悪代官の伏魔殿掲示板

はじめまして。
Yahoo!知恵袋で質問されていた方への回答からこちらを知りました。
自分のミスでoribitumというものをインストールしました。


HTJログです。

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:41:22, on 2017/04/17
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)


Boot mode: Normal

Running processes:
C:\Users\panda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
C:\Users\panda\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [HPRadioMgr] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\panda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: HP JumpStart Launch.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: AdaptiveSleepService - Unknown owner - c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dropbox アップデート サービス (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox アップデート サービス (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - c:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Comm Recovery (HP Comm Recover) - HP Inc. - C:\Program Files\HPCommRecovery\HPCommRecovery.exe
O23 - Service: HP JumpStart Bridge (HPJumpStartBridge) - HP Inc. - c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - HP Inc. - C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
O23 - Service: @oem18.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\windows\system32\ibtsiva (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - CyberLink - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: tbaseprovisioning - Advanced Micro Devices, Inc. - C:\windows\SysWOW64\tbaseprovisioning.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - IntelR Corporation - c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 9047 bytes


CCleanerのログです。

3D Builder Microsoft Corporation 2017/04/05 12.0.3131.0
AMD Install Manager Advanced Micro Devices, Inc. 2016/12/26 26.3 MB 9.0.000.4
Bonjour Apple Inc. 2016/10/22 3.23 MB 3.0.0.10
Candy Crush Soda Saga king.com 2017/04/12 1.87.900.0
CCleaner Piriform 2017/04/14 19.5 MB 5.28
CyberLink Power Media Player 14 CyberLink Corp. 2017/04/17 469 MB 14.0.6.7428
CyberLink PowerDirector 14 CyberLink Corp. 2017/03/11 1.05 GB 14.0.2.3309
Dropbox 25 GB Dropbox, Inc. 2017/04/05 5.89 MB 3.1.18.0
Energy Star HP Inc. 2016/12/26 6.65 MB 1.1.1
Facebook Facebook Inc 2017/04/10 81.832.151.0
Groove ミュージック Microsoft Corporation 2017/04/05 10.17022.10301.0
HP AC Power Control Hewlett-Packard 2016/10/22 26.8 MB 1.0.6
HP Audio Switch HP Inc. 2016/10/22 13.9 MB 1.0.138.0
HP Documentation HP Inc. 2016/12/26 1.0.0.1
HP ePrint SW HP Inc. 2017/03/11 67.2 MB 5.2.20454
HP JumpStart HP Inc. 2017/03/14 1.2.228.0
HP JumpStart Bridge HP Inc. 2016/12/26 11.4 MB 1.1.0.168
HP JumpStart Launch HP Inc. 2016/12/26 832 KB 1.1.158.0
HP Registration Service HP Inc. 2016/12/26 10.3 MB 1.2.8357.5639
HP Support Assistant HP Inc. 2016/10/22 108 MB 8.3.50.9
HP Support Solutions Framework HP Inc. 2016/10/22 14.7 MB 12.5.32.203
HP Sure Connect HP Inc. 2016/10/22 1.0.0.29
HP System Event Utility HP Inc. 2017/04/17 12.8 MB 1.4.19
HP Wireless Button Driver HP 2016/12/26 3.99 MB 1.1.18.1
Intel(R) PRO/Wireless Driver Intel Corporation 2016/12/26 127 MB 19.20.0000.5007
LINE LINE Corporation 2017/04/05 5.4.8.0
Microsoft OneDrive Microsoft Corporation 2017/04/14 84.8 MB 17.3.6799.0327
Microsoft Solitaire Collection Microsoft Studios 2017/04/10 3.16.3302.0
Microsoft Sticky Notes Microsoft Corporation 2017/04/10 1.8.0.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2016/12/26 3.05 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2016/12/26 1.04 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2016/12/26 1.27 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2016/12/26 644 KB 9.0.30729.4148
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2016/12/26 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2016/12/26 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2016/12/26 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 Microsoft Corporation 2016/12/26 22.5 MB 14.0.23506.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 Microsoft Corporation 2016/12/26 18.7 MB 14.0.23506.0
Netflix Netflix, Inc. 2017/04/10 6.20.104.0
OneNote Microsoft Corporation 2017/04/10 17.7967.57751.0
People Microsoft Corporation 2017/04/10 10.2.831.0
Realtek Card Reader Realtek Semiconductor Corp. 2016/12/26 29.2 MB 10.0.14393.31228
Realtek Ethernet Controller Driver Realtek 2016/12/26 8.05 MB 10.10.714.2016
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2016/12/26 911 MB 6.0.1.7944
Royal Revolt 2 flaregames GmbH 2017/04/10 3.1.0.0
Simple Mahjong Random Salad Games LLC 2017/02/03 3.6.0.22
Skype Skype 2017/04/10 11.13.133.0
Store Purchase App Microsoft Corporation 2017/02/03 11608.1000.2431.0
Synaptics Pointing Device Driver Synaptics Incorporated 2016/12/26 46.4 MB 19.3.11.37
Vulkan Run Time Libraries 1.0.26.0 LunarG, Inc. 2016/12/26 1.66 MB 1.0.26.0
Xbox Microsoft Corporation 2017/04/12 27.28.8007.0
Xbox Identity Provider Microsoft Corporation 2017/03/14 11.19.19003.0
アプリ インストーラー Microsoft Corporation 2017/03/14 1.0.10332.0
アラーム & クロック Microsoft Corporation 2017/03/15 10.1703.602.0
インテル(R) ワイヤレス Bluetooth(R) Intel Corporation 2016/12/26 17.4 MB 19.10.1635.0483
ウイルスバスター クラウド トレンドマイクロ株式会社 2017/02/03 424 MB 11.0
カメラ Microsoft Corporation 2017/04/05 2017.214.20.0
ストア Microsoft Corporation 2017/04/05 11701.1001.99.0
トレンドマイクロ Airサポート トレンドマイクロ株式会社 2017/04/14 424 MB 6.0.1068
ニュース Microsoft Corporation 2017/02/01 4.18.41.0
ヒント Microsoft Corporation 2017/04/05 5.0.13.0
フィードバック Hub Microsoft Corporation 2017/04/10 1.1702.811.0
フォト Microsoft Corporation 2017/04/05 17.313.10010.0
ボイス レコーダー Microsoft Corporation 2017/03/14 10.1703.601.0
マップ Microsoft Corporation 2017/04/05 5.1703.762.0
メッセージング Microsoft Corporation 2017/02/01 3.19.1001.0
メール/カレンダー Microsoft Corporation 2017/04/13 17.8104.42387.0
天気 Microsoft Corporation 2017/04/05 4.18.52.0
新しい Office を始めよう Microsoft Corporation 2017/04/05 17.8017.5925.0
映画 & テレビ Microsoft Corporation 2017/04/05 10.17022.10311.0
有料 Wi-Fi & 携帯ネットワーク Microsoft Corporation 2017/03/14 1.1607.6.0
電卓 Microsoft Corporation 2017/03/14 10.1703.601.0

よろしくお願いします。

こんばんは。
ここの管理人の悪代官です。
夜8時45分頃に成敗されるのが嫌なので、日アサ8時45分頃の美少女戦隊にダメ出しの「喝！」くらってます（←とっととお家に帰りなさい

説明とログを見せてもらいました。
知恵袋から移動された方ですね。
oribitumに入りこまれたようですが、現在のログではそれは見えないようです。
と言っても見えないところに隠れている疑いもあるので、慎重に化けの皮を剥いでいきましょう。
人様の目は欺けてもお天道様はすべてお見通しです（←それ悪代官側のセリフじゃないから

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓）
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」（通称：GU）
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」（通称：CC）
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがそこで更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

なお、Windows10への更新はユーザー自身がよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html
http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

少なくとも下記のアプリは旧バージョンです。
>Skype Skype 2017/04/10 11.13.133.0

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

次にスタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとCCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

このCCのログで何が見つかるか見つからないかが最初の鍵になりそうです

WindowsUpdateは最新の状態でした。
Skypeは利用する予定がないのでアンインストールしました。
復元ポイントを作成した後、ディスククリーンアップしました。

CCのログです。

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\panda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run HPMessageService HP Inc. C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Yes HKLM:Run HPRadioMgr HP C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
Yes HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" 1
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run StartCN Advanced Micro Devices, Inc. "c:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
Yes HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
Yes Startup Common HP JumpStart Launch.lnk c:\windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico

Yes Task AirSupport Update Trend Micro Inc. C:\Program Files\Trend Micro\AirSupport\Update.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxOEM "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" auto
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task HPAudioSwitch HP Inc. "C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe"
Yes Task HPCeeScheduleForpanda HP Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForpanda (null)
Yes Task HPJumpStartProvider HP Inc. "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe"
Yes Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Yes Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
Yes Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
Yes File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
Yes Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll

Yes Extension [HP Network Check]を起動して接続の問題を解決する HP Inc. C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
No Helper HP Network Check Helper HP Inc. C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
No Helper HP Network Check Helper HP Inc. C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
No Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
No Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
No Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
No Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
No Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
No Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
No Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
No Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll

googlechromeは空欄でした。
よろしくお願いします。

作業と報告、ご苦労様です。

>googlechromeは空欄でした

はい、特にChrome拡張が入ってないならそれはいいですが、もしセーフモードでCC起動して各ログをとったならお手数ですが通常モードで各ログを取り直してください。
CCはセーフモードではいくつかの機能が使えず、正常なログも出ないので、基本的にPC通常モードでのみ使用することになります。
通常モードで各ログをとったならここはスルーしていいです。

さて、見せてもらった各ログではおかしなモノは見えないようです。

ほとんどの相談事例では異常のレベルに限らず、なにがしかの厄介なプログラムが見つかるのがほとんどですが、今回のようにゴミもほとんど見えないのは珍しいですね。
だからと言って感染がないとは断言できません。
むしろ巧妙なマルウェアほど尻尾を見せずPC内の奥深くで蠢き、じわじわとPCの主導権を握っていき、完全にPCを支配下に置いた時点で一気に本格的活動を開始することもあります。

それでは続きの解析にかかりましょう。

以下のアプリを準備してください。
「AdwCleaner」（通称：AC）
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware（通称・MBAM）
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。
作業終了後はPCをセーフモード状態で、GUを使ってアンインストールすればいいですが、うまくできないときはセーフモード状態でスタートメニューのMBAM項目で「アンインストール」選択しても削除可能です。

注）インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。
アップデートできたらスキャンはせず、ここでMABMは終了してください。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートまでできたらPCをセーフモードで再起動してから、ディスククリーンアップを使ってゴミファイルの掃除してください。

クリーンアップが済んだらセーフモードのまま、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

続いて再度セーフモードにして、今度はMBAMでスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」してください。
対象ドライブはCを含めて全ドライブを選択してください。

スキャン対象は全ドライブを選択（チェック）してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」（隔離）したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとMBAMとACのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。

なお、明日は自分はレスできないかもしれないので、その場合はすみませんが1日かそこらお待ちください。

お世話になっております。
前回は通常モードでログを取得しましたので、次の作業に進みました。

# AdwCleaner v6.045 - ログファイルの作成日 19/04/2017 作成時間 14:24:51
# Malwarebytesによる 28/03/2017 の更新日
# データベース : 2017-03-28.2 [ローカル]
# オペレーティングシステム : Windows 10 Home (X64)
# ユーザー名 : panda - LAPTOP-5RUSGJES
# 実行場所 : C:\Users\panda\Desktop\AdwCleaner.exe
# モード：安全
# サポート : https://www.malwarebytes.com/support



***** [ サービス ] *****



***** [ フォルダ ] *****

[#] 再起動時に削除されたフォルダ：：C:\Users\panda\AppData\Local\Orbitum


***** [ ファイル ] *****

[#] 削除済みファイル：C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ ショートカット ] *****



***** [ スケジュール済みタスク ] *****



***** [ レジストリ ] *****

[-] 削除済みキー：HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ ブラウザ ] *****



*************************

:: "Tracing" キーを削除しました
:: Winsock設定を削除しました

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1178 バイト] - [19/04/2017 14:24:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [1650 バイト] - [19/04/2017 14:22:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1332 バイト] ##########


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

定義バージョン： v2017.04.18.08

Windows 8 x64 NTFS (セーフモード)
Internet Explorer 11.1066.14393.0
panda :: LAPTOP-5RUSGJES [管理者]

2017/04/19 14:43:08
mbam-log-2017-04-19 (14-43-08).txt

スキャンタイプ： フルスキャン (C:\|D:\|E:\|)
有効なスキャン領域： メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン　 | ヒューリスティック/Shuriken　エンジンを使用してスキャン　 | 不審なプログラム　（PUP） | 不審な変更　（PUM）
無効なスキャン領域: ピア・ツー・ピアプログラム（P2P）
スキャンしたアイテム数: 477614
経過時間： 55 分, 12 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリ値の検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリデータ項目の検出: 0
(悪意のあるアイテムは検出されていません。)

フォルダの検出: 0
(悪意のあるアイテムは検出されていません。)

ファイルの検出: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk (PUP.Optional.Booking) -> 正常に隔離され削除されました。

(終)

よろしくお願いします。

作業と報告、ご苦労様です。
両ツールの結果ログを見せてもらいましたBooking.comが見つかって隔離された以外は検出ないようですね。

Orbitumの残骸フォルダも検出されて削除されたのでそれは掃除できたはずです。

ではそこもいいとしましょう。

現在まだOrbitumの兆候が出ているならそのことも教えてください。

それと、また別のツールで解析もしましょう。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
ただし、Windows10をお使いの場合は本体ファイルをそのまま削除すればいいです。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです

こんにちは。
Orbitumの兆候は今のところないです。
以下ログです。

OTL logfile created on: 2017/04/21 12:54:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\panda\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.47 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 57.45% Memory free
5.72 Gb Paging File | 3.25 Gb Available in Paging File | 56.85% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.01 Gb Total Space | 410.46 Gb Free Space | 91.21% Space Free | Partition Type: NTFS
Drive D: | 14.52 Gb Total Space | 1.73 Gb Free Space | 11.93% Space Free | Partition Type: NTFS

Computer Name: LAPTOP-5RUSGJES | User Name: panda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2017/04/21 12:53:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\panda\Desktop\OTL.exe
PRC - [2017/04/14 15:16:27 | 001,518,808 | ---- | M] (Microsoft Corporation) -- C:\Users\panda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2017/03/15 13:42:58 | 001,062,392 | ---- | M] (HP Inc.) -- C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
PRC - [2017/02/06 15:20:04 | 000,630,776 | ---- | M] (HP Inc.) -- C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
PRC - [2017/02/01 11:38:43 | 000,143,144 | ---- | M] (Dropbox, Inc.) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
PRC - [2016/10/17 20:01:20 | 000,051,224 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWOW64\tbaseprovisioning.exe
PRC - [2016/10/04 17:17:06 | 001,657,880 | ---- | M] (HP Inc.) -- C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
PRC - [2016/08/05 14:42:58 | 000,843,800 | ---- | M] () -- C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
PRC - [2016/08/05 14:41:58 | 000,461,848 | ---- | M] (HP Inc.) -- c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
PRC - [2016/06/03 22:08:04 | 001,031,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\Shared\hpqwmiex.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2017/04/14 01:11:47 | 001,161,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\4979591369179732bf744077fdf32393\System.Management.ni.dll
MOD - [2017/04/11 10:35:02 | 000,184,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\b02077014cbc9078ead7391e8ee5fbe6\UIAutomationTypes.ni.dll
MOD - [2017/04/11 10:34:34 | 000,386,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\dae0ac7f10d617d2fe72df6c6f23d3c5\System.Dynamic.ni.dll
MOD - [2017/04/11 10:34:33 | 001,589,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\1603e15bfa4813f780ef8dfb1291da1b\Microsoft.CSharp.ni.dll
MOD - [2017/04/11 10:33:52 | 000,794,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7f3d8a52d4129497577159cae0ef83b7\System.Runtime.Remoting.ni.dll
MOD - [2017/04/11 10:33:47 | 007,882,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\79892cb4ea3329381a2fc51dad52eb6e\System.Data.ni.dll
MOD - [2017/04/11 10:33:13 | 012,992,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\68f0c8b24547a1eeafc998eb2b2522e0\System.Windows.Forms.ni.dll
MOD - [2017/04/11 10:32:58 | 001,626,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\058e016628ca385ecca0589255c71bce\System.Drawing.ni.dll
MOD - [2017/04/11 10:32:52 | 000,272,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\090944cdcbf7fca1c5f201bbf89b224b\System.Numerics.ni.dll
MOD - [2017/04/10 17:07:03 | 000,391,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\644006124f267e54cf6760ac688fbf3e\System.Xml.Linq.ni.dll
MOD - [2017/04/10 17:07:02 | 007,456,768 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cfff018936a7c6348cb7ea98d432343a\System.Xml.ni.dll
MOD - [2017/04/10 17:06:53 | 001,878,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1b30fcb579bbaad955474f384a20d978\System.Xaml.ni.dll
MOD - [2017/04/10 17:06:48 | 002,804,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d5101c374cd436c6638bd68d3e681438\System.Runtime.Serialization.ni.dll
MOD - [2017/04/10 17:06:43 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\69bc7c6c084baf2d2ffd6871c726e266\System.Configuration.ni.dll
MOD - [2017/04/10 17:06:42 | 000,529,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\3c7b6f1459cd44f3f3f9b59e5121a867\PresentationFramework.Aero2.ni.dll
MOD - [2017/04/10 17:06:40 | 019,470,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5fa817daff10898645f2a4f4514bee62\PresentationFramework.ni.dll
MOD - [2017/04/10 17:06:13 | 011,620,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0e3670b79a0d3cf62dffca3403010d44\PresentationCore.ni.dll
MOD - [2017/04/10 17:05:56 | 004,063,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b87bf6675b253eeea9d7a1af759d1d9b\WindowsBase.ni.dll
MOD - [2017/04/10 17:05:51 | 007,464,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\561bcb2835dc3d4de610397aebd07edc\System.Core.ni.dll
MOD - [2017/04/10 17:05:40 | 010,266,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6d712bf5f07ce74d9e2d31a443dea9c2\System.ni.dll
MOD - [2017/01/24 11:27:50 | 019,611,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f06d35cdb58e63c8a25f1658f23fd20d\mscorlib.ni.dll
MOD - [2016/08/05 14:42:58 | 000,843,800 | ---- | M] () -- C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2017/04/07 04:53:16 | 000,033,640 | ---- | M] (HP Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2017/03/28 15:21:33 | 003,318,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2017/03/28 14:32:32 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2017/03/28 13:48:06 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2017/03/04 15:16:20 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2017/02/06 15:20:04 | 000,630,776 | ---- | M] (HP Inc.) [Auto | Running] -- C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2017/02/01 11:38:43 | 000,143,144 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2017/02/01 11:38:43 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2016/11/11 16:05:12 | 003,370,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/10/17 20:01:20 | 000,051,224 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\tbaseprovisioning.exe -- (tbaseprovisioning)
SRV - [2016/08/06 12:33:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2016/08/05 14:41:58 | 000,461,848 | ---- | M] (HP Inc.) [Auto | Running] -- c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe -- (HPJumpStartBridge)
SRV - [2016/07/29 21:38:24 | 000,507,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2016/07/29 21:38:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2016/07/29 21:38:24 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2016/06/03 22:08:04 | 001,031,704 | ---- | M] (HP) [On_Demand | Running] -- C:\Program Files (x86)\HP\Shared\hpqwmiex.exe -- (hpqcaslwmiex)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2016/10/17 20:01:45 | 026,565,648 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\DriverStore\FileRepository\c0307840.inf_amd64_2d7ce5e36533f4c7\atikmdag.sys -- (amdkmdag)
DRV - [2016/10/17 20:01:45 | 000,527,264 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\DriverStore\FileRepository\c0307840.inf_amd64_2d7ce5e36533f4c7\atikmpag.sys -- (amdkmdap)
DRV - [2016/07/16 20:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp17win10.msn.com/?pc=HCTE
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp17win10.msn.com/?pc=HCTE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp17win10.msn.com/?pc=HCTE
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp17win10.msn.com/?pc=HCTE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp17win10.msn.com/?pc=HCTE
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp17win10.msn.com/?pc=HCTE
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = F2 36 5F 3B E7 7D D2 01 [binary data]
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 25 00 00 00 A8 B2 63 FB A3 52 1C D1 58 39 B2 52 ED 52 50 3A 85 49 0C 89 D1 BB BE E4 E8 B6 BA FC 5E 8A CF FB 4D CA 2F 16 36 02 00 00 00 0E 00 00 00 59 39 64 44 36 48 66 32 4F 53 30 25 33 64 [binary data]
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2017/02/07 13:38:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017/02/03 15:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{c2056674-a37f-4b29-9300-2004759d74fe}: C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [2017/02/07 13:40:06 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: 16F71CAEB31B58536A7FAD9222639228C47175F9F7AEA84C77F137572D9A3891

O1 HOSTS File: ([2016/07/16 20:45:37 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (トレンドマイクロセキュリティツールバーヘルパー) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (トレンドマイクロネットワークフィルタプラグイン) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (トレンドマイクロIEプロテクション) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (HP Inc.)
O3 - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (HP Inc.)
O4 - HKLM..\Run: [HPRadioMgr] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (HP)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001..\Run: [OneDrive] C:\Users\panda\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8c40deb9-8fb4-4c33-97d8-1ed09d650d0c}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {71A5A636-652F-3BE0-BC14-02545E9F5EC7} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017/04/21 12:49:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\panda\Desktop\OTL.exe
[2017/04/19 22:52:22 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp
[2017/04/19 13:30:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/04/19 13:28:59 | 000,000,000 | ---D | C] -- C:\Users\panda\AppData\Roaming\Malwarebytes
[2017/04/19 13:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2017/04/19 13:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/04/19 13:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2017/04/19 13:27:39 | 000,000,000 | ---D | C] -- C:\Users\panda\AppData\Local\Programs
[2017/04/19 13:25:24 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\panda\Desktop\mbam-setup-1.75.0.1300.exe
[2017/04/19 12:09:56 | 000,000,000 | ---D | C] -- C:\Users\panda\AppData\Local\Diagnostics
[2017/04/18 14:07:39 | 000,000,000 | ---D | C] -- C:\Users\panda\Desktop\geek
[2017/04/17 12:39:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\panda\Desktop\HijackThis.exe
[2017/04/14 14:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/04/14 14:10:44 | 000,000,000 | ---D | C] -- C:\Users\panda\AppData\Local\Google
[2017/04/14 14:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2017/04/13 14:05:42 | 000,000,000 | ---D | C] -- C:\Users\panda\AppData\Local\Orbitum
[2017/04/13 09:23:35 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WebcamUi.dll
[2017/04/13 09:23:35 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\unimdm.tsp
[2017/04/13 09:23:34 | 007,468,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2017/04/13 09:23:33 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AzureSettingSyncProvider.dll
[2017/04/13 09:23:33 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RADCUI.dll
[2017/04/13 09:23:33 | 000,237,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SyncSettings.dll
[2017/04/13 09:23:27 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netshell.dll
[2017/04/13 09:23:27 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ipsecsnp.dll
[2017/04/13 09:23:27 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ipsmsnap.dll
[2017/04/13 09:23:19 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieproxy.dll
[2017/04/13 09:23:18 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2017/04/13 09:23:16 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2017/04/13 09:23:12 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apds.dll
[2017/04/13 09:23:10 | 005,685,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Data.Pdf.dll
[2017/04/13 09:23:04 | 000,306,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.MediaControl.dll
[2017/04/13 09:23:01 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Speech.dll
[2017/04/13 09:23:01 | 000,263,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Storage.ApplicationData.dll
[2017/04/13 09:23:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.StateRepositoryClient.dll
[2017/04/13 09:23:01 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.System.UserDeviceAssociation.dll
[2017/04/13 09:23:00 | 001,656,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Perception.dll
[2017/04/13 09:23:00 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.FaceAnalysis.dll
[2017/04/13 09:23:00 | 000,747,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Ocr.dll
[2017/04/13 09:23:00 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlidcli.dll
[2017/04/13 09:23:00 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Gaming.Input.dll
[2017/04/13 09:23:00 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Gaming.XboxLive.Storage.dll
[2017/04/13 09:23:00 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinRtTracing.dll
[2017/04/13 09:22:59 | 000,819,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppContracts.dll
[2017/04/13 09:22:59 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.dll
[2017/04/13 09:22:59 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Core.dll
[2017/04/13 09:22:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
[2017/04/13 09:22:58 | 006,667,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Protection.PlayReady.dll
[2017/04/13 09:22:55 | 003,520,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xpsrchvw.exe
[2017/04/13 09:22:55 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XblAuthTokenBrokerExt.dll
[2017/04/13 09:22:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XblAuthManagerProxy.dll
[2017/04/13 09:22:54 | 002,646,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CertEnroll.dll
[2017/04/13 09:22:54 | 000,620,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.dll
[2017/04/13 09:22:53 | 002,994,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32kfull.sys
[2017/04/13 09:22:53 | 000,598,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Web.dll
[2017/04/13 09:22:52 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Web.Http.dll
[2017/04/13 09:22:50 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Wallet.dll
[2017/04/13 09:22:50 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WwaApi.dll
[2017/04/13 09:22:49 | 001,004,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Input.Inking.dll
[2017/04/13 09:22:49 | 000,711,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2017/04/13 09:22:49 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Web.Diagnostics.dll
[2017/04/13 09:22:48 | 000,557,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\StoreAgent.dll
[2017/04/13 09:22:48 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\InstallAgentUserBroker.exe
[2017/04/13 09:22:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\InstallAgent.exe
[2017/04/13 09:22:48 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Scanners.dll
[2017/04/13 09:22:47 | 001,232,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.Maps.dll
[2017/04/13 09:22:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.Phone.dll
[2017/04/13 09:22:47 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIRibbonRes.dll
[2017/04/13 09:22:47 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.InkControls.dll
[2017/04/13 09:22:47 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserDeviceRegistration.dll
[2017/04/13 09:22:47 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserDataTimeUtil.dll
[2017/04/13 09:22:47 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\updatepolicy.dll
[2017/04/13 09:22:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usoapi.dll
[2017/04/13 09:22:46 | 000,975,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinapi.appcore.dll
[2017/04/13 09:22:46 | 000,827,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.appcore.dll
[2017/04/13 09:22:46 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserDataAccountApis.dll
[2017/04/13 09:22:46 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExSMime.dll
[2017/04/13 09:22:46 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppointmentActivation.dll
[2017/04/13 09:22:45 | 003,106,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2017/04/13 09:22:45 | 000,783,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TSWorkspace.dll
[2017/04/13 09:22:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.System.SystemManagement.dll
[2017/04/13 09:22:44 | 001,431,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2017/04/13 09:22:44 | 000,861,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LicenseManager.dll
[2017/04/13 09:22:44 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sbe.dll
[2017/04/13 09:22:41 | 000,862,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncCore.dll
[2017/04/13 09:22:41 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TokenBroker.dll
[2017/04/13 09:22:41 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Sensors.dll
[2017/04/13 09:22:41 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2017/04/13 09:22:41 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vaultcli.dll
[2017/04/13 09:22:41 | 000,167,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2017/04/13 09:22:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TokenBrokerUI.dll
[2017/04/13 09:22:40 | 006,045,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Chakra.dll
[2017/04/13 09:22:40 | 000,886,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aadtb.dll
[2017/04/13 09:22:40 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\efswrt.dll
[2017/04/13 09:22:39 | 001,196,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscui.cpl
[2017/04/13 09:22:39 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.Identity.Provider.dll
[2017/04/13 09:22:38 | 004,614,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll
[2017/04/13 09:22:38 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RTMediaFrame.dll
[2017/04/13 09:22:37 | 001,077,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Editing.dll
[2017/04/13 09:22:36 | 001,534,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Graphics.Printing.3D.dll
[2017/04/13 09:22:36 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Graphics.Printing.dll
[2017/04/13 09:22:35 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wpnapps.dll
[2017/04/13 09:22:35 | 000,661,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WpcWebFilter.dll
[2017/04/13 09:22:35 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PlayToManager.dll
[2017/04/13 09:22:35 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PlayToDevice.dll
[2017/04/13 09:22:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PlayToReceiver.dll
[2017/04/13 09:22:34 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AuthBroker.dll
[2017/04/13 09:22:32 | 000,675,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2017/04/13 09:22:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.HostName.dll
[2017/04/13 09:22:32 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2017/04/13 09:22:30 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
[2017/04/13 09:22:29 | 006,474,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mspaint.exe
[2017/04/13 09:22:29 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MiracastReceiver.dll
[2017/04/13 09:22:29 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2017/04/13 09:22:28 | 001,851,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2017/04/13 09:22:28 | 001,360,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll
[2017/04/13 09:22:28 | 001,344,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfsrcsnk.dll
[2017/04/13 09:22:28 | 001,202,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll
[2017/04/13 09:22:28 | 000,981,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2017/04/13 09:22:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmjpegdec.dll
[2017/04/13 09:22:27 | 004,023,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2017/04/13 09:22:27 | 001,277,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2017/04/13 09:22:27 | 001,221,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Audio.dll
[2017/04/13 09:22:27 | 000,895,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Streaming.dll
[2017/04/13 09:22:27 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MCRecvSrc.dll
[2017/04/13 09:22:27 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Import.dll
[2017/04/13 09:22:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Devices.dll
[2017/04/13 09:22:26 | 006,109,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mos.dll
[2017/04/13 09:22:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcconf.dll
[2017/04/13 09:22:25 | 005,721,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\windows.storage.dll
[2017/04/13 09:22:24 | 003,307,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2017/04/13 09:22:24 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MbaeApiPublic.dll
[2017/04/13 09:22:24 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2017/04/13 09:22:24 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AboveLockAppHost.dll
[2017/04/13 09:22:18 | 002,138,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\InputService.dll
[2017/04/13 09:22:18 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Internal.Bluetooth.dll
[2017/04/13 09:22:13 | 018,364,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\edgehtml.dll
[2017/04/13 09:22:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2017/04/13 09:22:04 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2017/04/13 09:22:03 | 001,414,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gdi32full.dll
[2017/04/13 09:22:03 | 000,576,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
[2017/04/13 09:22:03 | 000,545,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontdrvhost.exe
[2017/04/13 09:22:03 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmenrollengine.dll
[2017/04/13 09:22:03 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Geolocation.dll
[2017/04/13 09:22:03 | 000,315,744 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2017/04/13 09:22:03 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\enrollmentapi.dll
[2017/04/13 09:22:03 | 000,037,376 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2017/04/13 09:22:02 | 003,733,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_47.dll
[2017/04/13 09:22:02 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Internal.Management.dll
[2017/04/13 09:22:02 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DisplayManager.dll
[2017/04/13 09:22:01 | 001,564,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2017/04/13 09:22:01 | 000,901,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Bluetooth.dll
[2017/04/13 09:22:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.WiFiDirect.dll
[2017/04/13 09:22:01 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.LowLevel.dll
[2017/04/13 09:22:01 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Midi.dll
[2017/04/13 09:22:01 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Usb.dll
[2017/04/13 09:22:01 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.WiFi.dll
[2017/04/13 09:22:01 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Radios.dll
[2017/04/13 09:22:01 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dialclient.dll
[2017/04/13 09:22:01 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Lights.dll
[2017/04/13 09:22:00 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.PointOfService.dll
[2017/04/13 09:22:00 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.SmartCards.dll
[2017/04/13 09:22:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CryptoWinRT.dll
[2017/04/13 09:22:00 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Picker.dll
[2017/04/13 09:22:00 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
[2017/04/13 09:22:00 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.SerialCommunication.dll
[2017/04/13 09:21:59 | 003,198,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdp.dll
[2017/04/13 09:21:59 | 000,846,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinTypes.dll
[2017/04/13 09:21:59 | 000,746,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msdtcprx.dll
[2017/04/13 09:21:59 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CredProvDataModel.dll
[2017/04/13 09:21:59 | 000,034,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CompPkgSup.dll
[2017/04/13 09:21:58 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.AllJoyn.dll
[2017/04/13 09:21:58 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppXDeploymentClient.dll
[2017/04/13 09:21:58 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepsync.dll
[2017/04/13 09:21:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepapi.dll
[2017/04/13 09:21:57 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.AccountsControl.dll
[2017/04/13 09:21:56 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ShareHost.dll
[2017/04/13 09:21:56 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CoreMessaging.dll
[2017/04/13 09:21:56 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\deviceaccess.dll
[2017/04/13 09:21:56 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dlnashext.dll
[2017/04/13 09:21:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2017/04/13 09:21:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserMgrProxy.dll
[2017/04/13 09:21:56 | 000,136,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CloudExperienceHostUser.dll
[2017/04/13 09:21:56 | 000,116,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CloudExperienceHostCommon.dll
[2017/04/13 09:21:55 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\bcastdvr.exe
[2017/04/13 09:21:55 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ErrorDetails.dll
[2017/04/13 09:08:39 | 000,975,872 | ---- | C] (Microsoft Corporation) -- C:\windows\HelpPane.exe
[2017/04/05 15:09:34 | 001,456,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll
[2017/04/05 15:09:28 | 002,458,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\themecpl.dll
[2017/04/05 15:09:28 | 001,228,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usercpl.dll
[2017/04/05 15:09:28 | 000,965,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2017/04/05 15:09:28 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserLanguagesCpl.dll
[2017/04/05 15:09:28 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanui.dll
[2017/04/05 15:09:28 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\input.dll
[2017/04/05 15:09:28 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscandui.dll
[2017/04/05 15:09:27 | 000,632,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sud.dll
[2017/04/05 15:09:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msutb.dll
[2017/04/05 15:09:27 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scksp.dll
[2017/04/05 15:09:27 | 000,173,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\basecsp.dll
[2017/04/05 15:09:27 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msctfui.dll
[2017/04/05 15:09:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msctfp.dll
[2017/04/05 15:09:26 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2017/04/05 15:09:23 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rasgcw.dll
[2017/04/05 15:09:23 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mprddm.dll
[2017/04/05 15:09:23 | 000,510,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PhotoScreensaver.scr
[2017/04/05 15:09:19 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\main.cpl
[2017/04/05 15:09:18 | 001,543,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe
[2017/04/05 15:09:18 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Storage.Search.dll
[2017/04/05 15:09:09 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\hgcpl.dll
[2017/04/05 15:09:08 | 000,570,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\clusapi.dll
[2017/04/05 15:09:08 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2017/04/05 15:09:08 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\resutils.dll
[2017/04/05 15:09:05 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msdtcuiu.dll
[2017/04/05 15:09:04 | 001,320,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\comsvcs.dll
[2017/04/05 15:09:04 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mtxclu.dll
[2017/04/05 15:09:04 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BrowserSettingSync.dll
[2017/04/05 15:09:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PCPTpm12.dll
[2017/04/05 15:09:02 | 000,760,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\appwiz.cpl
[2017/04/05 15:09:02 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\azroleui.dll
[2017/04/05 15:09:00 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2017/04/05 15:08:59 | 002,643,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2017/04/05 15:08:59 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2017/04/05 15:08:59 | 000,714,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2017/04/05 15:08:59 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Search.ProtocolHandler.MAPI2.dll
[2017/04/05 15:08:58 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlidprov.dll
[2017/04/05 15:08:58 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2017/04/05 15:08:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssitlb.dll
[2017/04/05 15:08:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Gaming.UI.GameBar.dll
[2017/04/05 15:08:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XInputUap.dll
[2017/04/05 15:08:57 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2017/04/05 15:08:56 | 001,969,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\hevcdecoder.dll
[2017/04/05 15:08:52 | 002,748,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mispace.dll
[2017/04/05 15:08:52 | 001,323,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsp_fs.dll
[2017/04/05 15:08:52 | 001,137,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsp_health.dll
[2017/04/05 15:08:52 | 000,719,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsp_sr.dll
[2017/04/05 15:08:52 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVSENCD.DLL
[2017/04/05 15:08:51 | 004,557,824 | ---- | C] (Microsoft) -- C:\windows\SysWow64\dbgeng.dll
[2017/04/05 15:08:51 | 001,557,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2017/04/05 15:08:51 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Immersive.dll
[2017/04/05 15:08:51 | 001,293,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPDMC.exe
[2017/04/05 15:08:51 | 000,781,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWAHost.exe
[2017/04/05 15:08:47 | 001,362,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmpmde.dll
[2017/04/05 15:08:46 | 001,231,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wcnwiz.dll
[2017/04/05 15:08:46 | 001,154,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Pimstore.dll
[2017/04/05 15:08:46 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2017/04/05 15:08:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserDeviceRegistration.Ngc.dll
[2017/04/05 15:08:45 | 003,478,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIRibbon.dll
[2017/04/05 15:08:45 | 000,711,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Search.dll
[2017/04/05 15:08:45 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cemapi.dll
[2017/04/05 15:08:45 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Shell.Search.UriHandler.dll
[2017/04/05 15:08:44 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Unistore.dll
[2017/04/05 15:08:44 | 000,858,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EmailApis.dll
[2017/04/05 15:08:44 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ContactApis.dll
[2017/04/05 15:08:44 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppointmentApis.dll
[2017/04/05 15:08:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ChatApis.dll
[2017/04/05 15:08:44 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VCardParser.dll
[2017/04/05 15:08:43 | 007,626,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2017/04/05 15:08:43 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TpmCoreProvisioning.dll
[2017/04/05 15:08:43 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinapi.dll
[2017/04/05 15:08:43 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpipcfg.dll
[2017/04/05 15:08:43 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netiohlp.dll
[2017/04/05 15:08:43 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LaunchWinApp.exe
[2017/04/05 15:08:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netiougc.exe
[2017/04/05 15:08:41 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\storagewmi.dll
[2017/04/05 15:08:41 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2017/04/05 15:08:40 | 000,549,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SHCore.dll
[2017/04/05 15:08:40 | 000,493,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncHost.exe
[2017/04/05 15:08:39 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\OneDriveSettingSyncProvider.dll
[2017/04/05 15:08:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tbauth.dll
[2017/04/05 15:08:39 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TokenBrokerCookies.exe
[2017/04/05 15:08:38 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Chakradiag.dll
[2017/04/05 15:08:38 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2017/04/05 15:08:37 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iprtrmgr.dll
[2017/04/05 15:08:35 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.BackgroundMediaPlayback.dll
[2017/04/05 15:08:34 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2017/04/05 15:08:34 | 000,525,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PrintDialogs.dll
[2017/04/05 15:08:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ProximityCommon.dll
[2017/04/05 15:08:33 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\puiobj.dll
[2017/04/05 15:08:33 | 000,313,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanapi.dll
[2017/04/05 15:08:33 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\puiapi.dll
[2017/04/05 15:08:33 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DafPrintProvider.dll
[2017/04/05 15:08:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\findnetprinters.dll
[2017/04/05 15:08:33 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfdprov.dll
[2017/04/05 15:08:32 | 008,886,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\OneDriveSetup.exe
[2017/04/05 15:08:27 | 001,299,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVPXENC.dll
[2017/04/05 15:08:27 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVP9DEC.dll
[2017/04/05 15:08:26 | 002,740,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msftedit.dll
[2017/04/05 15:08:26 | 002,206,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2017/04/05 15:08:26 | 001,123,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfplat.dll
[2017/04/05 15:08:26 | 000,374,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFPlay.dll
[2017/04/05 15:08:25 | 000,976,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfds.dll
[2017/04/05 15:08:25 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmkvsrcsnk.dll
[2017/04/05 15:08:24 | 012,349,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2017/04/05 15:08:24 | 000,952,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfsvr.dll
[2017/04/05 15:08:24 | 000,530,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mf.dll
[2017/04/05 15:08:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MCCSEngineShared.dll
[2017/04/05 15:08:23 | 002,363,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MapRouter.dll
[2017/04/05 15:08:23 | 002,109,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MapGeocoder.dll
[2017/04/05 15:08:23 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DavSyncProvider.dll
[2017/04/05 15:08:23 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MapConfiguration.dll
[2017/04/05 15:08:23 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\accountaccessor.dll
[2017/04/05 15:08:22 | 005,380,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BingMaps.dll
[2017/04/05 15:08:21 | 001,709,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ActiveSyncProvider.dll
[2017/04/05 15:08:21 | 001,357,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSPhotography.dll
[2017/04/05 15:08:20 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LogonController.dll
[2017/04/05 15:08:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LockAppBroker.dll
[2017/04/05 15:08:20 | 000,321,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LockAppHost.exe
[2017/04/05 15:08:17 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TextInputFramework.dll
[2017/04/05 15:08:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Core.TextInput.dll
[2017/04/05 15:08:14 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\indexeddbserver.dll
[2017/04/05 15:08:06 | 000,753,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\imapi2fs.dll
[2017/04/05 15:08:05 | 004,312,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2017/04/05 15:08:05 | 002,484,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2017/04/05 15:08:05 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontext.dll
[2017/04/05 15:08:05 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\uReFS.dll
[2017/04/05 15:08:04 | 004,423,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll
[2017/04/05 15:08:04 | 000,640,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\evr.dll
[2017/04/05 15:08:03 | 002,277,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2017/04/05 15:08:02 | 013,873,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2017/04/05 15:08:02 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.Resources.dll
[2017/04/05 15:08:02 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2017/04/05 15:08:00 | 001,993,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2017/04/05 15:08:00 | 000,248,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\policymanager.dll
[2017/04/05 15:07:58 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CloudBackupSettings.dll
[2017/04/05 15:07:58 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CameraCaptureUI.dll
[2017/04/05 15:07:55 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\daxexec.dll
[2017/04/05 15:07:55 | 000,192,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aepic.dll
[2017/04/05 15:07:54 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BcastDVRHelper.dll
[2017/04/05 14:53:20 | 004,674,360 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017/04/21 12:53:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\panda\Desktop\OTL.exe
[2017/04/21 11:53:46 | 000,000,010 | ---- | M] () -- C:\Users\panda\AppData\Local\sponge.last.runtime.cache
[2017/04/21 11:49:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2017/04/21 09:02:58 | 572,349,253 | ---- | M] () -- C:\windows\MEMORY.DMP
[2017/04/21 09:02:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/04/21 09:02:57 | 1489,444,864 | -HS- | M] () -- C:\hiberfil.sys
[2017/04/19 22:51:05 | 000,000,364 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForpanda.job
[2017/04/19 14:39:08 | 000,000,214 | ---- | M] () -- C:\windows\tasks\CreateExplorerShellUnelevatedTask.job
[2017/04/19 13:30:13 | 004,089,296 | ---- | M] () -- C:\Users\panda\Desktop\AdwCleaner.exe
[2017/04/19 13:28:13 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/04/19 13:27:27 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\panda\Desktop\mbam-setup-1.75.0.1300.exe
[2017/04/18 14:03:02 | 002,796,186 | ---- | M] () -- C:\Users\panda\Desktop\geek.zip
[2017/04/18 13:49:36 | 000,000,017 | ---- | M] () -- C:\Users\panda\AppData\Local\resmon.resmoncfg
[2017/04/17 12:40:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\panda\Desktop\HijackThis.exe
[2017/04/02 03:52:38 | 000,835,576 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2017/04/02 03:52:38 | 000,177,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/03/28 16:10:28 | 000,315,744 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2017/03/28 15:21:27 | 000,167,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2017/03/28 15:20:43 | 002,717,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\PrintConfig.dll
[2017/03/28 15:15:53 | 002,048,496 | ---- | M] () -- C:\windows\SysWow64\CoreUIComponents.dll
[2017/03/28 15:07:35 | 000,263,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Storage.ApplicationData.dll
[2017/03/28 15:04:58 | 001,431,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2017/03/28 15:04:53 | 000,136,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\CloudExperienceHostUser.dll
[2017/03/28 15:04:39 | 000,116,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\CloudExperienceHostCommon.dll
[2017/03/28 15:04:38 | 005,721,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\windows.storage.dll
[2017/03/28 15:04:32 | 000,975,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\twinapi.appcore.dll
[2017/03/28 15:04:31 | 000,861,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\LicenseManager.dll
[2017/03/28 15:02:55 | 000,576,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
[2017/03/28 15:02:01 | 000,846,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WinTypes.dll
[2017/03/28 14:59:11 | 006,667,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Protection.PlayReady.dll
[2017/03/28 14:59:01 | 004,023,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2017/03/28 14:58:59 | 001,851,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2017/03/28 14:58:53 | 001,360,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll
[2017/03/28 14:58:53 | 001,344,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfsrcsnk.dll
[2017/03/28 14:58:53 | 000,981,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2017/03/28 14:58:52 | 001,277,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2017/03/28 14:58:50 | 001,202,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll
[2017/03/28 14:53:54 | 001,414,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\gdi32full.dll
[2017/03/28 14:53:54 | 000,545,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\fontdrvhost.exe
[2017/03/28 14:52:00 | 000,306,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.MediaControl.dll
[2017/03/28 14:48:07 | 005,685,760 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Data.Pdf.dll
[2017/03/28 14:42:28 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UserDataTimeUtil.dll
[2017/03/28 14:42:06 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\usoapi.dll
[2017/03/28 14:41:51 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\odbcconf.dll
[2017/03/28 14:40:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XblAuthManagerProxy.dll
[2017/03/28 14:40:53 | 000,037,376 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2017/03/28 14:40:19 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ExSMime.dll
[2017/03/28 14:39:48 | 000,141,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Radios.dll
[2017/03/28 14:39:17 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\TokenBrokerUI.dll
[2017/03/28 14:38:37 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2017/03/28 14:38:36 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XblAuthTokenBrokerExt.dll
[2017/03/28 14:38:17 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UIRibbonRes.dll
[2017/03/28 14:38:05 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UserDeviceRegistration.dll
[2017/03/28 14:37:58 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\DisplayManager.dll
[2017/03/28 14:37:47 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Web.Diagnostics.dll
[2017/03/28 14:37:46 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.HostName.dll
[2017/03/28 14:37:29 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apds.dll
[2017/03/28 14:37:29 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.System.SystemManagement.dll
[2017/03/28 14:37:19 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\unimdm.tsp
[2017/03/28 14:36:49 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WinRtTracing.dll
[2017/03/28 14:36:42 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.StateRepositoryClient.dll
[2017/03/28 14:36:38 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2017/03/28 14:36:34 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.SerialCommunication.dll
[2017/03/28 14:36:33 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.System.UserDeviceAssociation.dll
[2017/03/28 14:36:06 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ipsecsnp.dll
[2017/03/28 14:35:53 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.WiFi.dll
[2017/03/28 14:35:48 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
[2017/03/28 14:35:31 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\bcastdvr.exe
[2017/03/28 14:35:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UserMgrProxy.dll
[2017/03/28 14:35:19 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Gaming.Input.dll
[2017/03/28 14:35:17 | 000,113,152 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Lights.dll
[2017/03/28 14:35:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2017/03/28 14:35:11 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\AppointmentActivation.dll
[2017/03/28 14:35:09 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Gaming.XboxLive.Storage.dll
[2017/03/28 14:35:03 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\InstallAgent.exe
[2017/03/28 14:35:02 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.LowLevel.dll
[2017/03/28 14:34:43 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UserDataAccountApis.dll
[2017/03/28 14:34:32 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SyncSettings.dll
[2017/03/28 14:34:07 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Core.dll
[2017/03/28 14:34:01 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\AuthBroker.dll
[2017/03/28 14:33:59 | 000,557,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\StoreAgent.dll
[2017/03/28 14:33:51 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ipsmsnap.dll
[2017/03/28 14:33:49 | 000,265,728 | ---- | M] () -- C:\windows\SysWow64\Windows.Perception.Stub.dll
[2017/03/28 14:33:06 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.AllJoyn.dll
[2017/03/28 14:33:02 | 000,670,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.PointOfService.dll
[2017/03/28 14:33:02 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Import.dll
[2017/03/28 14:32:49 | 001,243,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.FaceAnalysis.dll
[2017/03/28 14:32:48 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\InstallAgentUserBroker.exe
[2017/03/28 14:32:45 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieproxy.dll
[2017/03/28 14:32:40 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.Identity.Provider.dll
[2017/03/28 14:32:37 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Wallet.dll
[2017/03/28 14:32:37 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.WiFiDirect.dll
[2017/03/28 14:32:37 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
[2017/03/28 14:32:32 | 000,298,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Internal.Management.dll
[2017/03/28 14:32:28 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WwaApi.dll
[2017/03/28 14:32:27 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Internal.Bluetooth.dll
[2017/03/28 14:32:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\deviceaccess.dll
[2017/03/28 14:32:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\vaultcli.dll
[2017/03/28 14:32:17 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.SmartCards.dll
[2017/03/28 14:32:14 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apprepsync.dll
[2017/03/28 14:32:07 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Scanners.dll
[2017/03/28 14:32:03 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apprepapi.dll
[2017/03/28 14:31:51 | 000,431,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\efswrt.dll
[2017/03/28 14:31:51 | 000,390,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\CredProvDataModel.dll
[2017/03/28 14:31:43 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2017/03/28 14:31:06 | 000,711,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2017/03/28 14:30:59 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Picker.dll
[2017/03/28 14:30:55 | 000,819,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\AppContracts.dll
[2017/03/28 14:30:24 | 000,787,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\sbe.dll
[2017/03/28 14:30:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WebcamUi.dll
[2017/03/28 14:30:02 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\updatepolicy.dll
[2017/03/28 14:29:44 | 000,747,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Ocr.dll
[2017/03/28 14:29:37 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Usb.dll
[2017/03/28 14:29:29 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.dll
[2017/03/28 14:29:08 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\AboveLockAppHost.dll
[2017/03/28 14:28:43 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Graphics.Printing.dll
[2017/03/28 14:28:18 | 000,661,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WpcWebFilter.dll
[2017/03/28 14:28:04 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2017/03/28 14:27:43 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\CryptoWinRT.dll
[2017/03/28 14:26:51 | 001,534,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Graphics.Printing.3D.dll
[2017/03/28 14:26:36 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.InkControls.dll
[2017/03/28 14:26:01 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\AppXDeploymentClient.dll
[2017/03/28 14:25:59 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.AccountsControl.dll
[2017/03/28 14:25:54 | 001,196,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wscui.cpl
[2017/03/28 14:25:41 | 018,364,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\edgehtml.dll
[2017/03/28 14:24:50 | 006,474,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mspaint.exe
[2017/03/28 14:24:36 | 000,675,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2017/03/28 14:24:33 | 004,614,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll
[2017/03/28 14:24:15 | 000,901,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Bluetooth.dll
[2017/03/28 14:23:58 | 003,733,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_47.dll
[2017/03/28 14:23:44 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\dmenrollengine.dll
[2017/03/28 14:23:28 | 000,886,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\aadtb.dll
[2017/03/28 14:23:15 | 000,589,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Sensors.dll
[2017/03/28 14:22:43 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\enrollmentapi.dll
[2017/03/28 14:22:22 | 000,516,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wlidcli.dll
[2017/03/28 14:22:03 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RTMediaFrame.dll
[2017/03/28 14:21:45 | 001,077,760 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Editing.dll
[2017/03/28 14:20:56 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfmjpegdec.dll
[2017/03/28 14:20:14 | 003,307,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2017/03/28 14:20:07 | 000,795,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MiracastReceiver.dll
[2017/03/28 14:19:56 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\PlayToDevice.dll
[2017/03/28 14:19:47 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wpnapps.dll
[2017/03/28 14:19:42 | 000,746,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msdtcprx.dll
[2017/03/28 14:19:39 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\dlnashext.dll
[2017/03/28 14:19:18 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\dialclient.dll
[2017/03/28 14:18:23 | 001,255,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\AzureSettingSyncProvider.dll
[2017/03/28 14:17:47 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Streaming.dll
[2017/03/28 14:17:38 | 006,109,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mos.dll
[2017/03/28 14:17:06 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\PlayToReceiver.dll
[2017/03/28 14:16:38 | 003,198,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\cdp.dll
[2017/03/28 14:16:36 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ErrorDetails.dll
[2017/03/28 14:16:07 | 001,221,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Audio.dll
[2017/03/28 14:15:30 | 001,247,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2017/03/28 14:14:56 | 000,641,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MCRecvSrc.dll
[2017/03/28 14:14:49 | 003,520,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\xpsrchvw.exe
[2017/03/28 14:14:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Devices.dll
[2017/03/28 14:14:29 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\PlayToManager.dll
[2017/03/28 14:14:22 | 007,468,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2017/03/28 14:14:20 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Geolocation.dll
[2017/03/28 14:14:05 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\windows\HelpPane.exe
[2017/03/28 14:13:53 | 001,232,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.Maps.dll
[2017/03/28 14:13:49 | 002,138,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\InputService.dll
[2017/03/28 14:13:39 | 006,045,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Chakra.dll
[2017/03/28 14:13:22 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Speech.dll
[2017/03/28 14:13:08 | 001,656,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Perception.dll
[2017/03/28 14:12:48 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Input.Inking.dll
[2017/03/28 14:12:42 | 000,827,904 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.appcore.dll
[2017/03/28 14:12:22 | 000,691,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\TokenBroker.dll
[2017/03/28 14:12:22 | 000,598,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Web.dll
[2017/03/28 14:12:21 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\netshell.dll
[2017/03/28 14:12:20 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ShareHost.dll
[2017/03/28 14:12:17 | 000,620,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.dll
[2017/03/28 14:12:16 | 001,013,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Web.Http.dll
[2017/03/28 14:12:07 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2017/03/28 14:12:07 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MbaeApiPublic.dll
[2017/03/28 14:12:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Devices.Midi.dll
[2017/03/28 14:12:02 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
[2017/03/28 14:12:01 | 002,026,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2017/03/28 14:12:01 | 000,862,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncCore.dll
[2017/03/28 14:11:47 | 002,646,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\CertEnroll.dll
[2017/03/28 14:11:40 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.Phone.dll
[2017/03/28 14:11:22 | 002,994,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\win32kfull.sys
[2017/03/28 14:11:08 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2017/03/28 14:09:31 | 003,106,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2017/03/28 14:08:52 | 001,564,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2017/03/28 14:08:16 | 000,783,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\TSWorkspace.dll
[2017/03/28 14:08:11 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RADCUI.dll
[2017/03/28 13:48:06 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\CoreMessaging.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/04/19 14:13:17 | 000,000,214 | ---- | C] () -- C:\windows\tasks\CreateExplorerShellUnelevatedTask.job
[2017/04/19 13:28:13 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/04/19 13:14:10 | 004,089,296 | ---- | C] () -- C:\Users\panda\Desktop\AdwCleaner.exe
[2017/04/18 14:03:01 | 002,796,186 | ---- | C] () -- C:\Users\panda\Desktop\geek.zip
[2017/04/18 13:49:36 | 000,000,017 | ---- | C] () -- C:\Users\panda\AppData\Local\resmon.resmoncfg
[2017/04/17 12:29:34 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk
[2017/04/13 09:22:35 | 000,265,728 | ---- | C] () -- C:\windows\SysWow64\Windows.Perception.Stub.dll
[2017/04/13 09:21:59 | 002,048,496 | ---- | C] () -- C:\windows\SysWow64\CoreUIComponents.dll
[2017/04/05 15:08:53 | 000,019,968 | ---- | C] () -- C:\windows\SysWow64\GamePanelExternalHook.dll
[2017/02/03 16:08:48 | 000,000,010 | ---- | C] () -- C:\Users\panda\AppData\Local\sponge.last.runtime.cache
[2017/02/03 14:52:51 | 000,000,036 | ---- | C] () -- C:\Users\panda\AppData\Local\housecall.guid.cache
[2016/12/26 11:07:10 | 000,269,600 | ---- | C] () -- C:\windows\SysWow64\vulkan-1.dll
[2016/12/26 11:07:10 | 000,110,880 | ---- | C] () -- C:\windows\SysWow64\vulkaninfo.exe
[2016/12/26 11:07:02 | 000,001,375 | ---- | C] () -- C:\windows\SysWow64\tbaseprovisioning.exe.config
[2016/12/26 11:07:01 | 000,248,736 | ---- | C] () -- C:\windows\SysWow64\GameManager32.dll
[2016/12/26 11:07:01 | 000,242,080 | ---- | C] () -- C:\windows\SysWow64\hsa-thunk.dll
[2016/12/26 11:06:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2016/12/26 11:06:58 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2016/12/26 11:06:55 | 000,216,992 | ---- | C] () -- C:\windows\SysWow64\atieah32.exe
[2016/12/26 11:06:51 | 000,229,792 | ---- | C] () -- C:\windows\SysWow64\amdgfxinfo32.dll
[2016/09/10 03:25:58 | 000,269,600 | ---- | C] () -- C:\windows\SysWow64\vulkan-1-1-0-26-0.dll
[2016/09/10 03:25:28 | 000,110,880 | ---- | C] () -- C:\windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
[2016/07/29 21:38:31 | 000,952,104 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2016/07/29 21:32:23 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2016/07/16 20:47:57 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2016/07/16 20:47:57 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2016/07/16 20:43:04 | 000,055,296 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2016/07/16 20:42:55 | 000,167,640 | ---- | C] () -- C:\windows\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 20:42:53 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2016/07/16 20:42:49 | 000,304,640 | ---- | C] () -- C:\windows\SysWow64\HrtfApo.dll
[2016/07/16 20:42:48 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2016/07/16 20:42:43 | 000,002,307 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini
[2016/07/16 20:42:12 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2016/10/22 04:27:07 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2017/03/28 15:10:41 | 007,220,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2017/03/28 15:04:38 | 005,721,808 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 20:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 20:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 20:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2016/12/26 11:01:59 | 000,000,000 | -H-D | M] -- C:\hp
[2017/04/19 22:52:22 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp
[2017/04/19 13:28:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2017/02/01 11:27:25 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk
[2017/04/19 22:52:22 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp\S-1-5-21-3673358526-2580756353-2659711011-1001
[2017/04/17 12:29:32 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2016/12/26 11:06:31 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2017/04/21 09:12:19 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsApps
[2016/12/26 11:13:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel\WiFi\bin\WLANProfiles
[2017/04/17 12:26:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2016/12/26 11:24:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\PowerDVD.exe
[2016/12/26 11:24:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2017/04/17 12:26:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\14.0\Boomerang
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\Intel\Wireless\Settings
[2016/12/26 11:13:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Intel\Wireless\WLANProfiles
[2016/07/16 20:47:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2017/03/12 23:29:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\RetailDemo
[2016/07/29 21:33:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2016/07/16 20:47:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\DMProfiles
[2016/07/16 20:47:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\Roaming\Intel\Wireless\Settings
[2016/12/26 12:34:30 | 000,000,000 | -H-D | M] -- C:\Recovery\OEM\RM_RESERVE\system.sav
[2016/10/22 11:43:28 | 000,000,000 | -H-D | M] -- C:\SWSETUP\APP\Applications\HP\HPPCHardw_LL6EB2\6.2.1.0\src\system.sav
[2017/02/01 11:27:24 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV\Util
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2017-02-03-06-06-28
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2017-02-03-06-06-28
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44
[2017/02/03 15:06:28 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44\2017-02-03-06-06-28
[2017/01/31 04:52:38 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2017/04/17 12:26:34 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2016/12/26 11:24:56 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\PowerDVD.exe
[2016/12/26 11:24:56 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2017/04/17 12:26:34 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\14.0\Boomerang
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Intel\Wireless\Settings
[2016/12/26 11:13:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Intel\Wireless\WLANProfiles
[2016/07/16 20:47:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2017/03/12 23:29:14 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\RetailDemo
[2016/07/29 21:33:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2016/07/16 20:47:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\DMProfiles
[2016/07/16 20:47:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Roaming\Intel\Wireless\Settings
[2016/07/16 20:47:48 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2016/10/22 04:28:40 | 000,000,000 | -H-D | M] -- C:\Users\Default\Documents\hp.applications.package.appdata
[2016/10/22 04:28:40 | 000,000,000 | -H-D | M] -- C:\Users\Default\Documents\hp.system.package.metadata
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\Users\Default\Roaming\Intel\Wireless\Settings
[2017/01/31 04:54:25 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData
[2017/02/01 11:17:07 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData\Roaming\Intel\Wireless\Settings
[2017/02/01 11:17:07 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData\Roaming\Intel\Wireless\WLANProfiles
[2017/02/01 11:17:23 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2016/10/22 04:28:40 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\Documents\hp.applications.package.appdata
[2016/10/22 04:28:40 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\Documents\hp.system.package.metadata
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\Roaming\Intel\Wireless\Settings
[2017/02/01 11:22:57 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData
[2017/02/03 15:32:20 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2017/02/01 11:28:42 | 000,000,000 | RH-D | M] -- C:\Users\panda\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/02/03 15:31:50 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2017/02/01 11:27:21 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
[2017/02/01 11:27:21 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2017/02/01 11:27:21 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2017/04/21 12:41:46 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\Content.MSO
[2017/04/21 12:41:44 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\Content.Word.79C95927-F320-4CC2-8D3B-0C79B136D859
[2017/02/01 11:27:11 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Roaming\Intel\Wireless\Settings
[2017/02/01 11:27:11 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Roaming\Intel\Wireless\WLANProfiles
[2017/02/03 15:03:09 | 000,000,000 | -H-D | M] -- C:\Users\panda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2016/10/22 04:28:40 | 000,000,000 | -H-D | M] -- C:\Users\panda\Documents\hp.applications.package.appdata
[2016/10/22 04:28:40 | 000,000,000 | -H-D | M] -- C:\Users\panda\Documents\hp.system.package.metadata
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\Users\panda\Roaming\Intel\Wireless\Settings
[2017/04/13 16:17:14 | 000,000,000 | RH-D | M] -- C:\Users\Public\AccountPictures
[2017/04/19 13:28:13 | 000,000,000 | -H-D | M] -- C:\Users\Public\Desktop
[2016/07/16 20:47:50 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2016/12/26 11:13:10 | 000,000,000 | -H-D | M] -- C:\Users\Public\Roaming\Intel\Wireless\Settings
[2017/02/03 15:01:55 | 000,000,000 | -H-D | M] -- C:\Windows\ELAMBKUP
[2017/02/07 16:42:59 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2017/02/01 11:32:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2016/12/26 11:13:29 | 000,000,000 | -H-D | M] -- C:\windows\SysNative\WLANProfiles

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2017/04/19 14:39:08 | 000,000,214 | ---- | M] () -- C:\windows\tasks\CreateExplorerShellUnelevatedTask.job
[2017/02/03 14:16:12 | 000,000,722 | ---- | M] () -- C:\windows\tasks\DropboxUpdateTaskMachineCore.job
[2017/02/03 14:16:12 | 000,000,726 | ---- | M] () -- C:\windows\tasks\DropboxUpdateTaskMachineUA.job
[2017/04/19 22:51:05 | 000,000,364 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForpanda.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: HGST HTS545050A7E680
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 450.00GB
Starting Offset: 290455552
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 980.00MB
Starting Offset: 483483713536
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 484511318016
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
No service found with a name of AeLookupSvc
No service found with a name of Appinfo
No service found with a name of ALG
No service found with a name of BITS
No service found with a name of BFE
SRV - [2016/07/16 20:42:55 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV - [2016/07/16 20:42:46 | 000,347,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
No service found with a name of Browser
No service found with a name of CryptSvc
No service found with a name of DcomLaunch
SRV - [2016/07/16 20:42:55 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
No service found with a name of Dnscache
No service found with a name of EapHost
SRV - [2016/07/16 20:42:46 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
No service found with a name of PolicyAgent
No service found with a name of MsMpSvc
No service found with a name of NisSrv
No service found with a name of swprv
No service found with a name of MMCSS
No service found with a name of Netman
No service found with a name of netprofm
No service found with a name of NlaSvc
No service found with a name of nsi
No service found with a name of PlugPlay
No service found with a name of Spooler
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
No service found with a name of RasAuto
No service found with a name of RasMan
No service found with a name of RpcSs
No service found with a name of seclogon
No service found with a name of SamSs
No service found with a name of wscsvc
No service found with a name of LanmanServer
SRV - [2016/07/16 20:43:04 | 000,566,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
No service found with a name of Schedule
SRV - [2016/07/16 20:43:02 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
No service found with a name of Themes
No service found with a name of ProfSvc
No service found with a name of VSS
No service found with a name of AudioSrv
No service found with a name of AudioEndpointBuilder
No service found with a name of SDRSVC
No service found with a name of WinDefend
No service found with a name of EventLog
No service found with a name of MpsSvc
No service found with a name of stisvc
SRV - [2016/07/16 20:42:45 | 000,058,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
No service found with a name of Winmgmt
No service found with a name of wuauserv
No service found with a name of dot3svc
No service found with a name of Wlansvc
No service found with a name of LanmanWorkstation

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >

よろしくお願いします。

先ほどPCがスリープ状態から復帰した際に、パスワード入力より先に
「C:￥のごみ箱が壊れています。このごみ箱を空にしますか」
というダイアログが表示されました。
デスクトップのごみ箱は空だったのでいいえを選択しました。
これは何かの兆候なのか、それとも今までの私のPC操作で何かマズい事があったせいでしょうか?

作業と報告、ご苦労様です。

>「C:￥のごみ箱が壊れています。このごみ箱を空にしますか」
>というダイアログが表示されました。

はい、その件なら下記サイト様の説明をサンショウウオ↓
http://jisaku-pc.net/hddnavi/gomi.html

つまりバグったゴミ箱を一旦削除して新たなゴミ箱を作成することで正常に戻るわけですね。
この手順で掃除をしてみてください。

ですがこれでも修正できないときはまた次回レスでそのことを教えてください。

さて肝心のOTLスキャンログも見せてもらいましたが、メインのOTL.txtログはそれでいいですがもうひとつのExtra.txtログは出ませんでしたか？
一応そのログも検索して、見つかればそのログ内容も追加で見せてください。
探しても見つからないときはそのことだけ教えてくれればいいです

こんばんは。
参照ありがとうございます。新しいごみ箱できました。その後はダイアログは出てきません。

Extra.txtログありました。貼り忘れすいません。

OTL Extras logfile created on: 2017/04/21 12:54:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\panda\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.47 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 57.45% Memory free
5.72 Gb Paging File | 3.25 Gb Available in Paging File | 56.85% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.01 Gb Total Space | 410.46 Gb Free Space | 91.21% Space Free | Partition Type: NTFS
Drive D: | 14.52 Gb Total Space | 1.73 Gb Free Space | 11.93% Space Free | Partition Type: NTFS

Computer Name: LAPTOP-5RUSGJES | User Name: panda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{181360EA-584E-4F27-B872-13614D6F9BF1}" = lport=5353 | protocol=17 | dir=in | app=c:\users\panda\appdata\local\orbitum\application\orbitum.exe |
"{7770647A-63DB-42AE-942E-D2FAABF066E5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004CCA5C-2A06-43BC-9B44-8AA003875B3B}" = dir=in | name=@{microsoft.windowsstore_11701.1001.99.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{01D7A23C-91C0-4286-8987-74CD8743A305}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.187_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{04E9D1C4-F6C4-4465-9714-238589978E43}" = dir=out | name=hp jumpstart |
"{077BC66D-E6F3-46D4-B1C8-2E9A3B42AD42}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{0AF7F025-DECC-43F3-80EB-0F194F21BCA9}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{0CEE19DA-E977-4098-BE44-521AD4034645}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DDC2A42-D352-4CB3-9573-CAFF7B878155}" = dir=out | name=@{microsoft.3dbuilder_14.0.1031.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{0E45F75B-3C53-4E51-94ED-E3FC02DEF2B9}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{11464FC2-6ED8-4172-9785-8FC0EDE021BC}" = dir=out | name=microsoft solitaire collection |
"{1315EAEF-8E5A-4E6E-8C74-159F517965EF}" = dir=out | name=microsoft sticky notes |
"{13243327-040F-4376-A286-FE095CB23277}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{16A69F3B-BC82-466E-87EC-D0AD7C4D1EDF}" = dir=in | name=@{microsoft.microsoftofficehub_17.8107.7600.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{1777F26E-C723-4141-98FC-EB514A32904C}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{183516D1-20E6-4A9D-AC73-C2D28615D73E}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1703.971.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{18CC59DD-4F23-4C12-B9FE-A54091910A5C}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{1B3AA855-D2A7-445D-B44B-E40A26DC4A21}" = dir=in | name=@{microsoft.bingnews_4.20.951.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{1C8CDA66-10B8-4D59-944F-C3D26E236944}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{1CD63F61-3592-4CCD-B2B4-BBBF85859E54}" = dir=in | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{1D156AB8-DDDB-4B75-B10F-8D094E729ABC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{20370CA2-1C85-4A79-81C8-6304B0401454}" = dir=in | name=@{microsoft.zunevideo_10.17022.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{20D3A7E3-CCD6-45D0-8D99-CA5AC74EAE13}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{21D5406E-5711-4B2A-971B-F0F670EDE41B}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{25EE78D5-60F4-45AB-A2B1-84E166039B44}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1703.971.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{2976DFE4-78B6-477B-BA5A-569EDF38443A}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{36C02D7D-86E5-411C-ADCB-F697C7E9E04F}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{3A221488-47CE-49B3-8B1E-5A9FC0FE9156}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3C2FD6A6-50DF-4C6F-8F66-52D371593BC7}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{3EAC91DC-3DE4-469D-9EEE-7C0367FA3CEA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3F3E2B43-5998-416E-94D8-DC261D73ACDC}" = dir=out | name=@{microsoft.getstarted_5.0.13.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{3F4A9974-5F6B-41E3-9470-7729CD999D4C}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{3F697C5A-81FB-424B-96A4-D1D515A8D2E2}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{405B9542-E6C0-421D-A645-B78A9A7B927D}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{40EC065E-C692-4575-A27C-ACA48FD56F57}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{4151C042-D10E-437F-B86D-4CEA84796EF3}" = dir=out | name=@{microsoft.windowsmaps_5.1703.762.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{46D6B911-25B9-4EC2-AAAD-B4EE31E81B07}" = dir=out | name=@{microsoft.bingnews_4.20.951.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{479E07EA-1147-460F-B182-2E5344663FA7}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{48B1BA36-C932-4099-AD9F-BEE18B1D3BD1}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{4AF4CAE4-9D42-4E98-82BD-9EB73A1A723F}" = dir=out | name=store purchase app |
"{4C33250E-42E8-4586-BAD4-C7F2B81BC751}" = dir=in | name=microsoft solitaire collection |
"{4C9D8294-5C53-4415-986E-0800A4D6A8B6}" = dir=in | name=@{microsoft.zunemusic_10.17022.10301.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{549A9A36-BE63-4F1D-B01A-EB7095D32140}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{550862ED-A6C9-4994-BAD8-8CB2DE8E2138}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{59320D8E-B14A-4022-B885-9CCE41A074D5}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{59EC150F-90FB-4AAF-870F-DD95AB6893F6}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{5BAD8C4A-0298-48BC-8498-E5DA584145FB}" = dir=out | name=windows_ie_ac_001 |
"{5C29D3B4-9C4B-47C1-8AB5-231A3D4C14E2}" = dir=in | name=line |
"{5DB4C1B5-C81A-47E7-8485-11A978620201}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{5DE57250-C70F-4522-A49A-390FCECDE79C}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{5E283C67-F356-41B3-807A-49D28987C8D3}" = dir=out | name=onenote |
"{5E584A9A-3D9A-4B91-AA46-D9DA89766BD4}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{5E72DE54-E868-462C-BF63-3CE7B1A5FF93}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{5ECEE040-84CD-4C8B-8914-ADD8F4C5A784}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{60F12ECE-1BEC-49F6-A82C-20C3DCC75B74}" = dir=out | name=@{microsoft.zunemusic_10.17022.10301.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{6108A885-6826-4459-8E8F-60D1CFA87314}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{6113BAE9-9FC5-4701-BEAD-4AC1418D3EE3}" = dir=out | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{62709CAE-F331-4F46-86C8-5940A95F1CEB}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{650D3EFE-D66F-4F0D-AAD3-9FD63F55950D}" = dir=in | app=c:\program files\cyberlink\powerdirector14\pdr10.exe |
"{6B6F46B3-8CD0-4D51-8FE0-F2FB9D7C0B7F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd14\kernel\dms\clmsserverpdvd14.exe |
"{6B738E8F-14A8-4823-B96C-7E70FE1BABBB}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{6BC48AF0-12AE-407F-88CD-AAA4E90631B8}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{73C7F9C9-3C4E-475B-8315-7141F1F59BC7}" = dir=out | name=royal revolt 2 |
"{743C52EF-8405-48D7-9731-DA6C12621915}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{7593FDD9-D42E-40F5-BEEE-87394CD670A6}" = dir=in | name=hp jumpstart |
"{76BF63C3-E587-4493-9999-F822493F8660}" = dir=in | name=netflix |
"{7789521C-2F1C-40B7-ABA5-92130605D17C}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{77FB8156-F52C-4218-830D-E46263A64333}" = dir=out | name=netflix |
"{7BD85D1F-5E2E-4D8E-A93E-700C61F5AF1A}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{83F154C7-660E-41A3-9142-0D06928F3BF0}" = dir=in | name=royal revolt 2 |
"{85987AF4-F57B-4DFF-8D99-85A17281AACB}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{869C4A0D-AEDA-4423-B1B7-7DD2F6C3F6FE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{86E4CEAC-3348-408F-858B-50FCDCA3ACBA}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{882EEA10-B7EF-4698-9929-9A0B514EF725}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{8A0B05E8-4743-4B80-97F4-DE7491B20D24}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.187_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{8E269734-B2C6-4552-B521-FDA5F025EE4C}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{92CA088C-C498-4DCE-BF93-619DC65E6BEE}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{953C582D-ECAE-4E9A-8372-D7E53D0B301E}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.187_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{9DC569D1-DFFE-465E-A278-0128BD1683B3}" = dir=out | name=@{microsoft.windowsstore_11701.1001.99.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{9EA05042-73EB-4DBC-BC94-8E38865124A3}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{A48CE19B-BF8A-4ADB-BA5F-BC4B8815EA7D}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{A53E679A-3D12-48C4-BD3D-44D4F613A6B4}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{A5CF13D6-8B52-40AA-BD57-8B8FA3C4C5EF}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{A9902369-CB20-410C-868B-A764B49E3DED}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{AC99D2A3-EF86-49CD-B723-D9D2C605A3DD}" = dir=out | name=simple mahjong |
"{AD511A5E-7936-4ED9-BB25-B00AE692C70D}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{AF7E12E7-3971-41F9-BD32-AA2E5086E64C}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{B07614DF-9CA6-4E6F-85C7-5D00B683D059}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{B09EF392-3BCE-4548-8FEB-16E0E7981A58}" = dir=out | name=candy crush soda saga |
"{B2881622-1D38-484A-B894-36D2E12EF893}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd14\powerdvd14agent.exe |
"{B35ECDEA-3FB7-4631-BA3A-C203EC2C5454}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{B5A5BD04-E296-4C91-9058-86DDA08FBE05}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{B5A93772-C755-4B7C-B131-CCCC718D945B}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{B6B0A212-2156-47D2-A05B-329B9D8D2535}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{B8556D13-812A-43C4-850F-4ED281CA13C9}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{B8A2D6E6-A5CE-4485-B78E-E29A1A55157C}" = dir=in | name=xbox |
"{B934B830-8470-440B-A117-3708AE8C1CC0}" = dir=in | name=@{microsoft.windows.photos_17.313.10010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{B9B81858-15F5-4551-B5B9-551A4C8DB855}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{BC92D9A0-670B-4B95-8191-2DFD47F98A3F}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{C14A39BB-1DDB-4632-8247-32BBC8DBAE3C}" = dir=in | name=@{microsoft.bingweather_4.20.951.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{C18DDDF7-1814-42FD-AB9F-88B5C908044A}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{C4E3DD0E-24ED-4D3D-8796-7F7B9853A09F}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{C4FEC675-D9C9-48FD-A196-A06651D90AE8}" = dir=out | name=@{microsoft.microsoftofficehub_17.8107.7600.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{C68A9B55-B7B8-42ED-AD1B-69E4E1BE2BD6}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{C814374B-E7B0-478C-8A06-08FA9A50543E}" = dir=in | name=microsoft sticky notes |
"{CA532334-F162-4841-9F26-98F77565DB0D}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{CE481668-6202-4392-907C-245C7096D6A2}" = dir=out | name=@{microsoft.people_10.2.831.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{CFB82FF6-E1E5-43DD-A63B-F66D443AA3E9}" = protocol=58 | dir=in | app=system |
"{D0A10418-B42F-4E18-B51D-C5C5052475AC}" = dir=out | name=facebook |
"{D23C083B-F7E7-4F73-A8C6-494BC6D9A1E0}" = dir=out | name=xbox |
"{D294FA55-930E-4C47-8D7D-64B8B0266F42}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{D2E123F6-0BEB-4F21-A273-3A0B595A2225}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{D392921D-5D17-449A-BA85-E72F705AC57C}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{DA904608-3D5E-41EF-B3FB-3B4CFD47DA4F}" = dir=out | name=line |
"{DBEE9AAD-DFD5-4854-AF16-3C6CAC53C3B7}" = dir=in | name=onenote |
"{DD94B908-D52C-4C65-ADAB-485DEEF03A41}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{E0953929-EFE3-4170-B25F-99E7F1FB9DDD}" = dir=out | name=@{microsoft.windows.photos_17.313.10010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{E0F87E43-CAAF-475C-9C84-DCDB9792075E}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{E902E4C9-3A5D-4582-9F2C-A35E63D0BD44}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{E9C50316-C5D0-45F5-9CCA-1997291534A1}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{F1217A7A-5501-4395-BE53-E9FCB48DE3A8}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.1066_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{F2B2CF78-85A7-458A-9250-7516C2D12BDB}" = dir=out | name=@{microsoft.zunevideo_10.17022.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F31FC4C3-943B-4686-9378-BCD55BFBCD95}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{F7F46B13-5340-4DF2-9735-365885EF20F3}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{F99331E2-FEA2-458E-AA8E-ABCC9A29AAEB}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{F9DEBA4B-E746-418E-A334-DEACE1B41DEC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd14\movie\powerdvdmovie.exe |
"{FC858E79-695B-45CC-8B6C-6AA539BB70C1}" = dir=out | name=@{microsoft.bingweather_4.20.951.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{FCBBBA4A-BBED-4CBE-8EF7-A97F17F76E38}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{FD4D38A6-7483-4F36-BD12-CF2944E80DCB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd14\powerdvd.exe |
"TCP Query User{08ED741A-D7B2-486D-A743-2479D7D44EEF}C:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe" = protocol=6 | dir=in | app=c:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe |
"UDP Query User{C521248A-1E55-4F1D-B42C-D03CC6F199E6}C:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe" = protocol=17 | dir=in | app=c:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ED1397-7E72-4F6E-A0F0-2994A0A13421}" = HP ePrint SW
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{0867A88D-764F-366E-9E21-130DA8B472C3}" = Dropbox 25 GB
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{099DAD2B-56C5-4919-9F82-418C2A018CAE}" = HP Wireless Button Driver
"{0C5D69BD-B518-46DB-8471-506CD27F9478}" = HP Audio Switch
"{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506
"{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}" = HP System Event Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA59DB9-1994-4F17-B3DF-CF7D78C173E7}" = HP Support Solutions Framework
"{23daf363-3020-4059-b3ae-dc4ad39fed19}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
"{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}" = CyberLink Power Media Player 14
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
"{4430A5CC-0E77-4D1F-AE5B-1469BCF557C0}" = インテル(R) ワイヤレス Bluetooth(R)
"{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}" = HP ePrint SW
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{64228DFB-7450-49B7-935C-B97342CB6659}" = HP Customer Experience Enhancements
"{6468C4A5-E47E-405F-B675-A70A70983EA6}" = HP Sure Connect
"{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}" = HP Recovery Manager
"{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506
"{6BADCD73-E925-46F7-A295-FF2448632728}" = CyberLink PowerDirector 14
"{6FA09B91-5D97-45A9-95E9-50F635C98043}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{924D3ABC-FC75-4042-9DDB-FB846A45848D}" = HP PC Hardware Diagnostics UEFI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}" = HP JumpStart Bridge
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}" = OEM Application Profile
"{B90CB0DE-2E60-41C4-9857-466EB98192BF}" = HP JumpStart Launch
"{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}" = HP ePrint SW
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C0480AE4-EA43-9291-0C30-ECC0E9E0534B}" = AMD Settings
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware バージョン 1.75.0.1300

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2017/04/16 23:23:42 | Computer Name = LAPTOP-5RUSGJES | Source = Perflib | ID = 1008
Description =

Error - 2017/04/16 23:31:13 | Computer Name = LAPTOP-5RUSGJES | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = アプリーションまたはサービス 'HPWMISVC' を再起動できませんでした。

Error - 2017/04/16 23:32:03 | Computer Name = LAPTOP-5RUSGJES | Source = Perflib | ID = 1008
Description =

Error - 2017/04/16 23:32:03 | Computer Name = LAPTOP-5RUSGJES | Source = Perflib | ID = 1008
Description =

Error - 2017/04/16 23:32:03 | Computer Name = LAPTOP-5RUSGJES | Source = Perflib | ID = 1008
Description =

Error - 2017/04/16 23:32:03 | Computer Name = LAPTOP-5RUSGJES | Source = PerfNet | ID = 2004
Description =

Error - 2017/04/16 23:32:03 | Computer Name = LAPTOP-5RUSGJES | Source = Perflib | ID = 1008
Description =

Error - 2017/04/17 9:50:24 | Computer Name = LAPTOP-5RUSGJES | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: backgroundTaskHost.exe、バージョン: 10.0.14393.0、タイム
スタンプ: 0x57899bb2 障害が発生しているモジュール名: twinapi.appcore.dll、バージョン: 10.0.14393.1066、タイム
スタンプ: 0x58d9f030 例外コード: 0xc000027b 障害オフセット: 0x000000000006d1b4 障害が発生しているプロセス ID: 0xf0c
障害が発生しているアプリケーションの開始時刻:
0x01d2b780fab421f0 障害が発生しているアプリケーション パス: C:\windows\system32\backgroundTaskHost.exe
障害が発生しているモジュール
パス: C:\Windows\System32\twinapi.appcore.dll レポート ID: dda30c8d-7cc2-4452-8df7-ce685a912278
障害が発生しているパッケージの完全な名前:
Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe 障害が発生しているパッケージに関連するアプリケーション
ID: App

Error - 2017/04/17 22:34:50 | Computer Name = LAPTOP-5RUSGJES | Source = Microsoft-Windows-EFS | ID = 4401
Description = 7.488: EFS サービスは EDP ユーザーのプロビジョニングに失敗しました。エラー コード: 0x80070005。

Error - 2017/04/18 1:20:32 | Computer Name = LAPTOP-5RUSGJES | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = 暗号化サービスで、システム ライター オブジェクトで OnIdentity() の呼び出しを処理中にエラーが発生しました。 Details:
AddLegacyDriverFiles:
Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System
Error: アクセスが拒否されました。 。

[ Hewlett-Packard Events ]
Error - 2017/01/31 22:21:24 | Computer Name = LAPTOP-5RUSGJES | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: オブジェクト参照がオブジェクト インスタンスに設定されていません。 StackTrace: 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HP.SupportAssistant.Engine Name: HPSF.exe Version: 08.00.00.00
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: ja-JP
RAM:
3551 Ram Utilization: 40 TargetSite: Boolean ()

Error - 2017/01/31 22:31:58 | Computer Name = LAPTOP-5RUSGJES | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: オブジェクト参照がオブジェクト インスタンスに設定されていません。 StackTrace: 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HP.SupportAssistant.Engine Name: HPSF.exe Version: 08.00.00.00
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: ja-JP
RAM:
3551 Ram Utilization: 50 TargetSite: Boolean ()

Error - 2017/02/03 1:33:34 | Computer Name = LAPTOP-5RUSGJES | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: オブジェクト参照がオブジェクト インスタンスに設定されていません。 StackTrace: 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HP.SupportAssistant.Engine Name: HPSF.exe Version: 08.00.00.00
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: ja-JP
RAM:
3551 Ram Utilization: 60 TargetSite: Boolean ()

Error - 2017/02/03 1:57:03 | Computer Name = LAPTOP-5RUSGJES | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: オブジェクト参照がオブジェクト インスタンスに設定されていません。 StackTrace: 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HP.SupportAssistant.Engine Name: HPSF.exe Version: 08.00.00.00
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: ja-JP
RAM:
3551 Ram Utilization: 60 TargetSite: Boolean ()

Error - 2017/02/07 0:48:42 | Computer Name = LAPTOP-5RUSGJES | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: オブジェクト参照がオブジェクト インスタンスに設定されていません。 StackTrace: 場所 HP.SupportAssistant.Engine.HPSAContext.
()

場所 HP.SupportAssistant.Engine.HPSAContext.LoadHPSFConfig(Boolean forceReload)

場所 HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HP.SupportAssistant.Engine Name: HPSF.exe Version: 08.00.00.00
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: ja-JP
RAM:
3551 Ram Utilization: 60 TargetSite: Boolean ()

[ System Events ]
Error - 2017/04/13 11:59:42 | Computer Name = LAPTOP-5RUSGJES | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 19:44:11 | Computer Name = LAPTOP-5RUSGJES | Source = EventLog | ID = 6008
Description = 以前のシステム シャットダウン ( ?2017/?04/?14 1:00:13) は予期されていませんでした。

Error - 2017/04/13 19:44:23 | Computer Name = LAPTOP-5RUSGJES | Source = BugCheck | ID = 1001
Description =

Error - 2017/04/13 19:49:56 | Computer Name = LAPTOP-5RUSGJES | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 19:49:57 | Computer Name = LAPTOP-5RUSGJES | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 19:49:57 | Computer Name = LAPTOP-5RUSGJES | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 20:03:35 | Computer Name = LAPTOP-5RUSGJES | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 21:01:12 | Computer Name = LAPTOP-5RUSGJES | Source = Service Control Manager | ID = 7034
Description = AdaptiveSleepService サービスは予期せぬ原因により終了しました。このサービスの強制終了は 1 回目です。

Error - 2017/04/13 22:01:05 | Computer Name = LAPTOP-5RUSGJES | Source = DCOM | ID = 10016
Description =

Error - 2017/04/14 1:50:36 | Computer Name = LAPTOP-5RUSGJES | Source = DCOM | ID = 10016
Description =


< End of report >

よろしくお願いします。

こんばんは。
続きのExtraログも見せてもらいました。

では早速次の作業です。
今度はOTLで見えたものをOTLで掃除にかかります。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」（赤字のボタン）を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = F2 36 5F 3B E7 7D D2 01 [binary data]
IE - HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 25 00 00 00 A8 B2 63 FB A3 52 1C D1 58 39 B2 52 ED 52 50 3A 85 49 0C 89 D1 BB BE E4 E8 B6 BA FC 5E 8A CF FB 4D CA 2F 16 36 02 00 00 00 0E 00 00 00 59 39 64 44 36 48 66 32 4F 53 30 25 33 64 [binary data]
[2017/04/13 14:05:42 | 000,000,000 | ---D | C] -- C:\Users\panda\AppData\Local\Orbitum

:Files
C:\Users\panda\AppData\Local\Orbitum

:reg
"{181360EA-584E-4F27-B872-13614D6F9BF1}" = lport=5353 | protocol=17 | dir=in | app=c:\users\panda\appdata\local\orbitum\application\orbitum.exe |
"TCP Query User{08ED741A-D7B2-486D-A743-2479D7D44EEF}C:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe" = protocol=6 | dir=in | app=c:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe |
"UDP Query User{C521248A-1E55-4F1D-B42C-D03CC6F199E6}C:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe" = protocol=17 | dir=in | app=c:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe |

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

こんにちは。
作業後、様子見長くてすいません。異常なことはおきていません。
ログになります。よろしくお願いします。

ll processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-3673358526-2580756353-2659711011-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
Folder move failed. C:\Users\panda\AppData\Local\Orbitum scheduled to be moved on reboot.
========== FILES ==========
Folder move failed. C:\Users\panda\AppData\Local\Orbitum\User Data scheduled to be moved on reboot.
C:\Users\panda\AppData\Local\Orbitum folder moved successfully.
========== REGISTRY ==========
\\"{181360EA-584E-4F27-B872-13614D6F9BF1}" = lport=5353 | protocol=17 | dir=in | app|c:\users\panda\appdata\local\orbitum\application\orbitum.exe | /E :invalid edit format. No such root key.
\\"TCP Query User{08ED741A-D7B2-486D-A743-2479D7D44EEF}C:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe" = protocol=6 | dir=in | app|c:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe | /E :invalid edit format. No such root key.
\\"UDP Query User{C521248A-1E55-4F1D-B42C-D03CC6F199E6}C:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe" = protocol=17 | dir=in | app|c:\users\panda\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe | /E :invalid edit format. No such root key.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: defaultuser0
->Temp folder emptied: 74632 bytes
->Temporary Internet Files folder emptied: 588289 bytes

User: panda
->Temp folder emptied: 179000797 bytes
->Temporary Internet Files folder emptied: 12542330 bytes
->Flash cache emptied: 1540 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 232006002 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 405.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 04242017_140357

Files\Folders moved on Reboot...
File\Folder C:\Users\panda\AppData\Local\Orbitum not found!
File\Folder C:\Users\panda\AppData\Local\Orbitum\User Data not found!
C:\Users\panda\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

こんばんは
悪代官さんではありませんが、まだご覧になっていたら…
おそらく、相談者が多く見落としてしまったと思われますので
今しばらくお待ちください。

OTLの処置について、処置できているものはできています。
今は異常はないでしょうか？

あまり、ログの細部まで見るのは得意でないので
うかつな回答は避けますが、状況報告をかねて
一度HJTのログとCCのインストール情報、各タブを提示して
お待ちするのがよろしいかと思われます。

悪代官さんから指示がありましたら、その指示を優先してください。

ゆきぶねさん、フォローありがとうございます。

ぱんださん、大変レスが遅くなってすみません。
ゆきぶねさんが指摘された通り、スレを見落としたまま埋もれてしまってました。
申し訳ありません。

OTLのログも見せてもらいましたが、対象のエントリはsuccessfully（処置成功）になっているのでおおむね掃除できたはずです。

OTL処置後に何か異常出ていればそのことを教えてください。
特に異常なければ、ゆきぶねさんも案内されたようにHJTログと、CCでインストール情報ログと各タブのログを取り直してそれらをレスで見せてください。
なにか取りこぼしか、処置後に別口の感染受けてないかも含めて全体を洗い直しましょう