59 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-05-26 20:42 - 2016-05-26 21:06 - 00000000 ____D C:\Users\ali\AppData\Roaming\Battle.net
    2016-05-26 20:38 - 2016-05-26 20:42 - 03204592 _____ (Blizzard Entertainment) C:\Users\ali\Downloads\Hearthstone-Setup (1).exe
    2016-05-25 15:47 - 2016-05-25 15:48 - 00000000 ____D C:\Users\ali\AppData\Local\tkdata
    2016-05-25 15:46 - 2016-06-02 20:10 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
    2016-05-25 15:46 - 2016-05-25 15:46 - 00001225 _____ C:\Users\Public\Desktop\True Key.lnk
    2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\ProgramData\TrueKey
    2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\Program Files\Intel Security
    2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\Program Files\Intel
    2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\Program Files\Common Files\Intel
    2016-05-25 15:45 - 2016-06-04 21:05 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-05-25 15:45 - 2016-05-27 02:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2016-05-25 15:45 - 2016-05-25 15:45 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-05-25 15:33 - 2016-06-04 21:04 - 00000000 ____D C:\Program Files\TrueKey
    2016-05-25 15:33 - 2016-05-29 16:01 - 00000000 ____D C:\ProgramData\McAfee
    2016-05-25 15:33 - 2016-05-28 21:40 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-05-25 15:33 - 2016-05-25 15:33 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2016-05-25 15:31 - 2016-05-30 21:31 - 00000000 ____D C:\Users\ali\AppData\Local\Adobe
    2016-05-24 15:12 - 2016-05-24 15:12 - 06513888 _____ (Tim Kosse) C:\Users\ali\Downloads\FileZilla_3.17.0.1_win64-setup.exe
    2016-05-22 15:12 - 2016-06-04 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-05-22 03:40 - 2016-05-22 03:40 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
    2016-05-22 03:40 - 2016-05-22 03:40 - 00000000 ____D C:\Users\ali\AppData\LocalLow\Google
    2016-05-22 03:38 - 2016-05-22 03:38 - 00987728 _____ (Google Inc.) C:\Users\ali\Downloads\GoogleEarthSetup.exe
    2016-05-22 03:33 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-05-22 03:33 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-05-22 03:33 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-05-22 03:33 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-05-22 03:33 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-05-22 03:33 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-05-22 03:33 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-05-22 03:33 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-05-22 03:33 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-05-22 03:33 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-05-22 03:33 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-05-22 03:33 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-05-22 03:33 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-05-22 03:33 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-05-22 03:33 - 2016-04-23 06:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-05-22 03:33 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-05-22 03:33 - 2016-04-23 06:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2016-05-22 03:33 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-05-22 03:33 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-05-22 03:33 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-05-22 03:33 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-05-22 03:33 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-05-22 03:33 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-05-22 03:33 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-05-22 03:33 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-05-22 03:33 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-05-22 03:33 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-05-22 03:33 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-05-22 03:33 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-05-22 03:33 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-05-22 03:33 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-05-22 03:33 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-05-22 03:33 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-05-22 03:33 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-05-22 03:33 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-05-22 03:33 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-05-22 03:33 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-05-22 03:33 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-05-22 03:33 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-05-22 03:33 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-05-22 03:33 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-05-22 03:33 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-05-22 03:33 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-05-22 03:33 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-05-22 03:33 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-05-22 03:33 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-05-22 03:33 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-05-22 03:33 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-05-22 03:32 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
    2016-05-22 03:32 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-05-22 03:32 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-05-22 03:32 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-05-22 03:32 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2016-05-22 03:32 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-05-22 03:32 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-05-22 03:32 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2016-05-22 03:32 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-05-22 03:32 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-05-22 03:32 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-05-22 03:32 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-05-22 03:32 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-05-22 03:32 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-05-22 03:32 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-05-22 03:32 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-05-22 03:32 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-05-22 03:32 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-05-22 03:32 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-05-22 03:32 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-05-22 03:32 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-05-22 03:32 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2016-05-22 03:32 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-05-22 03:32 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2016-05-22 03:32 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-05-22 03:32 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-05-22 03:32 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-05-22 03:32 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2016-05-22 03:32 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-05-22 03:32 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-05-22 03:32 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-05-22 03:32 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-05-22 03:32 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-05-22 03:32 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-05-22 03:32 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-05-22 03:32 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-05-22 03:32 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
    2016-05-22 03:32 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-05-22 03:32 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-05-22 03:32 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-05-22 03:32 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-05-22 03:32 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-05-22 03:32 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-05-22 03:32 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-05-22 03:32 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2016-05-22 03:32 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2016-05-22 03:32 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2016-05-22 03:32 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-05-22 03:32 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-05-22 03:32 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-05-22 03:32 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-05-22 03:32 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2016-05-22 03:32 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-05-22 03:32 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-05-22 03:32 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2016-05-22 03:32 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2016-05-22 03:32 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2016-05-22 03:32 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-05-22 03:32 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-05-22 03:32 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-05-22 03:32 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
    2016-05-22 03:32 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-05-22 03:32 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-05-22 03:32 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
    2016-05-22 03:32 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-05-22 03:32 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2016-05-22 03:32 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
    2016-05-22 03:32 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-05-22 03:32 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-05-22 03:32 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-05-22 03:32 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-05-22 03:32 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
    2016-05-22 03:32 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-05-22 03:32 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-05-22 03:32 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2016-05-22 03:32 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2016-05-22 03:32 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
    2016-05-22 03:32 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-05-22 03:32 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-05-22 03:32 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-05-22 03:32 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-05-22 03:32 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-05-22 03:32 - 2016-04-23 06:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2016-05-22 03:32 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-05-22 03:32 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-05-22 03:32 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-05-22 03:32 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
    2016-05-22 03:32 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-05-22 03:32 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-05-22 03:32 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
    2016-05-22 03:32 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
    2016-05-22 03:32 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-05-22 03:32 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2016-05-22 03:32 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-05-22 03:32 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-05-22 03:32 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-05-22 03:32 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
    2016-05-22 03:32 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2016-05-22 03:32 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
    2016-05-22 03:32 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-05-22 03:32 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2016-05-22 03:32 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-05-22 03:32 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-05-22 03:32 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-05-22 03:32 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-05-22 03:32 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-05-22 03:32 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-05-22 03:32 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-05-22 03:32 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-05-22 03:32 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-05-22 03:32 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2016-05-22 03:32 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2016-05-22 03:32 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-05-22 03:32 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-05-22 03:32 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-05-22 03:32 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
    2016-05-22 03:32 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2016-05-22 03:32 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-05-22 03:32 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-05-22 03:32 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-05-22 03:32 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-05-22 03:32 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-05-22 03:32 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-05-22 03:32 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-05-22 03:32 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-05-22 03:32 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-05-22 03:32 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-05-22 03:32 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2016-05-22 03:32 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-05-22 03:32 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-05-22 03:32 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-05-22 03:32 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-05-22 03:32 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
    2016-05-22 03:32 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-05-22 03:32 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-05-22 03:32 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2016-05-22 03:32 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-05-22 03:32 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-05-22 03:32 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2016-05-22 03:32 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-05-22 03:32 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-05-22 03:32 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-05-22 03:32 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-05-22 03:32 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2016-05-22 03:32 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-05-22 03:32 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-05-22 03:32 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2016-05-22 03:32 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-05-22 03:32 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2016-05-22 03:32 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-05-22 03:32 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-05-22 03:32 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-05-22 03:32 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-05-22 03:32 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-05-22 03:32 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-05-22 03:32 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-05-22 03:32 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-05-22 03:32 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-05-22 03:32 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-05-22 03:32 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-05-22 03:32 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2016-05-22 03:32 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-05-22 03:32 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-05-22 03:32 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-05-22 03:32 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-05-22 03:32 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-05-22 03:32 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-05-22 03:32 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2016-05-22 03:32 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2016-05-22 03:32 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-05-22 03:32 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-05-22 03:32 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-05-22 03:32 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-05-22 03:32 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-05-22 03:32 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-05-22 03:32 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-05-22 03:32 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-05-22 03:32 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-05-22 03:32 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-05-22 03:32 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-05-22 03:32 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-05-22 03:32 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
    2016-05-22 03:32 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
    2016-05-22 03:32 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-05-22 03:32 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
    2016-05-22 03:32 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2016-05-22 03:32 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-05-22 03:32 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2016-05-22 03:32 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
    2016-05-22 03:32 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-05-22 03:32 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-05-22 03:32 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-05-22 03:32 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-05-22 03:32 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-05-22 03:32 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-05-22 03:32 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-05-22 03:32 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-05-22 03:32 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-05-22 03:32 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2016-05-22 03:32 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2016-05-22 03:32 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2016-05-22 03:32 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-05-22 03:32 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-05-22 03:32 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-05-22 03:32 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2016-05-22 03:32 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
    2016-05-22 03:32 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-05-22 03:32 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-05-22 03:32 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-05-22 03:32 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-05-22 03:32 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-05-22 03:32 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2016-05-22 03:32 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
    2016-05-22 03:32 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
    2016-05-22 03:32 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-05-22 03:32 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2016-05-22 03:32 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
    2016-05-22 03:32 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
    2016-05-22 03:32 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-05-22 03:32 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-05-22 03:32 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
    2016-05-22 03:32 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
    2016-05-22 03:32 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-05-22 03:32 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
    2016-05-22 03:32 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2016-05-22 03:32 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-05-22 03:32 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-05-22 03:32 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-05-22 03:32 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2016-05-22 03:32 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
    2016-05-22 03:32 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
    2016-05-22 03:32 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-05-22 03:32 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-05-22 03:32 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2016-05-22 03:32 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2016-05-22 03:32 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-05-22 03:32 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2016-05-22 03:32 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
    2016-05-22 03:32 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
    2016-05-22 03:32 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2016-05-22 03:32 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-05-22 03:32 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
    2016-05-22 03:32 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2016-05-22 03:32 - 2016-03-29 09:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
    2016-05-22 03:32 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-05-22 03:32 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-05-22 03:32 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
    2016-05-22 03:32 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2016-05-22 03:32 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-05-22 03:32 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2016-05-22 03:32 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-05-22 03:32 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
    2016-05-22 03:32 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2016-05-22 03:32 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2016-05-22 03:32 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-05-22 03:32 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-05-22 03:32 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
    2016-05-22 03:32 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2016-05-22 03:32 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-05-22 03:32 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2016-05-22 03:32 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2016-05-22 03:32 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2016-05-22 03:32 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2016-05-22 03:32 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-05-22 03:32 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-05-22 03:32 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-05-22 03:32 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2016-05-22 03:32 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-05-22 03:32 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
    2016-05-22 03:32 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-05-22 03:32 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-05-22 03:32 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2016-05-22 03:32 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
    2016-05-22 03:32 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
    2016-05-22 03:32 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-05-22 03:32 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
    2016-05-22 03:32 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
    2016-05-22 03:32 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2016-05-22 03:32 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-05-22 03:32 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-05-22 03:32 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-05-22 03:32 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2016-05-22 03:32 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-05-22 03:32 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2016-05-22 03:32 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
    2016-05-22 03:32 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2016-05-22 03:32 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2016-05-22 03:32 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-05-22 03:32 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-05-22 03:32 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-05-22 03:32 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2016-05-22 03:32 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-05-22 03:32 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2016-05-22 03:32 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-05-22 03:32 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
    2016-05-22 03:32 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
    2016-05-22 03:32 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2016-05-22 03:32 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-05-22 03:32 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-05-22 03:32 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-05-22 03:32 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-05-22 03:32 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
    2016-05-22 03:32 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-05-22 03:32 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-05-22 03:32 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
    2016-05-22 03:32 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-05-22 03:32 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-05-22 03:32 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2016-05-22 03:32 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
    2016-05-22 03:32 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2016-05-22 03:32 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2016-05-22 03:32 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2016-05-22 03:32 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-05-22 03:32 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
    2016-05-22 03:32 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
    2016-05-22 03:32 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-05-22 03:32 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2016-05-22 03:32 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2016-05-22 03:32 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
    2016-05-22 03:32 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2016-05-22 03:32 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-05-22 03:32 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-05-22 03:32 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2016-05-22 03:32 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-05-22 03:32 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2016-05-22 03:32 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-05-22 03:32 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2016-05-22 03:32 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-05-22 03:32 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-05-22 03:32 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-05-22 03:32 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2016-05-22 03:32 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-05-22 03:32 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-05-22 03:32 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-05-22 03:32 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-05-22 03:32 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-05-22 03:32 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-05-22 03:32 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-05-22 03:32 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-05-22 03:32 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-05-22 03:32 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-05-22 03:32 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2016-05-22 03:32 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-05-22 03:32 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-05-22 03:32 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
    2016-05-22 03:32 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2016-05-22 03:32 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-05-22 03:32 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-05-22 03:32 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2016-05-22 03:32 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2016-05-22 03:32 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-05-22 03:32 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2016-05-22 03:32 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-05-22 03:32 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-05-22 03:32 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
    2016-05-22 03:32 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-05-22 03:32 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-05-22 03:32 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-05-22 03:32 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-05-22 03:32 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2016-05-22 03:32 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2016-05-22 03:32 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2016-05-22 03:32 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-05-22 03:32 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2016-05-22 03:32 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-05-22 03:32 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2016-05-22 03:32 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
    2016-05-19 19:56 - 2016-05-19 19:56 - 00000860 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1b1f7c168cfdd.job
    2016-05-16 15:59 - 2016-05-16 15:59 - 00000000 ____D C:\Users\ali\AppData\Local\ActiveSync
    2016-05-16 15:48 - 2016-05-16 15:48 - 00097830 _____ C:\Users\ali\Documents\هارد دسك[Converted].xps
    2016-05-16 15:47 - 2016-05-16 15:48 - 00097038 ____T C:\Users\ali\Documents\هارد دسك.oxps


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-06-06 03:53 - 2016-02-12 20:48 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-06 03:15 - 2016-04-29 23:11 - 00000000 ____D C:\Users\ali\AppData\Local\Opera Software
    2016-06-06 03:14 - 2016-04-29 23:11 - 00000000 ____D C:\Users\ali\AppData\Roaming\Opera Software
    2016-06-06 03:12 - 2016-03-02 16:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-06-05 22:10 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
    2016-06-05 22:09 - 2016-02-12 20:48 - 00000860 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-05 17:24 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-06-05 10:12 - 2016-02-05 01:01 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{28AD0CDA-F890-4378-918C-2C25A3B72713}
    2016-06-05 03:20 - 2015-12-23 10:37 - 00000000 ____D C:\Users\ali
    2016-06-04 22:02 - 2016-02-07 15:55 - 00000000 ____D C:\Users\ali\AppData\Local\CrashDumps
    2016-06-04 21:09 - 2015-12-23 10:48 - 00948082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-06-04 21:05 - 2015-12-23 10:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-06-04 21:04 - 2016-04-30 00:00 - 00000119 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2016-06-04 17:46 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-06-03 20:16 - 2015-08-19 15:36 - 00000000 ____D C:\Users\ali\AppData\Roaming\vlc
    2016-06-01 19:36 - 2016-02-20 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-05-30 20:30 - 2016-02-20 21:27 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-05-30 20:30 - 2016-02-20 21:27 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-05-30 19:31 - 2015-08-19 15:32 - 00000000 ____D C:\Users\ali\AppData\Roaming\FileZilla
    2016-05-27 08:34 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-05-26 17:09 - 2015-08-20 04:39 - 00000600 _____ C:\Users\ali\AppData\Local\PUTTY.RND
    2016-05-25 15:45 - 2015-11-21 19:17 - 00000000 ____D C:\ProgramData\Package Cache
    2016-05-24 15:43 - 2015-08-19 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2016-05-24 15:43 - 2015-08-19 15:32 - 00000000 ____D C:\Program Files\FileZilla FTP Client
    2016-05-24 08:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-05-24 07:56 - 2015-09-23 02:36 - 00000000 ____D C:\Users\ali\AppData\Local\ElevatedDiagnostics
    2016-05-22 13:44 - 2015-12-23 10:45 - 00000000 ____D C:\Users\ali\AppData\Local\Packages
    2016-05-22 13:29 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-05-22 13:20 - 2015-12-23 10:46 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-05-22 13:17 - 2015-10-30 11:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-05-22 13:17 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-05-22 13:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-05-22 13:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-05-22 13:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-05-22 13:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-05-22 13:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-05-22 13:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-05-22 10:37 - 2015-08-19 02:56 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-05-22 10:32 - 2015-08-19 02:56 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-05-22 03:58 - 2016-02-12 20:50 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-05-22 03:58 - 2016-02-12 20:50 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-05-22 03:40 - 2016-02-12 20:48 - 00000000 ____D C:\Program Files (x86)\Google
    2016-05-16 16:00 - 2016-04-30 00:39 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2016-05-16 15:57 - 2016-04-30 00:00 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2016-05-16 15:56 - 2016-04-29 23:10 - 00000000 ____D C:\Program Files (x86)\Opera beta
    2016-05-16 15:56 - 2016-01-14 14:59 - 00000000 ____D C:\Users\ali\AppData\Roaming\DMCache
    2016-05-16 15:55 - 2016-04-30 00:00 - 00023268 _____ C:\WINDOWS\ZAM.krnl.trace
    2016-05-16 15:54 - 2016-02-07 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-05-16 15:52 - 2016-02-07 03:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-05-16 15:44 - 2016-02-07 03:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl


    ==================== Files in the root of some directories =======


    2015-08-20 04:39 - 2016-05-26 17:09 - 0000600 _____ () C:\Users\ali\AppData\Local\PUTTY.RND


    ==================== Bamital & volsnap =================


    (There is no automatic fix for files that do not pass verification.)


    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    ==================== BCD ================================


    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=\Device\HarddiskVolume2
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {current}
    resumeobject {70ef647b-a9a3-11e5-9655-e812555bd899}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30


    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \WINDOWS\system32\winload.exe
    description Windows 10
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {8884496b-a9a3-11e5-9655-e812555bd899}
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    osdevice partition=C:
    systemroot \WINDOWS
    resumeobject {70ef647b-a9a3-11e5-9655-e812555bd899}
    nx OptIn
    bootmenupolicy Standard


    Windows Boot Loader
    -------------------
    identifier {8884496b-a9a3-11e5-9655-e812555bd899}
    device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{8884496c-a9a3-11e5-9655-e812555bd899}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    locale en-US
    inherit {bootloadersettings}
    displaymessage Recovery
    displaymessageoverride Recovery
    osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{8884496c-a9a3-11e5-9655-e812555bd899}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes


    Windows Boot Loader
    -------------------
    identifier {aebb45c4-4656-11e5-a3ac-cba67935fc22}
    device ramdisk=[C:]\Recovery\aebb45c4-4656-11e5-a3ac-cba67935fc22\Winre.wim,{aebb45c5-4656-11e5-a3ac-cba67935fc22}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\aebb45c4-4656-11e5-a3ac-cba67935fc22\Winre.wim,{aebb45c5-4656-11e5-a3ac-cba67935fc22}
    systemroot \windows
    nx OptIn
    winpe Yes


    Resume from Hibernate
    ---------------------
    identifier {70ef647b-a9a3-11e5-9655-e812555bd899}
    device partition=C:
    path \WINDOWS\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {8884496b-a9a3-11e5-9655-e812555bd899}
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No


    Resume from Hibernate
    ---------------------
    identifier {aebb45c2-4656-11e5-a3ac-cba67935fc22}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No


    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=\Device\HarddiskVolume2
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes


    EMS Settings
    ------------
    identifier {emssettings}
    bootems No


    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200


    RAM Defects
    -----------
    identifier {badmemory}


    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}


    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}


    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200


    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}


    Device options
    --------------
    identifier {8884496c-a9a3-11e5-9655-e812555bd899}
    description Windows Recovery
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\WindowsRE\boot.sdi


    Device options
    --------------
    identifier {aebb45c5-4656-11e5-a3ac-cba67935fc22}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\aebb45c4-4656-11e5-a3ac-cba67935fc22\boot.sdi


    Device options
    --------------
    identifier {aebb45c6-4656-11e5-a3ac-cba67935fc22}
    description Windows Setup
    ramdisksdidevice partition=C:
    ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi






    LastRegBack: 2016-06-02 07:58


    ==================== End of FRST.txt ============================

    Addition.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
    Ran by ali (2016-06-06 04:05:57)
    Running from C:\Users\ali\Desktop
    Windows 10 Home Version 1511 (X64) (2015-12-23 08:45:37)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-3590428581-3526703336-596877012-500 - Administrator - Disabled)
    ali (S-1-5-21-3590428581-3526703336-596877012-1000 - Administrator - Enabled) => C:\Users\ali
    DefaultAccount (S-1-5-21-3590428581-3526703336-596877012-503 - Limited - Disabled)
    Guest (S-1-5-21-3590428581-3526703336-596877012-501 - Limited - Disabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Creatures Of Darkness (x32 Version: 4.4.21 - Screaming Bee Inc.) Hidden
    Creatures of Darkness Voices for MorphVOX (HKLM-x32\...\{419acd1c-8046-48fe-8479-38e08a250ecf}) (Version: 4.4.21 - Screaming Bee Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
    Fantasy Voices (x32 Version: 4.4.21 - Screaming Bee Inc.) Hidden
    Fantasy Voices for MorphVOX (HKLM-x32\...\{08087054-1ff5-42aa-861d-36e1cb73f208}) (Version: 4.4.21 - Screaming Bee Inc.)
    FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse)
    Galactic Voices (x32 Version: 4.4.21 - Screaming Bee Inc.) Hidden
    Galactic Voices for MorphVOX (HKLM-x32\...\{b22615eb-d6b2-4a28-befe-cb70bc95aac7}) (Version: 4.4.21 - Screaming Bee Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.1.137.1 - Intel Security)
    iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    MorphVOX Pro (HKLM-x32\...\{92547d9e-8090-47f8-bd14-54ad87e9d617}) (Version: 4.4.32.18617 - Screaming Bee)
    MorphVOX Pro (x32 Version: 4.4.32.18617 - Screaming Bee) Hidden
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
    Opera Stable 37.0.2178.54 (HKLM-x32\...\Opera 37.0.2178.54) (Version: 37.0.2178.54 - Opera Software)
    Paint Shop Pro 5.0 (HKLM-x32\...\Paint Shop Pro 5.0) (Version: - )
    Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time) <==== ATTENTION
    Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
    Sci-Fi Voices (x32 Version: 4.4.21 - Screaming Bee Inc.) Hidden
    Sci-Fi Voices for MorphVOX (HKLM-x32\...\{eb6fd951-9f83-4a2f-8815-14052e628d89}) (Version: 4.4.21 - Screaming Bee Inc.)
    Soulbringer (HKLM-x32\...\Steam App 283310) (Version: - Infogames Europe SA)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    بريد Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    دعم تطبيقات Apple‏ (32 بت) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
    دعم تطبيقات Apple‏ (64 بت) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    معرض الصور (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-3590428581-3526703336-596877012-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ali\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {04EB08C6-241A-4BB4-8A0C-B64B4B09A4D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {172C2AEE-0CB2-47AF-BC32-3B7DBA0FAFA2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {1B6F99A8-ECE5-4EF6-A87B-CCBCBF60824C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-30] (Adobe Systems Incorporated)
    Task: {1C76E95B-E38A-4786-9A8A-E4D71F9B48E9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {2F6AF8D9-0445-4128-BF40-1CEAA0C2FBF3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {304C4E33-4D83-4B44-B9BB-87CAFAA1FE9D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {37B825C7-04EA-4E7F-8BCA-80D503083F5F} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
    Task: {3A154BC8-9770-451C-8EF0-17FEDD748172} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {3AAD942D-629D-4680-BC13-57B2F0255CED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3B756C52-E6F7-4D7A-959F-0725A434A86E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
    Task: {3C09DB83-89FF-4A96-ABBB-845E606CD48A} - \Microsoft\Windows\Setup\xtgt\refreshxtgtconfig -> No File <==== ATTENTION
    Task: {3F58ED8A-E10F-414E-BAA5-2056E96D00ED} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {405311DA-D4F1-4240-8F89-26159C7B472F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {41232D43-3FC0-44A9-ACC8-CAC793ACCF86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {4DE9A0EF-168C-47EA-9C44-2D691278FBA1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-05-22] (Microsoft Corporation)
    Task: {4F8FA9B4-A082-4EFD-884F-2C2B9C51EE25} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {5098B26C-2B2D-4473-88CC-C6F511F43FA7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {5CA6959E-1762-4FE9-AFC1-0FF6BD546FDF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {6010BA14-4059-4FC4-BF5B-8B1CD4FE39FA} - System32\Tasks\Opera scheduled Autoupdate 1465175694 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-30] (Opera Software)
    Task: {7219A89A-11DC-4297-B5D7-AE05D5B8EEF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {727DEDE0-3EFB-4614-A926-FB925A6E1CA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {742C488A-432E-4E5A-9163-4E100AA610F3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {75DDC7A3-EBD0-4261-8B84-4083E08325DB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {79459FFC-6654-4470-B224-34A0A8DC6812} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7E41AA3B-C8CB-44D5-AC02-BE6F8695AF4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {8671488D-4BD0-406E-88E0-9FF3C832E8D0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {8D353910-A28D-4BF7-9D85-EF93BCBE964B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {96C0B460-8618-4692-BCA1-CC10B70EE776} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {9B7DFAE5-89FB-4220-AF25-38DE07B3C2AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
    Task: {A298A1CF-F63C-4124-94E1-9F4E5BE8F6EC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {D0E3C5E5-C259-4E04-9CF1-B474C8FDE69C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {DDCCA35B-6A81-43F9-8B9D-C03C169D4C10} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {DE0E3A69-2057-42B0-8E4E-4F350A845A06} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E248301B-7374-44D9-8A0D-4FAB21EB6C72} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {E46D30F8-5B86-471A-9D02-4B0375859C7A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {E48A2FAA-2970-48A9-989A-FF1855B8EAAC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {E5E5114C-D9D6-4FD7-93EF-7D6F0471CC85} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {E65DAE61-7016-46ED-AAAF-8F48CFB2633B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {EDCE1D7D-A462-4D7E-99F3-AF40645BBCCE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F5F8DC8D-E438-4CD3-9A49-6404ADFF2233} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {F8BCBF60-1CC0-47CF-9CDE-CD8AE919732B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {FE3531FE-7A08-488C-9AF9-49BF0457076A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1b1f7c168cfdd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============


    2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-05-22 03:33 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-05-22 03:33 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2015-12-25 13:57 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-05-22 03:33 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-04-29 22:00 - 2016-04-29 22:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-06-03 18:35 - 2016-06-03 18:35 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-06-03 18:35 - 2016-06-03 18:35 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-06-03 18:35 - 2016-06-03 18:35 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
    2016-03-06 14:18 - 2016-03-06 14:20 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-05-22 03:32 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-05-22 03:32 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-05-22 03:32 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-05-22 03:32 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-04-29 22:00 - 2016-04-29 22:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-29 22:00 - 2016-04-29 22:02 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-14 04:34 - 2016-05-28 21:40 - 00000853 ____A C:\WINDOWS\system32\Drivers\etc\hosts




    0.0.0.1 mssplus.mcafee.com


    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-3590428581-3526703336-596877012-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
    DNS Servers: 41.128.225.225 - 41.128.225.226
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    (Currently there is no automatic fix for this section.)


    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: cmcore => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: Update service => 2
    HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
    HKLM\...\StartupApproved\Run32: => "cmsc"
    HKU\S-1-5-21-3590428581-3526703336-596877012-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3590428581-3526703336-596877012-1000\...\StartupApproved\Run: => "Steam"


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{2BD759E7-95F9-4663-8EF7-796D8D95A9DE}] => (Allow) D:\Steam\steamapps\common\Robocraft\Robocraft.exe
    FirewallRules: [{270F548E-E4B7-4CBC-8C08-55C87F6F7B39}] => (Allow) D:\Steam\steamapps\common\Robocraft\Robocraft.exe
    FirewallRules: [{55E6A834-BB39-4FC8-9FF2-DF3750048126}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{95D01CA2-1741-4F18-96BD-A13D5528B884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DF956610-158D-45C2-B5CC-12298B29A9E5}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{CFFD4EE8-9E52-4DA0-AC74-87672F990202}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{C4833D20-4436-482D-A1D4-1CC0EB5705D3}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{640E634A-6DF6-4098-9F3F-04B8BA0C68FD}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{47EA09EC-A3D8-4D0F-9869-54675EDA872B}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C64A0A4B-70EC-423C-96B1-6B0D5895C7EB}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{FF08EEB2-5D84-4DF5-9346-1D374DD1643B}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{1B78D5BB-F44E-4BE3-9048-126704881E23}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{480F75DF-6011-422B-BA32-99FB6E818AF1}] => (Allow) LPort=1900
    FirewallRules: [{1ADDE917-950C-4952-946F-4E4498174132}] => (Allow) LPort=2869
    FirewallRules: [{E448DECE-25C9-4BEF-9A7D-44BB8646D1F4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{F62D5694-5719-4F93-ACCD-8DF855522CEF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DD68685B-AB9F-4030-9AC3-47BFF605FD92}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{B782D784-4623-40C5-A652-9437E394058A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{530AEAA7-C246-4D13-8ED9-B980F83FB954}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{5E1CA1D1-B896-4073-826B-19F68455BAC9}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{C24EB144-5696-4502-8919-86B88C5AFC4D}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{369C1213-8382-4193-BF78-D0D44D82D5AD}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{325742BE-D0C0-4C6A-8D58-ACCFEF128823}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D36BFF30-3862-450A-B41F-DBD4ED2E3F75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{84402CA4-E7C8-42AF-8873-7AA7ECC011F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CF468313-8BFE-4A67-BB92-035D7F2C0F31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{98FF9C66-5CFF-458F-837F-636AC8F413A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{45295117-76BC-4275-B115-09040C39A4D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe


    ==================== Restore Points =========================


    05-06-2016 22:25:45 Scheduled Checkpoint


    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (06/06/2016 04:06:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 04:05:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 04:04:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 04:03:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 04:02:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 04:01:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 04:00:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 03:59:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 03:58:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


    Error: (06/06/2016 03:57:00 AM) (Source: ESENT) (EventID: 476) (User: )
    Description: svchost (1364) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2441216 (0x0000000000254000) (database page 595 (0x253)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.




    System errors:
    =============
    Error: (06/06/2016 03:43:42 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:43:42 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


    Error: (06/06/2016 03:15:06 AM) (Source: DCOM) (EventID: 10016) (User: ali-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ali-PCaliS-1-5-21-3590428581-3526703336-596877012-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742




    CodeIntegrity:
    ===================================
    Date: 2016-05-31 21:03:30.611
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-23 13:39:57.240
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-22 13:29:12.649
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-22 13:26:44.616
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-22 13:20:24.923
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-03-11 18:02:33.131
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-03-10 14:33:36.290
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-03-02 08:51:32.815
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-03-01 22:56:52.515
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-02-11 20:41:48.604
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Percentage of memory in use: 33%
    Total physical RAM: 3836.49 MB
    Available physical RAM: 2554.23 MB
    Total Virtual: 4732.49 MB
    Available Virtual: 3260.32 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:97.56 GB) (Free:64.25 GB) NTFS
    Drive d: () (Fixed) (Total:195.21 GB) (Free:89.8 GB) NTFS
    Drive e: () (Fixed) (Total:195.31 GB) (Free:156.35 GB) NTFS
    Drive f: () (Fixed) (Total:195.31 GB) (Free:89.21 GB) NTFS
    Drive g: () (Fixed) (Total:248.01 GB) (Free:208.35 GB) NTFS
    Drive h: () (Fixed) (Total:465.76 GB) (Free:465.56 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1EF24EC2)
    Partition 1: (Not Active) - (Size=101 MB) - (Type=42)
    Partition 2: (Not Active) - (Size=97.6 GB) - (Type=42)
    Partition 3: (Active) - (Size=100 MB) - (Type=42)
    Partition 4: (Not Active) - (Size=833.8 GB) - (Type=42)


    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 39A413CA)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

    Shortcut.txt:

    Users shortcut scan result (x64) Version:05-06-2016 02
    Ran by ali (2016-06-06 04:06:31)
    Running from C:\Users\ali\Desktop
    Boot Mode: Normal


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)










    Shortcut: C:\Users\ali\Links\Desktop.lnk -> C:\Users\ali\Desktop ()
    Shortcut: C:\Users\ali\Links\Downloads.lnk -> C:\Users\ali\Downloads ()
    Shortcut: C:\Users\ali\Desktop\PSP - Shortcut.lnk -> C:\Program Files (x86)\Paint Shop Pro 5\PSP.EXE (Jasc Software, Inc.)
    Shortcut: C:\Users\ali\Desktop\Start Tor Browser.lnk -> C:\Users\ali\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\ali\Desktop\Tor Browser\Start Tor Browser.lnk -> C:\Users\ali\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Smart Security.lnk -> C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\ali\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt ()
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\ali\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
    Shortcut: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\ali\Documents ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\ali\Downloads ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\ali\Music ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\ali\Pictures ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\ali\Videos ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\ali ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk -> C:\Program Files (x86)\Adobe\Photoshop CS\ImageReady.exe (Adobe Systems Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk -> C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe (Adobe Systems, Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Steam\Steam.exe (Valve Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee\MorphVOX Pro\MorphVOX Pro.lnk -> D:\Morphvox\MorphVOXPro.exe (Screaming Bee)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time Uninstall.lnk -> C:\Program Files (x86)\Popcorn Time\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk -> C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware إلغاء تثبيت.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\حول iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\ar.lproj\About iTunes.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files\FileZilla FTP Client\uninstall.exe (Tim Kosse)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk -> C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master\Uninst Clean Master.lnk -> C:\Program Files (x86)\cmcm\Clean Master\uni0nst.exe (Kingsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Public\Desktop\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\Users\Public\Desktop\MorphVOX Pro.lnk -> D:\Morphvox\MorphVOXPro.exe (Screaming Bee)
    Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
    Shortcut: C:\Users\Public\Desktop\Popcorn Time.lnk -> C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe ()
    Shortcut: C:\Users\Public\Desktop\Steam.lnk -> D:\Steam\Steam.exe (Valve Corporation)
    Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)








    ShortcutWithArgument: C:\Users\ali\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\ali\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Clean Master.lnk -> C:\Program Files (x86)\cmcm\Clean Master\kcleaner.exe (Kingsoft Corporation) -> -src:3
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
    ShortcutWithArgument: C:\Users\ali\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk -> C:\Program Files\Intel Security\True Key\Application\truekey.exe () -> --open-source=startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.11.309\McAfee.ico
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Banking & Payment protection.lnk -> C:\Program Files\ESET\ESET Smart Security\ecmd.exe (ESET) -> /startprotectedbrowser
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk -> C:\Program Files\ESET\ESET Smart Security\SysInspector.exe (ESET) -> /blank
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master\Clean Master.lnk -> C:\Program Files (x86)\cmcm\Clean Master\kcleaner.exe (Kingsoft Corporation) -> -src:3
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
    ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
    ShortcutWithArgument: C:\Users\Public\Desktop\Clean Master.lnk -> C:\Program Files (x86)\cmcm\Clean Master\kcleaner.exe (Kingsoft Corporation) -> -src:2
    ShortcutWithArgument: C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk -> C:\Program Files\ESET\ESET Smart Security\ecmd.exe (ESET) -> /startprotectedbrowser
    ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
    ShortcutWithArgument: C:\Users\Public\Desktop\True Key.lnk -> C:\Program Files\Intel Security\True Key\Application\truekey.exe () -> --open-source=dtopicon




    InternetURL: *removed them for privacy reasons, they were in foreign language anyway..*


    ==================== End of Shortcut.txt =============================

    SALog.txt:

    Result of Security Analysis by Rocket Grannie (x86) Updated: 28th May 2016
    Running from:C:\Users\ali\Desktop (04:17:39 - 06/06/2016)
    ***---------------------------------------------------------***
    Microsoft Windows 10 Home X64
    UAC is Enabled!
    Internet Explorer 11
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    ***-----------------Anti-Virus - Firewall-------------------***
    ESET Smart Security 9.0.349.0 (Enabled - Up to Date)
    Windows Defender (Disabled - Up to Date)
    Windows Firewall is Enabled!
    Searching for any other Firewall
    ESET Personal firewall
    ***----------------AntiSpyware - Miscellaneous---------------***
    Adobe Flash Player Plugin (version 21.0.0.242)
    Java is not installed
    Google Chrome (version 50)
    Mozilla Firefox (version 46)
    Opera (version 37)
    Windows Live Essentials (version 16.4)


    ***----------------Analysis Complete-------------------------***

    Thanks again for reading, and your interest in advance.
    Regards,
    malis2007


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: infected win 10

    Hi, malis2007.

    Your computer isn't infected. What you are seeing is explained in this Mozilla KB Article: What does "Your connection is not secure" mean?. The information regarding ESET is at How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites which refers to this ESET KB article: HTTPS websites fail to load or you receive the error message "Connection is untrusted" when using your web browser with ESET products.

    That said, there is a bit of cleanup that can be done.

    Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
    U3 wpcsvc; no ImagePath
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
    Task: {304C4E33-4D83-4B44-B9BB-87CAFAA1FE9D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {3AAD942D-629D-4680-BC13-57B2F0255CED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3C09DB83-89FF-4A96-ABBB-845E606CD48A} - \Microsoft\Windows\Setup\xtgt\refreshxtgtconfig -> No File <==== ATTENTION
    Task: {4F8FA9B4-A082-4EFD-884F-2C2B9C51EE25} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {7219A89A-11DC-4297-B5D7-AE05D5B8EEF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {742C488A-432E-4E5A-9163-4E100AA610F3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {79459FFC-6654-4470-B224-34A0A8DC6812} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7E41AA3B-C8CB-44D5-AC02-BE6F8695AF4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {DE0E3A69-2057-42B0-8E4E-4F350A845A06} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E248301B-7374-44D9-8A0D-4FAB21EB6C72} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {EDCE1D7D-A462-4D7E-99F3-AF40645BBCCE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F5F8DC8D-E438-4CD3-9A49-6404ADFF2233} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {F8BCBF60-1CC0-47CF-9CDE-CD8AE919732B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: infected win 10

    Oh my, i didn't know that ESET was the cause.. q_q
    not to mention it being this easy to fix..
    Thanks to you, my firefox is back to normal!
    i no longer face this HTTPS warning anymore(at least, so far) and i am able to(unlike before) download and install add-ons!

    Here is the Fixlog.txt:

    Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2016
    Ran by ali (2016-06-06 23:02:28) Run:1
    Running from C:\Users\ali\Desktop
    Loaded Profiles: ali (Available Profiles: ali)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
    U3 wpcsvc; no ImagePath
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
    Task: {304C4E33-4D83-4B44-B9BB-87CAFAA1FE9D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {3AAD942D-629D-4680-BC13-57B2F0255CED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3C09DB83-89FF-4A96-ABBB-845E606CD48A} - \Microsoft\Windows\Setup\xtgt\refreshxtgtconfig -> No File <==== ATTENTION
    Task: {4F8FA9B4-A082-4EFD-884F-2C2B9C51EE25} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {7219A89A-11DC-4297-B5D7-AE05D5B8EEF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {742C488A-432E-4E5A-9163-4E100AA610F3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {79459FFC-6654-4470-B224-34A0A8DC6812} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7E41AA3B-C8CB-44D5-AC02-BE6F8695AF4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {DE0E3A69-2057-42B0-8E4E-4F350A845A06} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {E248301B-7374-44D9-8A0D-4FAB21EB6C72} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {EDCE1D7D-A462-4D7E-99F3-AF40645BBCCE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F5F8DC8D-E438-4CD3-9A49-6404ADFF2233} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {F8BCBF60-1CC0-47CF-9CDE-CD8AE919732B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    EmptyTemp:
    end
    *****************


    Restore point was successfully created.
    Processes closed successfully.
    epp => service removed successfully
    wpcsvc => service removed successfully
    ZAM => service removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{304C4E33-4D83-4B44-B9BB-87CAFAA1FE9D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{304C4E33-4D83-4B44-B9BB-87CAFAA1FE9D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AAD942D-629D-4680-BC13-57B2F0255CED}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AAD942D-629D-4680-BC13-57B2F0255CED}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C09DB83-89FF-4A96-ABBB-845E606CD48A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C09DB83-89FF-4A96-ABBB-845E606CD48A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F8FA9B4-A082-4EFD-884F-2C2B9C51EE25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F8FA9B4-A082-4EFD-884F-2C2B9C51EE25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7219A89A-11DC-4297-B5D7-AE05D5B8EEF7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7219A89A-11DC-4297-B5D7-AE05D5B8EEF7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{742C488A-432E-4E5A-9163-4E100AA610F3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{742C488A-432E-4E5A-9163-4E100AA610F3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79459FFC-6654-4470-B224-34A0A8DC6812}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79459FFC-6654-4470-B224-34A0A8DC6812}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E41AA3B-C8CB-44D5-AC02-BE6F8695AF4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E41AA3B-C8CB-44D5-AC02-BE6F8695AF4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE0E3A69-2057-42B0-8E4E-4F350A845A06}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE0E3A69-2057-42B0-8E4E-4F350A845A06}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E248301B-7374-44D9-8A0D-4FAB21EB6C72}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E248301B-7374-44D9-8A0D-4FAB21EB6C72}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDCE1D7D-A462-4D7E-99F3-AF40645BBCCE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDCE1D7D-A462-4D7E-99F3-AF40645BBCCE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5F8DC8D-E438-4CD3-9A49-6404ADFF2233}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5F8DC8D-E438-4CD3-9A49-6404ADFF2233}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8BCBF60-1CC0-47CF-9CDE-CD8AE919732B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8BCBF60-1CC0-47CF-9CDE-CD8AE919732B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    EmptyTemp: => 655.1 MB temporary data Removed.




    The system needed a reboot.


    ==== End of Fixlog 23:05:32 ====

    i am fine with running further scans to ensure my pc's safety

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: infected win 10

    I'm glad that Firefox is back to normal -- just in time to update to Version 47.0 scheduled to be released tomorrow!

    Your computer looked clean from the logs but it would hurt to run AdwCleaner and JRT. The instructions for both follow:

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool. Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.

    IMPORTANT
    • If you click the Clean button all items listed in the report will be removed.

    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Check off the element(s) you wish to keep.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next reply.
    • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).


    Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: infected win 10

    AdwCleaner[C1].txt :

    # AdwCleaner v5.119 - Logfile created 07/06/2016 at 00:37:44
    # Updated 30/05/2016 by Xplode
    # Database : 2016-06-06.1 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : ali - ALI-PC
    # Running from : C:\Users\ali\Desktop\adwcleaner_5.119.exe
    # Option : Clean
    # Support : ToolsLib - Forum: Ask for help or share your experience.


    ***** [ Services ] *****




    ***** [ Folders ] *****




    ***** [ Files ] *****


    [-] File Deleted : C:\Users\ali\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage
    [-] File Deleted : C:\Users\ali\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage-journal


    ***** [ DLLs ] *****




    ***** [ WMI ] *****




    ***** [ Shortcuts ] *****




    ***** [ Scheduled tasks ] *****




    ***** [ Registry ] *****


    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}


    ***** [ Web browsers ] *****




    *************************


    :: "Tracing" keys deleted
    :: Winsock settings cleared


    *************************


    C:\AdwCleaner\AdwCleaner[C1].txt - [1054 bytes] - [07/06/2016 00:37:44]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1098 bytes] - [07/06/2016 00:36:15]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1200 bytes] ##########

    JRT.txt
    :

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 10 Home x64
    Ran by ali (Administrator) on Tue 06/07/2016 at 0:39:49.75
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    File System: 0








    Registry: 3


    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value)








    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 06/07/2016 at 0:41:59.39
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner[S1].txt :

    # AdwCleaner v5.119 - Logfile created 07/06/2016 at 00:36:15
    # Updated 30/05/2016 by Xplode
    # Database : 2016-06-06.1 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : ali - ALI-PC
    # Running from : C:\Users\ali\Desktop\adwcleaner_5.119.exe
    # Option : Scan
    # Support : ToolsLib - Forum: Ask for help or share your experience.


    ***** [ Services ] *****




    ***** [ Folders ] *****




    ***** [ Files ] *****


    File Found : C:\Users\ali\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage
    File Found : C:\Users\ali\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage-journal


    ***** [ DLL ] *****




    ***** [ WMI ] *****




    ***** [ Shortcuts ] *****




    ***** [ Scheduled tasks ] *****




    ***** [ Registry ] *****


    Key Found : HKLM\SOFTWARE\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}


    ***** [ Web browsers ] *****




    *************************


    C:\AdwCleaner\AdwCleaner[S1].txt - [947 bytes] - [07/06/2016 00:36:15]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1019 bytes] ##########

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: infected win 10

    Good job. Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. It isn't necessary to post the log.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: infected win 10

    Thanks alot for your help..
    everything indeed looks fine XD
    Even though i wanted to do further scans, you know.. just incase XD

    Thanks alot again :)

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: infected win 10

    You're welcome!

    The only other scans I would have suggested would have been Malwarebytes and an ESET online scan. However, since you had already scanned with MBAM and said nothing was found and ESET is your A/V, I really see no reason for further scans.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. How to tell if you're infected with malware
    By JMH in forum Security News
    Replies: 0
    Last Post: 05-11-2016, 11:28 PM
  2. Possibly Infected.
    By SeanA in forum Security Arena
    Replies: 19
    Last Post: 01-11-2016, 08:24 PM
  3. Replies: 16
    Last Post: 08-06-2015, 03:20 PM
  4. When Your PC is Likely Infected
    By JMH in forum Security News
    Replies: 0
    Last Post: 08-31-2012, 04:41 AM
  5. [SOLVED] Infected with Sirefef :(
    By niemiro in forum Security Arena
    Replies: 13
    Last Post: 08-16-2012, 04:51 AM

Log in

Log in