Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vmxclient svcmx client virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 scottl523

scottl523

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 25 May 2017 - 03:02 PM

I've tried all the guides on getting rid of this virus to no avail. How am I going to get the logs if I can't get the program to install? I just get The requested resource is in use. I've tried it in safe mode also and I get the same error message. Can you please help me? I'm also loosing most of my network speed when I use the internet from my desktop were the virus is. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by Administrator (administrator) on SCOTTSDESKTOP (25-05-2017 17:59:13)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
() C:\Windows\System32\tprdpw64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBclk.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
() C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Windows\DAODx.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SAVITECH) C:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NaturalPoint) C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Cisco) C:\Users\Administrator\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe
(ct Corp.) C:\Users\Administrator\AppData\Local\oegdoby\ct.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_29.29.24001.0_x64__8wekyb3d8bbwe\XboxApp.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [852048 2015-09-23] (Qualcomm Atheros)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-08-11] (Realtek Semiconductor)
HKLM\...\Run: [SVLoadSense] => c:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe [1762000 2015-09-21] (SAVITECH)
HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [557072 2016-08-12] ()
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2014-07-23] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [211000 2014-07-23] (Bluebeam Software, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe [394864 2012-07-30] (NaturalPoint)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxWatchTray15.exe [295112 2015-09-11] (Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [ASUS Media Streamer ShareEdit] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe [1194808 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer DMS] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe [2569528 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer WSAgent] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe [86840 2015-06-03] ()
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.12.577\ASUSWSLoader.exe [63968 2016-10-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [cpx] => "C:\Users\Administrator\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132176 2015-09-23] (Qualcomm Atheros)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [Amazon Music] => C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe [3494376 2016-12-14] ()
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe [394864 2012-07-30] (NaturalPoint)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [VideoGuardMonitor] => C:\Users\Administrator\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4809048 2015-07-08] (Disc Soft Ltd)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: F - "F:\Setup.exe" 
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: G - "G:\Setup.exe" 
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: I - "I:\setup.exe" 
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: J - "J:\Setup.exe" 
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: {37c02375-ac34-11e6-82f7-806e6f6e6963} - "D:\.\Setup.exe" 
HKU\S-1-5-18\...\Run: [Trezaa] => "C:\Program Files (x86)\Trezaa\\Trezaa.Scheduler.exe" /c
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\b9bd2f55-2196-4eee-bd47-bffa91fc74b8.rs" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\b9bd2f55-2196-4eee-bd47-bffa91fc74b8.rs" <===== ATTENTION
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5b28f3d.lnk [2016-08-10]
ShortcutTarget: 5b28f3d.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\63ddaef.lnk [2016-08-10]
ShortcutTarget: 63ddaef.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\On-Screen Keyboard.lnk [2013-12-24]
ShortcutTarget: On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-11-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * Partizan
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => http=localhost:1577;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{2fdc65f3-fe31-42a7-b223-bb0aecf05104}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{4f807caa-b8fa-4fd9-ac18-63a5fa7b84d1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76f4f927-4a7e-4e9c-8f57-fc04ed97ae43}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ce6a375d-40f6-4e4b-a9b3-b55d8dae7ada}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231882743927597&GUID=27B26C8D-7620-4838-96B0-F0A8975563CE
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131388381938894831&GUID=27B26C8D-7620-4838-96B0-F0A8975563CE
URLSearchHook: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> {A74C4F75-7F69-4486-8CCB-071025F7DCC8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-07] (Oracle Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-02-15] ()
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-07] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-02-15] ()
Toolbar: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 
Edge: 
======
Edge Session Restore: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> is enabled.
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 [2017-05-25]
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375\user.js [2017-05-25]
FF NewTab: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 -> 
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 -> 
FF Keyword.URL: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 -> 
FF Extension: (No Name) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375\extensions\gvoice@elijahclark.com.xpi [not found]
FF Extension: (Windstream Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2017-05-09] [not signed]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{94285e43-a27b-4f51-b280-00763ae7cd81}] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\{94285e43-a27b-4f51-b280-00763ae7cd81}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\WINDOWS\SysWoW64\npDeployJava1.dll [2016-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\npMotive.dll [2015-09-04] (Windstream Communications)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=3 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=9 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @talk.google.com/GoogleTalkPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @talk.google.com/O1DPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-08-24] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-25] (Octoshape ApS)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-01-03]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-05-25]
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-25]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-25]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-25]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-25]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-25]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <===== ATTENTION
 
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [495816 2015-06-10] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-06-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-06-05] (ASUSTeK Computer Inc.)
R2 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [47280 2016-07-16] (Microsoft Corporation)
R2 ASUS LED Control Service; C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe [295352 2015-11-02] (TODO: <Company name>)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe [2394072 2016-10-11] (ASUSTeK Computer Inc.)
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [346424 2015-04-10] (ASUSTeK)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows ® Win 7 DDK provider)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [23240 2015-09-10] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-22] (Creative Technology Ltd) [File not signed]
R2 Dataup; C:\Users\Administrator\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1281368 2015-07-08] (Disc Soft Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2017-02-24] (Foxit Software Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-06-10] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1317104 2016-12-25] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe [810696 2015-09-10] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxMediaDB15.exe [1097928 2015-09-11] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxWatch15.exe [342216 2015-09-11] (Corel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Administrator\AppData\Local\oegdoby\ct.exe [651776 2017-05-04] (ct Corp.) [File not signed] <==== ATTENTION
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-21] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28600 2015-08-28] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 asstor64; C:\WINDOWS\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\WINDOWS\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [78488 2015-09-23] (Qualcomm Atheros)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2016-12-13] (Disc Soft Ltd)
S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [530416 2015-06-17] (Intel Corporation)
R0 FNETHYRAMAS; C:\WINDOWS\System32\drivers\FNETHYRAMAS.SYS [53848 2016-12-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [16648 2016-12-10] (FNet Co., Ltd.)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-21] (Intel Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2016-07-12] (ASUSTeK Computer Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 MpKsl9f340931; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FC788B3-E464-4631-8821-AE00EBCB0CB5}\MpKsl9f340931.sys [44928 2017-05-25] (Microsoft Corporation)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NFC_Driver; C:\WINDOWS\System32\drivers\NFC_Driver.sys [48336 2015-04-10] (Titan ARC Corp.)
R3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2012-07-10] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-05-01] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-05-25] (Greatis Software)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2356184 2015-09-22] (Qualcomm Atheros, Inc.)
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [37032 2016-01-11] (Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [28840 2016-01-11] (Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [36520 2016-01-11] (Corel Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 SvThLSNS; c:\Program Files (x86)\SAVITECH\SVLoadSense\x64\SvThLSNS.sys [15184 2015-09-21] (Windows ® Win 7 DDK provider)
S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R5 drmkpro64;  <===== ATTENTION: Locked Service
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 17:59 - 2017-05-25 17:59 - 00048316 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-05-25 17:58 - 2017-05-25 17:59 - 00000000 ____D C:\FRST
2017-05-25 17:58 - 2017-05-25 17:58 - 02429952 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-05-25 15:16 - 2017-05-25 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk 10
2017-05-25 14:57 - 2017-05-25 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\llssoft
2017-05-25 14:52 - 2017-05-25 17:52 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-25 14:52 - 2017-05-25 14:52 - 00000000 ___HD C:\OneDriveTemp
2017-05-25 14:51 - 2017-05-25 14:51 - 00003202 _____ C:\WINDOWS\System32\Tasks\SS2svc64Run
2017-05-25 14:51 - 2017-05-25 14:51 - 00003194 _____ C:\WINDOWS\System32\Tasks\SS2svc32Run
2017-05-25 14:51 - 2017-05-25 14:51 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-05-25 14:50 - 2017-05-25 14:50 - 00000780 _____ C:\ProgramData\SharedProperties.xml
2017-05-25 13:00 - 2017-05-25 14:50 - 00000254 _____ C:\WINDOWS\SysWOW64\PARTIZAL.EXE
2017-05-25 12:58 - 2017-05-25 14:46 - 00000000 ____D C:\@RestoreQuarantine
2017-05-25 12:46 - 2017-05-25 14:48 - 00023173 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
2017-05-25 12:36 - 2017-05-25 12:36 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-05-25 12:36 - 2017-05-25 12:36 - 00000000 ____D C:\ProgramData\RegRun
2017-05-25 12:35 - 2017-05-25 17:15 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2017-05-25 12:35 - 2017-05-25 17:14 - 00000000 ____D C:\Users\Administrator\Documents\RegRun2
2017-05-25 12:35 - 2017-05-25 12:35 - 00003432 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2017-05-25 12:35 - 2017-05-25 12:35 - 00001076 _____ C:\Users\Administrator\Desktop\UnHackMe.lnk
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-05-25 12:35 - 2017-05-25 12:35 - 00000000 ____D C:\Users\Administrator\Downloads\unhackme
2017-05-25 12:35 - 2017-05-25 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-05-25 12:35 - 2017-05-25 12:35 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-05-25 12:35 - 2017-05-25 12:16 - 00014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2017-05-25 12:35 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2017-05-25 11:46 - 2017-05-25 11:51 - 18778928 _____ C:\Users\Administrator\Downloads\unhackme.zip
2017-05-24 17:49 - 2017-05-24 17:49 - 00542140 _____ C:\WINDOWS\Minidump\052417-8984-01.dmp
2017-05-24 17:33 - 2017-05-24 17:35 - 63364552 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976 (1).exe
2017-05-24 17:24 - 2017-05-24 17:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe
2017-05-24 15:20 - 2017-05-24 15:31 - 18357776 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\MediaCreationTool.exe
2017-05-24 15:19 - 2017-05-24 15:20 - 06385872 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows10Upgrade9252.exe
2017-05-24 15:00 - 2017-05-24 15:08 - 63364552 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\explorer.exe.exe
2017-05-24 14:59 - 2017-05-24 14:59 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-24 14:39 - 2017-05-24 14:39 - 00089088 _____ C:\Users\Administrator\Downloads\Georgia 2017 - ED LOWE  05-23-2017.pdf
2017-05-23 16:26 - 2017-05-23 16:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\iExplore.exe
2017-05-23 15:44 - 2017-05-23 15:49 - 00000000 ____D C:\Users\Administrator\Downloads\Acumen Application
2017-05-22 19:31 - 2017-05-22 19:34 - 11023528 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro.exe
2017-05-22 19:30 - 2017-05-22 19:30 - 04110280 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2017-05-22 19:29 - 2017-05-22 19:29 - 05766464 _____ (Zemana Ltd. ) C:\Users\Administrator\Downloads\eXplorer.exe
2017-05-22 19:19 - 2017-05-22 19:19 - 17091360 _____ (IObit) C:\Users\Administrator\Downloads\iobituninstaller-pro.exe
2017-05-22 19:11 - 2017-05-25 12:46 - 00000000 ____D C:\Program Files (x86)\Total Uninstaller
2017-05-22 19:11 - 2017-05-22 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstaller
2017-05-22 19:09 - 2017-05-22 19:11 - 02284872 _____ (Total Uninstaller, Inc. ) C:\Users\Administrator\Downloads\TotalUninstaller_Setup.exe
2017-05-22 17:37 - 2017-05-22 17:44 - 05103792 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2017-05-22 17:21 - 2017-05-22 17:23 - 07986864 _____ ( ) C:\Users\Administrator\Downloads\AVG_Remover.exe
2017-05-21 10:54 - 2017-05-24 17:49 - 3725887019 _____ C:\WINDOWS\MEMORY.DMP
2017-05-21 10:54 - 2017-05-21 10:54 - 00553852 _____ C:\WINDOWS\Minidump\052117-7859-01.dmp
2017-05-19 17:13 - 2017-05-22 19:00 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-05-19 17:13 - 2017-05-19 17:13 - 00001076 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2017-05-19 17:13 - 2017-05-19 17:13 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2017-05-19 17:13 - 2017-05-19 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-05-19 17:12 - 2017-05-19 17:13 - 03086696 _____ C:\Users\Administrator\Downloads\instspeedfan452.exe
2017-05-19 16:04 - 2017-05-19 16:04 - 00545852 _____ C:\WINDOWS\Minidump\051917-7812-01.dmp
2017-05-19 12:43 - 2017-05-19 12:43 - 00545644 _____ C:\WINDOWS\Minidump\051917-7718-01.dmp
2017-05-18 14:35 - 2017-05-18 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-18 14:35 - 2017-05-01 16:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-18 14:35 - 2017-03-10 17:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-18 14:35 - 2017-03-10 17:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-18 14:35 - 2017-03-10 17:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-18 14:35 - 2017-03-10 17:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-18 14:33 - 2017-05-01 18:38 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 35388864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 35281528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 28623480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 11024384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 10547440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 09245744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 09014792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 08805232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 04092088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03792320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03607464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03247736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01988032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01276128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01054144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00991168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00960960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00911992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00821184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00776048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00651200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-05-18 14:33 - 2017-05-01 18:38 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-18 14:29 - 2017-05-18 14:29 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-03 16:21 - 01893496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 01477240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-05-13 16:00 - 2017-05-13 16:00 - 00540244 _____ C:\WINDOWS\Minidump\051317-7921-01.dmp
2017-05-13 15:58 - 2017-05-13 15:58 - 00545852 _____ C:\WINDOWS\Minidump\051317-7984-01.dmp
2017-05-12 19:48 - 2017-05-12 19:48 - 06053013 _____ C:\Users\Administrator\Downloads\2015-Transit-Owners-Manual-version-3_om_EN-US_10_2014.pdf
2017-05-11 11:41 - 2017-05-11 11:41 - 00611540 _____ C:\WINDOWS\Minidump\051117-11968-01.dmp
2017-05-10 16:46 - 2017-05-10 16:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\UNP
2017-05-10 16:22 - 2017-05-10 16:22 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-10 15:38 - 2017-05-10 15:38 - 14012816 _____ C:\Users\Administrator\Downloads\DIR-885L-R_REVA_MANUAL_1.00_EN_US.PDF
2017-05-10 13:00 - 2017-05-10 13:01 - 00000000 ____D C:\Program Files\UNP
2017-05-10 13:00 - 2017-05-10 13:00 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-09 20:53 - 2017-05-09 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windstream
2017-05-09 20:53 - 2017-05-09 20:53 - 00000000 ____D C:\Program Files\Windstream Support Center
2017-05-09 20:52 - 2017-05-25 10:59 - 00000000 ____D C:\Program Files (x86)\Windstream Support Center
2017-05-09 20:52 - 2017-05-09 20:52 - 00003328 _____ C:\WINDOWS\System32\Tasks\IHUninstallTrackingTASK
2017-05-09 20:52 - 2017-05-09 20:52 - 00003314 _____ C:\WINDOWS\System32\Tasks\IHSelfDeleteTASK
2017-05-09 18:14 - 2017-04-28 20:59 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-09 18:14 - 2017-04-28 20:59 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 17:16 - 2017-05-22 17:35 - 00001291 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-05-09 17:00 - 2017-05-25 14:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\ntuserlitelist
2017-05-09 17:00 - 2017-05-10 14:47 - 00006610 _____ C:\WINDOWS\TEMPcoral.vbs
2017-05-09 16:55 - 2017-05-09 16:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\oegdoby
2017-05-09 16:54 - 2017-05-09 16:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\c
2017-05-09 16:54 - 2017-05-09 16:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\cjksuosz
2017-05-09 16:53 - 2017-05-09 16:53 - 00000062 _____ C:\WINDOWS\WeatherBuddy.INI
2017-05-09 16:52 - 2017-05-09 16:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-05-09 16:48 - 2017-05-09 16:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AGData
2017-05-09 16:47 - 2017-05-09 16:56 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-05-09 10:59 - 2017-05-09 10:59 - 01548288 _____ C:\WINDOWS\baee17b245f0cc69f0cde0a5451eca68.exe
2017-05-09 10:59 - 2017-05-09 10:59 - 00051619 _____ C:\WINDOWS\uninstaller.dat
2017-05-04 18:41 - 2017-05-04 18:41 - 01892937 _____ C:\Users\Administrator\Documents\Ferris Operators Manual.pdf
2017-05-04 18:39 - 2017-05-04 18:40 - 02002024 _____ C:\Users\Administrator\Downloads\heCyEN8goF4rE7CWn59bp796Dq.PDF
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N C:\WINDOWS\system32\tprdpw64.exe
2017-05-01 14:56 - 2017-05-01 14:56 - 02474920 _____ C:\Users\Administrator\Downloads\hppiw.exe
2017-04-29 15:49 - 2017-04-29 15:49 - 00000000 ____D C:\WINDOWS\system32\ihvmanager
2017-04-29 15:49 - 2017-04-29 15:49 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-04-29 14:29 - 2017-04-29 14:33 - 00002584 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-04-29 14:29 - 2017-04-29 14:29 - 00001255 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.7.2.lnk
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-04-29 14:29 - 2016-10-18 17:14 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2017-04-28 14:58 - 2017-05-25 10:54 - 00000000 ____D C:\WINDOWS\pss
2017-04-25 15:36 - 2015-06-17 21:54 - 00003130 _____ C:\WINDOWS\system32\e1d65x64.din
2017-04-25 15:36 - 2015-06-17 21:38 - 00530416 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1d65x64.sys
2017-04-25 15:36 - 2015-06-16 13:28 - 00090608 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstD.dll
2017-04-25 15:36 - 2015-05-07 03:31 - 00404752 ____R (Intel Corporation) C:\WINDOWS\system32\PROUnstl.exe
2017-04-25 15:36 - 2015-05-07 03:17 - 00001904 ____N C:\WINDOWS\system32\SetupBD.din
2017-04-25 15:36 - 2015-04-01 16:46 - 00075288 _____ (Intel Corporation) C:\WINDOWS\system32\e1dmsg.dll
2017-04-25 15:36 - 2014-04-18 01:17 - 00125728 _____ (Intel Corporation) C:\WINDOWS\system32\NicCo4.dll
2017-04-25 12:34 - 2017-04-25 12:34 - 00001774 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2017-04-25 12:34 - 2017-04-25 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2017-04-25 12:34 - 2017-04-25 12:34 - 00000000 ____D C:\Program Files\DAEMON Tools Pro
2017-04-25 12:33 - 2017-04-25 12:34 - 00000163 _____ C:\WINDOWS\ASUS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 17:29 - 2016-09-27 19:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-25 17:03 - 2016-06-01 04:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-05-25 15:16 - 2016-10-10 16:08 - 00000000 ____D C:\Program Files\LSoft Technologies
2017-05-25 15:07 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-25 15:07 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-25 15:07 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-25 14:57 - 2016-09-27 19:06 - 04212608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-25 14:52 - 2016-09-28 13:12 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-05-25 14:51 - 2016-06-01 04:57 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2017-05-25 14:50 - 2016-12-23 17:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-25 14:50 - 2016-09-27 19:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-25 14:50 - 2014-01-22 16:46 - 00000000 ____D C:\ProgramData\TEMP
2017-05-25 14:49 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-25 13:16 - 2014-11-17 20:20 - 00000683 _____ C:\ProgramData\EventStore.xml
2017-05-25 13:16 - 2014-11-17 20:20 - 00000545 _____ C:\ProgramData\CampaignStore.xml
2017-05-25 13:16 - 2014-11-17 20:20 - 00000424 _____ C:\ProgramData\SoftwareVersionStore.xml
2017-05-25 13:16 - 2014-11-17 20:20 - 00000150 _____ C:\ProgramData\SubscriberStatusStore.json
2017-05-25 13:16 - 2014-11-17 16:31 - 00000619 _____ C:\ProgramData\SubscriptionStore.xml
2017-05-25 13:16 - 2014-11-17 16:31 - 00000583 _____ C:\ProgramData\UpgradeStore.xml
2017-05-25 13:16 - 2014-11-17 16:31 - 00000412 _____ C:\ProgramData\ConfigurationStore.xml
2017-05-25 13:16 - 2014-11-17 16:31 - 00000408 _____ C:\ProgramData\FulfillmentStateMachineStores.xml
2017-05-25 13:16 - 2014-11-17 16:31 - 00000066 _____ C:\ProgramData\AaaAuthorizationStore.json
2017-05-25 12:49 - 2016-09-27 19:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-05-25 12:48 - 2016-12-10 17:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-05-25 12:46 - 2016-09-27 19:06 - 00000000 ____D C:\Users\Administrator
2017-05-25 12:45 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2017-05-25 12:44 - 2011-03-27 17:20 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-05-25 10:53 - 2016-12-17 15:10 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-05-24 17:49 - 2016-12-12 20:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-24 16:18 - 2014-07-03 17:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-05-24 14:59 - 2016-09-27 23:04 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-24 13:44 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-23 16:03 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-23 15:25 - 2009-07-13 22:34 - 00000782 _____ C:\WINDOWS\win.ini
2017-05-22 17:33 - 2013-12-28 15:34 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 17:33 - 2013-12-28 15:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-22 17:23 - 2015-12-22 18:33 - 00000000 ____D C:\Program Files (x86)\GeoComply
2017-05-22 16:43 - 2016-12-21 17:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-22 16:43 - 2013-12-23 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-22 15:05 - 2016-12-23 17:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-05-21 19:38 - 2016-06-26 06:52 - 00000000 ____D C:\Users\Administrator\Documents\The Witcher 3
2017-05-19 16:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-18 14:41 - 2013-12-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-05-18 14:41 - 2013-12-23 17:04 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-05-18 14:41 - 2011-03-27 16:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-18 14:35 - 2016-12-23 17:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-18 14:35 - 2016-12-23 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-18 14:35 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-18 14:35 - 2016-06-01 04:45 - 00000000 ____D C:\Temp
2017-05-18 14:29 - 2016-12-24 17:00 - 00001527 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-18 14:29 - 2016-12-23 17:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-18 14:29 - 2016-12-23 17:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-15 15:28 - 2014-01-02 17:24 - 00013154 _____ C:\Users\Administrator\Documents\Copy of Check list-1.xlsx
2017-05-13 17:13 - 2015-12-21 18:38 - 00016765 _____ C:\Users\Administrator\AppData\Roaming\quadstick_settings.repr
2017-05-11 16:56 - 2016-08-01 19:12 - 00000000 ____D C:\Program Files (x86)\SetupODM
2017-05-11 16:56 - 2016-08-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2017-05-10 19:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-10 19:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-10 16:22 - 2017-04-21 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-10 15:10 - 2016-09-28 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-05-09 20:52 - 2014-07-01 17:04 - 00000000 ____D C:\Program Files (x86)\Windstream
2017-05-09 17:02 - 2015-07-16 16:11 - 00000000 ____D C:\Users\Administrator\Documents\RC Car Stuff
2017-05-09 16:57 - 2016-12-17 15:28 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-09 16:57 - 2016-12-17 15:28 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-08 18:01 - 2013-12-28 17:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\tixati
2017-05-06 23:03 - 2016-06-08 03:29 - 00000000 ____D C:\ProgramData\ProductData
2017-05-06 22:45 - 2016-06-14 10:45 - 01134592 _____ C:\ProgramData\TrezaaSetupx30044.msi
2017-05-04 17:28 - 2015-05-27 15:43 - 02723221 _____ C:\Users\Administrator\Documents\Ferris Parts Manual.pdf
2017-05-03 16:21 - 2016-12-24 17:00 - 01755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-05-03 16:21 - 2016-12-24 17:00 - 01317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-05-03 16:21 - 2016-12-24 17:00 - 00121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-05-03 15:28 - 2016-12-24 17:00 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-05-01 16:52 - 2016-12-23 17:27 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-05-01 16:51 - 2016-12-23 17:27 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-01 16:13 - 2016-12-08 18:03 - 00000000 __SHD C:\Users\Administrator\80BhjWWuhFVb7qpi
2017-05-01 16:13 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-05-01 14:59 - 2013-12-31 17:11 - 00000000 ____D C:\Users\Administrator\Documents\My Scans
2017-04-29 19:44 - 2016-12-17 15:27 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 19:44 - 2016-09-27 19:11 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 17:57 - 2016-09-27 19:11 - 00003692 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500UA
2017-04-29 17:57 - 2016-09-27 19:11 - 00003424 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500Core
2017-04-29 15:50 - 2016-06-01 04:44 - 00000995 _____ C:\WINDOWS\Ascd_ProcessLog.ini
2017-04-29 15:48 - 2013-12-23 01:55 - 00055481 _____ C:\WINDOWS\Ascd_tmp.ini
2017-04-29 15:29 - 2016-01-12 17:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\AvgSetupLog
2017-04-29 15:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-29 15:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-29 14:29 - 2016-09-27 19:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-29 14:29 - 2016-06-01 04:45 - 00000000 ____D C:\Program Files\Intel
2017-04-29 14:29 - 2013-12-27 14:05 - 00000000 ____D C:\ProgramData\Intel
2017-04-25 17:11 - 2016-12-23 17:27 - 07944687 _____ C:\WINDOWS\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2014-05-29 13:32 - 2014-05-29 14:25 - 0000097 _____ () C:\Users\Administrator\AppData\Roaming\LauncherSettings_live.cfg
2014-01-22 16:41 - 2014-01-22 16:56 - 0068749 _____ () C:\Users\Administrator\AppData\Roaming\LiveSupport.exe_log.txt
2015-12-21 18:38 - 2017-05-13 17:13 - 0016765 _____ () C:\Users\Administrator\AppData\Roaming\quadstick_settings.repr
2014-01-22 16:41 - 2014-01-22 16:56 - 0000092 _____ () C:\Users\Administrator\AppData\Roaming\regsvr32.exe_log.txt
2014-02-20 18:18 - 2015-07-04 13:18 - 0000215 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2017-03-18 20:26 - 2017-03-18 20:26 - 0006419 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2016-12-21 19:47 - 2016-12-21 20:24 - 82116608 _____ () C:\Users\Administrator\AppData\Local\rx_image32.Cache
2014-11-17 16:31 - 2017-05-25 13:16 - 0000066 _____ () C:\ProgramData\AaaAuthorizationStore.json
2014-11-17 20:20 - 2017-05-25 13:16 - 0000545 _____ () C:\ProgramData\CampaignStore.xml
2014-11-17 16:31 - 2017-05-25 13:16 - 0000412 _____ () C:\ProgramData\ConfigurationStore.xml
2014-11-17 20:20 - 2017-05-25 13:16 - 0000683 _____ () C:\ProgramData\EventStore.xml
2014-11-17 16:31 - 2017-05-25 13:16 - 0000408 _____ () C:\ProgramData\FulfillmentStateMachineStores.xml
2017-01-04 17:24 - 2017-03-18 20:41 - 0012890 _____ () C:\ProgramData\hpzinstall.log
2017-01-04 17:28 - 2017-01-09 16:06 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-04 14:55 - 2017-01-04 17:27 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2015-09-22 06:40 - 2015-09-22 06:40 - 0002457 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2017-05-25 14:50 - 2017-05-25 14:50 - 0000780 _____ () C:\ProgramData\SharedProperties.xml
2014-11-17 20:20 - 2017-05-25 13:16 - 0000424 _____ () C:\ProgramData\SoftwareVersionStore.xml
2014-11-17 20:20 - 2017-05-25 13:16 - 0000150 _____ () C:\ProgramData\SubscriberStatusStore.json
2014-11-17 16:31 - 2017-05-25 13:16 - 0000619 _____ () C:\ProgramData\SubscriptionStore.xml
2016-06-14 10:45 - 2017-05-06 22:45 - 1134592 _____ () C:\ProgramData\TrezaaSetupx30044.msi
2014-11-17 16:31 - 2017-05-25 13:16 - 0000583 _____ () C:\ProgramData\UpgradeStore.xml
 
Some files in TEMP:
====================
2017-03-20 16:01 - 2017-03-20 16:01 - 0011264 _____ ( ) C:\Users\Administrator\AppData\Local\Temp\3wjlapnv.dll
2017-05-09 20:51 - 2013-10-22 12:57 - 0744960 _____ (Alcatel-Lucent) C:\Users\Administrator\AppData\Local\Temp\IHUC210.tmp.exe
2017-05-09 20:51 - 2013-10-22 16:15 - 0744960 _____ (Alcatel-Lucent) C:\Users\Administrator\AppData\Local\Temp\IHUC57B.tmp.exe
2017-01-24 17:18 - 2017-01-20 10:07 - 0757240 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
2017-04-10 16:32 - 2017-03-31 21:36 - 0868152 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-14 19:15 - 2017-03-31 21:36 - 0369208 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2017-05-22 19:00 - 2017-05-22 19:00 - 0192512 _____ () C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 13:56 - 2015-02-10 13:56 - 0105984 _____ () C:\Users\Administrator\AppData\Local\Temp\sfextra.dll
2017-03-18 19:33 - 2017-01-18 09:16 - 0133808 _____ (mIRC Co. Ltd.) C:\Users\Administrator\AppData\Local\Temp\uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-18 12:34
 
==================== End of FRST.txt ============================

Edited by scottl523, 25 May 2017 - 05:21 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 25 May 2017 - 05:26 PM

Sorry couldn't find where to attach under edit.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Administrator (25-05-2017 18:20:37)
Running from C:\Users\Administrator\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-28 17:10:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1629833701-3699544217-3734216812-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1629833701-3699544217-3734216812-503 - Limited - Disabled)
Guest (S-1-5-21-1629833701-3699544217-3734216812-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (Version: 7.1 - Intel) Hidden
. . . (x32 Version: 2.7.2.4 - Intel) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.15 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0915-000001000000}) (Version: 9.15.00.0 - Igor Pavlov)
Active@ KillDisk 10 (HKLM\...\{6A633DB7-06E4-4EF1-8FD1-7F8812C590AD}_is1) (Version: 10 - LSoft Technologies Inc)
Active@ KillDisk Professional 10 (HKLM\...\{C932B116-1A14-400B-B0E3-81A86905FF25}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.28 - ASUSTeK Computer Inc.)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Amazon Music (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Amazon Amazon Music) (Version: 5.3.2.1634 - Amazon Services LLC)
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Verifier x64 External Package (Version: 10.1.14393.33 - Microsoft) Hidden
Ares (HKLM-x32\...\Ares) (Version: 2.4.2-Build#3066 - AresGalaxy)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
ASUS HomeCloud Launcher (HKLM-x32\...\4ff11ffb-5880-4338-90e0-1502e835b184) (Version: 1.01.04 - ASUSTeK Computer Inc.)
ASUS Lighting Control (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.01.02 - ASUSTeK Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.30 - ASUSTeK Computer Inc.)
Asus Sonic Suite Plugins (HKLM-x32\...\{c5017606-8bde-4f85-94f4-ba61dcf59860}) (Version: 2.2.2801 - ASUSTeKcomputer.Inc)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BbeXtreme (x32 Version: 12.5.0 - Bluebeam Software) Hidden
Bluebeam Revu x64 12 (HKLM-x32\...\InstallShield_{8F81B206-1111-4EFA-8431-42BB992C5D76}) (Version: 12.5.0 - Bluebeam Software)
Bluebeam Revu x64 12 (Version: 12.5.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C510 (x32 Version: 140.0.344.000 - Hewlett-Packard) Hidden
CheckDevicesConfigurator (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Contents (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation)
CPUID ROG CPU-Z 1.73 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.73 - CPUID, Inc.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0486 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DIRECTV Player (HKLM-x32\...\{33a5f796-fbe8-4ef4-b95d-94e9c3c6efbd}) (Version: 12.0 - DIRECTV)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version:  - id Software)
Dragger32 (HKLM-x32\...\Dragger32) (Version:  - )
Dropbox (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EasyBCD 2.0 (HKLM-x32\...\EasyBCD) (Version: 2.0 - NeoSmart Technologies)
Fallout 4 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0080}) (Version: 6.0 - Black Box)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.4.2.0 - GIANTS Software)
FileZilla Client 3.3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.5.1 - )
FMW 1 (Version: 1.192.3 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{4A0F12EE-FA84-11E6-8204-000C29FC3B44}) (Version: 8.2.1.6871 - Foxit Software Inc.)
GeoComply Autoupdate (x32 Version: 1.0.0.0 - GeoComply) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
G'zOne Commando 4G LTE USB Driver (HKLM-x32\...\{99E1CC2D-EB4F-498B-B6ED-492654677E7E}) (Version: 5.30.17.1 - NEC CASIO Mobile Communications, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.6.14.19 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HyStream (HKLM-x32\...\{C84C5C3A-6D85-4741-9F9D-03A9084CD2E5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
ICA (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Infinite HD™ App (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
Intel® USB 3.1 Device Driver (HKLM\...\{7DFE2F7E-3154-45D6-A468-4725DE033AC8}) (Version: 15.2.30.250 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
IPM_VS_Pro (x32 Version: 1.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Kits Configuration Installer (x32 Version: 10.1.14393.33 - Microsoft) Hidden
K-Lite Mega Codec Pack 10.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
LauncherSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.10.3 - Marvell)
Media Streamer (HKLM-x32\...\{B457E718-00CA-45C8-9F75-45D66F8DAFF6}) (Version: 3.00.15 - ASUSTeK Computer Inc.)
MediaWidget 7.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
MemTweakIt (HKLM-x32\...\{E51AAC3A-D66D-4912-B883-DAFBA249D10F}) (Version: 2.02.22 - ASUSTeK Computer Inc.)
Microangelo On Display (x64) (HKLM\...\{344A17D9-DE25-4E77-B089-E7F0A0AF2AE7}) (Version: 6.10.70 - Impact Software)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 53.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0.3 (x64 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
MSI Development Tools (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NahimicSettingsConfigurator (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
NatLink version 4.1mike (including Vocola 2.8.1I+ and Unimacro) (HKLM-x32\...\NatLink_is1) (Version:  - )
NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NetRadio (HKLM-x32\...\OnlineRadio) (Version: 3.0.0 - NetRadio)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nitro Pro 10 (HKLM\...\{C78478E6-8206-470E-B843-0204995371C6}) (Version: 10.5.1.17 - Nitro)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.101.26.0 - Overwolf Ltd.)
Perl (x64) (HKLM\...\{13088604-3B4D-4C5A-AE0F-6DE82273F1C4}) (Version: 5.20.0 - HexChat)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Player Location Check (HKLM-x32\...\{1E9707E3-86E8-4D1F-A7FB-7D0EEBA1863D}) (Version: 3.0.2.10 - GeoComply)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.0.2.10,3.0.4.3 - GeoComply)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
ProductDaemonSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Python 2.7 pywin32-219 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
QuadStick (HKLM-x32\...\QuadStick) (Version: 2.01 - QuadStick)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.0097 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 4.0.0.601 - Qualcomm Atheros Communications)
Quantum Break (HKLM-x32\...\Quantum Break_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7904 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.32 - ASUSTeK Computer Inc.)
ROG RAMDisk (HKLM-x32\...\{DE8C1883-4F14-40DF-8C8C-376157ADF5A3}) (Version: 2.02.06 - ASUSTeK Computer Inc.)
ROGRAMCACHE (HKLM-x32\...\ROGRAMCACHE) (Version: 3.01.06 - ASUSTeKcomputer Inc)
Roxio Creator NXT 4 (HKLM-x32\...\{7E0B6CC0-B46F-4145-B0BF-026659C6B095}) (Version: 17.0.70.2 - Roxio)
Roxio MyDVD (HKLM-x32\...\{A27A9721-C0D9-483C-87D3-78988A72EDB1}) (Version: 1.0 - Roxio)
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SDK Debuggers (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Share (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SmartNAV (HKLM-x32\...\{00126F77-7EFC-472D-AD35-C6BD971582AA}) (Version:  - )
SmartNav (HKLM-x32\...\{519e374d-b0ee-4c2c-a630-4e940c11e55b}) (Version: 3.20.037 - NaturalPoint)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Sniper Elite 3 (HKLM-x32\...\Sniper Elite 3_is1) (Version:  - )
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SonicRadarSetup (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Sound Blaster X-Fi MB (HKLM-x32\...\{818690C7-8DA5-4623-BBA8-A73CFBD44077}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spintires (HKLM-x32\...\Spintires_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SVLoadSense (HKLM-x32\...\{C4226734-F925-448C-8F15-0D5419F003DF}) (Version: 1.0.12 - SAVITECH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\{EAABE756-8A47-440F-AAC7-2F6BFF589169}) (Version: 6.0 - Black Box)
The Witcher 3 Wild Hunt version 1.0.0 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: 1.0.0 - Bandai Namco)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version:  - Ubisoft)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Total Uninstaller version 3.1.9.60 (HKLM-x32\...\{A32F00F2-F342-4B23-A74B-D83B881D980B}_is1) (Version: 3.1.9.60 - Total Uninstaller, Inc.)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.18 - )
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UnHackMe 8.90 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Universal CRT Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSClassic (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
VSPro (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.12.577 - ASUS Cloud Corporation)
WinAppDeploy (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
Windstream Broadband Check-up Center (HKLM-x32\...\Windstream_BCUC) (Version:  - )
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Support Center (HKLM-x32\...\Windstream-Windstream Support Center) (Version: 9.0.1.51 - Windstream Communications)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Wondershare Video Converter Ultimate 8.8.0.3 (HKLM-x32\...\Wondershare Video Converter Ultimate 8.8.0.3) (Version: 8.8.0.3 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)
WPT Redistributables (x32 Version: 10.1.14393.33 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.14393.33 - Microsoft) Hidden
wxPython 2.8.12.1 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.1-ansi - Total Control Software)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)
XTUPackage (HKLM-x32\...\{84D11A20-6E7F-4FBB-A2FB-117FCF871040}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)
XTUPackageWin7 (HKLM-x32\...\{9B03AE9C-B3E5-46CB-837E-454BDB5D4F3E}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 4\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0B18FAE7-35CE-4D82-92AD-12EF54116E93} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2015-08-31] ()
Task: {0E582723-83A6-456C-B9D5-0E871CE9F840} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {12516ECF-053A-495B-BDA9-41E524D7FACF} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2016-11-02] ()
Task: {17CF18CE-A0A5-40B6-8107-E840D1BD4267} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\ADMINI~1\AppData\Local\Temp\IHUAD8A.tmp.exe <==== ATTENTION
Task: {1AA4C504-FA6A-4D5E-B5FD-52FF19CE95DD} - System32\Tasks\Google Update => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1AF97690-19E5-4C7E-A4DD-E3B7D60263B0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {1D72E4BE-EFB5-45F0-B3AA-F9AF25C13C40} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {2356FE9B-F6F7-41FA-A46A-01C81111F404} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {29FF1CAE-134E-4EDF-8A28-2D7C13ED547D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2ACE87E7-A3A8-4C16-A9D7-6B5AE6DB6E16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2BD9ABF9-2E9D-4599-B9BE-E301F45E63E4} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2016-11-08] (ASUSTeK Computer Inc.)
Task: {2C7A54A8-42CF-4540-8B89-85C2C21D99C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2F620946-0EAE-47C5-8571-3909D30F5042} - \ASUS\GpuFanHelper -> No File <==== ATTENTION
Task: {30250277-94E2-49CD-97F2-F48D6E6B0E6C} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2015-06-25] ()
Task: {3776ABEB-9B54-41F9-9584-0990C5474ECA} - System32\Tasks\ASUS\RamDisk => C:\Program Files (x86)\ASUS\ROG RAMDisk\loadImage.exe [2014-02-17] ()
Task: {3988D664-87C7-4CAD-B3E6-9D3F125FC6B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {3D1D530B-6BE6-4A78-A348-979253AC690C} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {451B2062-11A5-4196-8660-4B63277E13A1} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {45996489-5FF6-4D87-8DAD-4809C2E71D09} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4AE49800-4BA1-46B5-B80E-0B7F5792BB71} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {4BFE716E-5268-4685-BF1B-D2AF4C1ED87F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D13C40D-DC55-418D-B9B6-72B4AE14AAB1} - System32\Tasks\GC Remove old autoupdate => cmd.exe /c rd /S /Q "C:\Program Files (x86)\GeoComply\Update"
Task: {4F80FA1A-B93E-489C-A5D9-6664950D5163} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {50A33E96-4799-475C-88E1-6A17FCABAE3F} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {5612F2F1-CDB5-44FC-9488-696B18FC0B8A} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {57B58F2B-C6CE-4B23-9763-350094F549B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {585378D9-D019-4446-8696-C5EC8E02043B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {5B16CE5E-D45E-48E6-AAED-A4A7CA3BE15B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5F426F9F-149F-40DA-A0BA-ED87148439EF} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\ADMINI~1\AppData\Local\Temp\IHUAC70.tmp.exe <==== ATTENTION
Task: {5FBC0159-2CA8-4816-9D84-DAB5793097F3} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {60A2F600-603B-461A-A151-AFCADE6AAA69} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {67F08CAF-1320-490E-A390-728429522544} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {705EBF73-122F-43D7-A16C-7127906D3C58} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [2016-08-12] ()
Task: {77D48ABE-634D-4A24-B86D-1C5DDBE380E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {796C63D9-9943-44EB-A736-60470293CCD8} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {79994E8B-BABD-4493-895F-5DECFC0FE030} - System32\Tasks\SS2svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe [2016-08-12] ()
Task: {81DED616-72AE-4896-BDC3-A5EFBC1F5E22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {8471D845-8565-4169-81D5-41E3CD53B23B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {8A10F916-9AD9-46E0-986B-4BD53DA10B9E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {8C4E4DC2-6C30-42D1-908B-58A491851E07} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {8CFCE851-24D7-491A-B349-B696263B628C} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {90431E1A-F669-4925-B0AB-4158ABEF775A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {90CCAC22-C8F0-4E2E-9C15-0C949BB8405C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {966E22DD-C6B2-4BDF-A4F5-4B9E4774D3FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {9C58625D-9CFE-485E-AA49-C82E54229614} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9CB17CF5-0EC8-47D2-95D8-CA95A2B73F36} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {9DAB181A-19A0-4046-87FC-31E043196C5C} - System32\Tasks\ASUS\HyStream service => C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe [2015-06-12] (ASUSTeK Computer Inc.)
Task: {A1737B59-4FED-4E5A-AE75-3FF54A245E45} - System32\Tasks\SS2svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe [2016-08-12] ()
Task: {A19514E9-5403-4FF3-8864-FD171553234E} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {A711E1BF-224D-4E46-879A-222B0E54EFE0} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {A9D072BE-92F5-4C50-974F-DBA831F88A71} - System32\Tasks\Amazon Music Helper => C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe [2016-12-14] ()
Task: {AC4D4FE3-DC02-4806-ADBD-32E3F3600347} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {AD8247BE-1C65-4373-A009-0552C27AE504} - System32\Tasks\ASUS\ASUS Media Streamer DMR => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe [2015-05-12] ()
Task: {AE00BB64-DE6D-4127-8857-FD35897A44B2} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {B0544000-535D-4842-865D-7046AE2F3026} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B15E28D1-9A55-4C50-A320-0226DA784EF8} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {B2FF1D2B-2068-4EA0-AE22-3F1CC248C858} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-05-25] (Greatis Software)
Task: {B4A400B7-EF99-4331-9CDE-A13B35502E56} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {B5FBC0BB-575B-4519-A4D3-D97A1A82FF18} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {B623A972-9F59-48BD-93EF-A2E587D48582} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {B76EC1BA-4373-42B3-9D61-5B06470FE076} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {BA054CFC-8721-4507-9FD3-54A2CC0F9DA4} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-12-25] (Overwolf LTD)
Task: {BA5F0AF4-BA35-4C13-BF60-BD7B5A186F54} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {BB1301BE-514D-40D8-93A3-A80A962AC7AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C2DE7849-4F1F-4571-B3C3-F3F0CE6F2A8D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C3A887E9-4B6E-42B2-9446-B8AE43476FB8} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {C3BB3343-B592-4A7C-B39A-029EC1E2F2E5} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {CA169E1A-4272-4859-858B-FF2705ED4464} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {CF8B4CC3-6963-4542-B483-E55688087E2F} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {D264D02C-3982-499F-AFD6-C86D234342F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {D2851A53-3044-4564-8D1E-C0C57E76461E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D457091E-29B0-417E-8DA0-B05048AFBC25} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {D4C23683-A5A1-4463-BF5F-1AF31BAECD65} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {D5990566-AA92-4A88-9535-97AC26BAD25C} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {D5DCAA1E-2742-4216-B791-887132250771} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7FF46F2-68F4-4599-90A8-CA7B7F88EC33} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {D860070B-9F40-4839-BBED-C0B2679B079C} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {D9C75223-DB40-486B-8268-D41C4184B0F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {DB2F7905-5F1F-43F9-9ED5-A33E7759B63A} - System32\Tasks\NetRadioUpdater => C:\Program Files (x86)\NetRadio\lstrest.exe [2016-08-12] (Microsoft)
Task: {DC367917-8A9E-424E-9195-2A4BC7D4CC35} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {E5E7FDB7-BAD9-4B02-8265-4072F9627933} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E6122E9F-63D7-4247-9977-84CCCC3AF70D} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {F0524044-F42B-405F-9EC1-631038BE74F0} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-03-25] (ASUSTeK Computer Inc.)
Task: {F36F6B64-EBBC-4AA4-95AC-20CB960A8CD1} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {F9CF821A-B864-4EF6-BD19-E2CAFE713809} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {FE86C3DC-AAEF-4E93-90B8-85ED8978C2AF} - \WPD\SqmUpload_S-1-5-21-1629833701-3699544217-3734216812-500 -> No File <==== ATTENTION
Task: {FEF96465-9752-437B-BF18-A4D4044D55D8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {FF0907A6-4E10-4645-A083-F3C0B689FCA6} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Administrator\AppData\Local\1acb574\eb8c672.lnk -> C:\Users\Administrator\AppData\Local\1acb574\2fdf534.bat ()
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 17:30 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-10 11:20 - 2015-06-10 11:20 - 00495816 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00023240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\dataup\dataup.exe
2016-12-24 17:00 - 2017-05-03 16:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-05-06 04:23 - 2015-05-06 04:23 - 00418968 _____ () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
2015-05-06 04:23 - 2015-05-06 04:23 - 02543768 _____ () C:\Program Files\Nitro\Pro 10\Nitro_KissMetrics.dll
2015-06-05 07:00 - 2015-06-05 07:00 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-08-12 13:17 - 2016-08-12 13:17 - 00287760 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll
2016-08-12 13:17 - 2016-08-12 13:17 - 00209936 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll
2017-04-11 17:30 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-08-14 04:15 - 2015-08-14 04:15 - 00789704 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2016-12-08 18:02 - 2015-02-27 15:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
2016-12-19 19:24 - 2015-08-31 15:25 - 01460176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2017-02-05 13:45 - 2016-11-02 15:04 - 01290200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-12-13 18:48 - 2015-06-25 11:42 - 01986872 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
2016-12-19 18:18 - 2016-12-14 17:41 - 03494376 _____ () C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-03-30 10:32 - 2009-03-30 10:32 - 00032768 ____R () C:\Windows\DAODx.exe
2016-12-13 18:47 - 2015-05-12 22:49 - 00304952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
2016-09-27 23:02 - 2016-09-27 23:02 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 16:31 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 16:31 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:31 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 16:31 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 17:30 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 17:30 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 17:30 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-26 13:54 - 2015-05-14 10:18 - 01075712 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2016-12-26 13:54 - 2014-08-28 11:37 - 00033424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2015-09-23 06:02 - 2015-09-23 06:02 - 00089680 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2015-09-23 06:01 - 2015-09-23 06:01 - 00384080 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2016-12-10 17:37 - 2016-08-11 21:29 - 00105312 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2016-12-13 18:47 - 2015-07-07 18:07 - 01194808 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
2016-12-13 18:47 - 2015-07-07 18:07 - 02569528 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
2016-12-13 18:47 - 2015-06-03 20:46 - 00086840 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2016-08-12 13:15 - 2016-08-12 13:15 - 00557072 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
2016-08-12 13:15 - 2016-08-12 13:15 - 02741760 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe
2016-08-12 13:18 - 2016-08-12 13:18 - 00486400 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe
2015-09-10 02:06 - 2015-09-10 02:06 - 00810696 _____ () C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe
2017-03-31 13:15 - 2017-03-29 04:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-03-31 13:15 - 2017-03-29 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-25 15:05 - 2017-05-25 15:07 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-05-23 14:40 - 2017-05-23 14:41 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-25 15:05 - 2017-05-25 15:06 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_29.29.24001.0_x64__8wekyb3d8bbwe\XboxApp.exe
2017-05-25 15:05 - 2017-05-25 15:06 - 33844736 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_29.29.24001.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-12-06 15:24 - 2016-12-06 15:25 - 01651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_29.29.24001.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2017-05-05 14:43 - 2017-05-05 14:43 - 02167664 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17032.10341.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-08 14:11 - 2017-05-08 14:11 - 00054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 03325640 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00525000 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00109256 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-05-25 14:50 - 2017-05-25 14:50 - 00042792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-06-01 04:46 - 2015-06-05 07:00 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2017-01-27 18:11 - 2017-05-03 16:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-12 13:14 - 2016-08-12 13:14 - 00256016 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
2016-08-12 13:14 - 2016-08-12 13:14 - 00178704 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2DevProps.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2017-02-05 13:45 - 2016-11-02 15:06 - 04784088 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2017-02-05 13:45 - 2016-08-24 23:32 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2016-12-19 19:24 - 2015-05-21 23:57 - 01141248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2016-12-26 13:54 - 2015-11-05 12:13 - 01464320 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\MoboConnect.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00838456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2017-02-05 13:45 - 2016-10-11 10:55 - 00061440 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.32\Exeio.dll
2017-02-05 13:45 - 2016-10-11 10:55 - 01752576 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.32\Vender.dll
2017-02-05 13:41 - 2016-08-05 03:25 - 00669656 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMLib.dll
2016-12-26 13:54 - 2012-01-19 10:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2016-06-01 04:54 - 2015-08-20 10:44 - 00064000 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll
2016-12-19 19:24 - 2015-08-31 15:21 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2016-12-19 19:24 - 2015-08-14 12:23 - 00621056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2016-12-19 19:24 - 2014-02-24 18:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00268248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4cTDPAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00786416 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00886232 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2017-02-05 13:45 - 2016-08-24 23:32 - 00828376 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00848344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2016-12-13 18:48 - 2015-06-05 10:37 - 00179712 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsusService.dll
2013-12-23 17:06 - 2010-02-08 03:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2013-12-23 17:06 - 2008-12-10 06:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2016-12-26 13:54 - 2013-11-20 11:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2016-12-26 13:54 - 2013-07-02 11:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2016-12-24 17:00 - 2017-05-03 16:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-12-30 18:30 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2016-12-13 18:47 - 2015-05-12 22:49 - 00253952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\pngio.dll
2010-11-21 10:54 - 2010-11-21 10:54 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2016-08-12 13:15 - 2016-08-12 13:15 - 00098816 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\sradarlauncher.dll
2017-04-11 17:30 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 ____N () C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Documents\TURN Q PLUS.pdf:Roxio EMC Stream [38]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-12-07 16:35 - 00001120 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       idb.iobit.com
127.0.0.1       asc55.iobit.com
127.0.0.1       is360.iobit.com
127.0.0.1       asc.iobit.com
127.0.0.1       pf.iobit.com
127.0.0.1       98.129.229.186
127.0.0.1       www.iana.org
127.0.0.1       iana.org# ::1             localhost
127.0.0.1 54.83.135.167
127.0.0.1 54.83.135.167
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Control Panel\Desktop\\Wallpaper -> c:\users\administrator\pictures\dale-earnhardt-jr-elliott-21916-getty-ftrjpg_1bgtyq4z67iuf1xydrt0jhtl19.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Aero_PowerShell => "C:\WINDOWS\PSGlass.exe"
MSCONFIG\startupreg: Full glass => "C:\WINDOWS\Full glass.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_0BB272A9872478589BC035827915AEFF => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Advanced SystemCare 9"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{38D3FF0C-B452-4CF1-95A3-00CFC09F879F}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{B8C67B83-EFE9-47CC-AD2E-9115B77F3C6C}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{5CB56A16-AFFD-44F2-87C6-43435B74F613}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [{6AEAE0EF-DDD3-47F2-ACE4-6AB59C0758A9}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [TCP Query User{EA14CCF8-C501-4475-9144-EB87D49C93C3}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [UDP Query User{19DC2B5F-B1A3-4691-A6A9-CE61046958D7}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [TCP Query User{630A1828-2F97-4C5D-831D-23FA9994FFF3}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{5973780D-64AA-4B23-B2DC-671A75CF3615}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{D499C1A2-0CA1-447D-9302-76591856F8F6}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [UDP Query User{A2EEEE3A-BD0C-4BED-BA7F-F3411B5549EE}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [{6D017E33-C1C0-46A3-ADB0-3DF57048B919}] => (Allow) C:\Program Files (x86)\Trezaa\Trezaa.Service.exe
FirewallRules: [{5129867F-B87F-4266-909B-07E638804735}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{149557DA-4B8B-47E0-AA03-131449DFA35F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{208C5723-2F44-4560-B650-8914E7E64A13}H:\doom\doomx64.exe] => (Allow) H:\doom\doomx64.exe
FirewallRules: [UDP Query User{07B7BE6D-F649-4128-8304-7A384ABA7826}H:\doom\doomx64.exe] => (Allow) H:\doom\doomx64.exe
FirewallRules: [TCP Query User{6918DFA8-87E8-4027-8405-2F9CF4A7D05E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00559E98-3916-48DC-A8A6-AD75FFA915A3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A79E40DE-6380-4AFB-AA54-23574273E171}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS034D\hppiw.exe
FirewallRules: [{5F020567-98F3-444F-B367-FD95695F4C8E}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS034D\hppiw.exe
FirewallRules: [{CD3D67BF-83F8-4F57-820B-FBBF533AE3B5}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS06AB\hppiw.exe
FirewallRules: [{2B8FE0B7-2AC3-4966-97EB-4078B1292A7B}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS06AB\hppiw.exe
FirewallRules: [{DDD44D35-E1A6-4F49-90D4-A515FFBB1E93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E2D27074-5084-4462-8943-43062837672F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F96F4464-FF4A-421F-88E4-783BC81C0752}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{348FA78A-AC70-4E7A-9E36-0BA44E9504CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CB4AD3C1-8B02-4CF2-8FEA-247ACFD50461}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2C9D40C9-AB17-4C38-8AE2-975EB2643729}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{A545C370-DA94-4316-B6FC-2CA54BFB1CE7}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{39C84AFE-71D9-4028-BA7C-00E824A8CB9A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{A884A74E-31EA-4472-A82F-AC8E9F94C4E8}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [TCP Query User{B69489D3-E2A0-4C72-84ED-B47010BAE8DF}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [UDP Query User{4548E515-728A-4C49-B006-71095CFD449C}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [TCP Query User{2E0248B7-3CCD-4898-B4AB-7F185D2CA03C}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{508EF44A-DCEF-42AE-AB66-DFFF85234D26}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{A42688B2-3745-4A46-A7FE-F78B5213B819}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [UDP Query User{A381CD22-AC68-4FDE-AD84-3790D0C067E0}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [{8BDF1218-1500-4E66-94DB-CB9AF7F756AE}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{ADABB31B-7051-45B5-A5CC-7F08A1B77A2B}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{2D8BA316-BA62-4CD0-AB44-8496AB2E2052}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
 
==================== Restore Points =========================
 
22-05-2017 15:20:33 Windows Update
25-05-2017 12:41:45 UnHackMe Malware Removal
25-05-2017 12:44:44 Removed Itibiti RTC
25-05-2017 12:45:14 Removed Browser Configuration Utility.
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart eStn C510 series
Description: Photosmart eStn C510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Ethernet Connection (2) I219-V
Description: Intel® Ethernet Connection (2) I219-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: e1iexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/25/2017 05:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1066, time stamp: 0x58d9f07f
Exception code: 0x80000003
Fault offset: 0x001548a2
Faulting process id: 0xfc0
Faulting application start time: 0x01d2d5999cbd2b9c
Faulting application path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 18308557-2c8d-4bff-a44b-a45add555d79
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/25/2017 04:23:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: pepflashplayer.dll, version: 22.0.0.192, time stamp: 0x575f29cf
Exception code: 0x40000015
Fault offset: 0x00834f52
Faulting process id: 0x3cc8
Faulting application start time: 0x01d2d5942b63f902
Faulting application path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
Report Id: 392d374e-810f-4ab0-82f1-a967702f79b1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/25/2017 04:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x001f32b0
Faulting process id: 0x318c
Faulting application start time: 0x01d2d5930198e229
Faulting application path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 54b0842d-0ba5-4f42-bac3-fd541968a0be
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/25/2017 04:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: pepflashplayer.dll, version: 22.0.0.192, time stamp: 0x575f29cf
Exception code: 0x40000015
Fault offset: 0x00834f52
Faulting process id: 0x301c
Faulting application start time: 0x01d2d592c4f8e75b
Faulting application path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
Report Id: 900d0d9e-2515-4e63-99c1-ee40ff920d2d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/25/2017 03:44:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x2e34
Faulting application start time: 0x01d2d58f50793178
Faulting application path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 4803dede-66a3-46d3-b4c1-93b979218889
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/25/2017 03:24:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: pepflashplayer.dll, version: 22.0.0.192, time stamp: 0x575f29cf
Exception code: 0x40000015
Fault offset: 0x00834f52
Faulting process id: 0x2184
Faulting application start time: 0x01d2d58bdcff082c
Faulting application path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Administrator\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
Report Id: f907d680-7065-4ea9-a260-e2a62c5216d5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/25/2017 02:50:21 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: SCOTTSDESKTOP)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.
 
Error: (05/25/2017 01:17:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTTSDESKTOP)
Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/25/2017 01:16:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTTSDESKTOP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/25/2017 01:16:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTTSDESKTOP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (05/25/2017 03:07:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: 2017-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4019472).
 
Error: (05/25/2017 02:52:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The requested resource is in use.
 
Error: (05/25/2017 02:50:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/25/2017 02:50:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/25/2017 02:50:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/25/2017 02:50:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (05/25/2017 02:50:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdateSvc service failed to start due to the following error: 
The requested resource is in use.
 
Error: (05/25/2017 02:50:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgsvc service failed to start due to the following error: 
The requested resource is in use.
 
Error: (05/25/2017 02:50:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uxpatch service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/25/2017 02:50:16 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: uxpatch.sys
 
 
CodeIntegrity:
===================================
  Date: 2017-05-25 16:10:08.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-25 12:00:58.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-25 12:00:58.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-25 12:00:58.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-24 13:52:11.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-23 14:44:57.381
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-22 17:45:36.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-19 16:10:56.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-19 16:10:56.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.
 
  Date: 2017-05-19 16:10:56.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 38%
Total physical RAM: 16322.69 MB
Available physical RAM: 10039.55 MB
Total Virtual: 32706.69 MB
Available Virtual: 25340.18 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.32 GB) (Free:131.69 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (MB Support CD) (CDROM) (Total:5.92 GB) (Free:0 GB) CDFS
Drive e: (Storage Drive) (Fixed) (Total:931.51 GB) (Free:89.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Intel SSD) (Fixed) (Total:223.57 GB) (Free:23.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 98BBCFEF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 57FC04A8)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00163EA5)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
Moved from Am i infected, due to FRST log.
NickAu

Edited by NickAu, 25 May 2017 - 09:33 PM.
Mod edit


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 26 May 2017 - 06:53 AM

Hi scottl523 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 26 May 2017 - 01:48 PM

I tried copy/paste but it never would post.

Attached Files



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 26 May 2017 - 01:55 PM

All good. For this infection, the MBAR log can be too big for the forum to handle it properly, so attaching it works too.

Now, you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 26 May 2017 - 03:02 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/26/17
Scan Time: 3:21 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2027
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: SCOTTSDESKTOP\Administrator

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 482356
Threats Detected: 152
Threats Quarantined: 152
Time Elapsed: 3 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 29
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [100], [170024],1.0.2027
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [100], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [100], [170024],1.0.2027
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [100], [170024],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OnlineRadio, Quarantined, [9248], [104228],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DB2F7905-5F1F-43F9-9ED5-A33E7759B63A}, Quarantined, [9248], [182836],1.0.2027
PUP.Optional.InstallCore, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\csastats, Quarantined, [3], [260986],1.0.2027
PUP.Optional.InstantSupport, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\InSTab, Quarantined, [9231], [261449],1.0.2027
PUP.Optional.SwytShop, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\SwytShop, Quarantined, [3133], [386984],1.0.2027
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\APPDATALOW\SOFTWARE\Show-Password, Quarantined, [9497], [250873],1.0.2027
PUP.Optional.WinYahoo, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarantined, [90], [262014],1.0.2027
PUP.Optional.MySafeSavings, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MYSAFESAVINGS, Quarantined, [462], [343627],1.0.2027
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, Quarantined, [961], [341522],1.0.2027
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\ACPTAB, Quarantined, [1033], [261599],1.0.2027
PUP.Optional.CrossRider, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E82B843-18EF-495F-A3B8-595599507EBB}, Quarantined, [240], [237488],1.0.2027
PUP.Optional.ProductSetup, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\PRODUCTSETUP, Quarantined, [14827], [242047],1.0.2027
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [556], [360190],1.0.2027
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [556], [317312],1.0.2027
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [556], [339688],1.0.2027
PUP.Optional.NetRadio, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\NETRADIO, Quarantined, [9248], [255408],1.0.2027
PUP.Optional.DriverUpdate, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [961], [341521],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio_RASAPI32, Quarantined, [9248], [255411],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio_RASMANCS, Quarantined, [9248], [255411],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\NETRADIO, Quarantined, [9248], [255413],1.0.2027
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [961], [338931],1.0.2027
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [2622], [243667],1.0.2027
PUP.Optional.DPMM, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, Quarantined, [2825], [237894],1.0.2027
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [12753], [253915],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\NetRadioUpdater, Quarantined, [9248], [255371],1.0.2027

Registry Value: 31
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [100], [-1],0.0.0
PUP.Optional.Iminent, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [3418], [168093],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DB2F7905-5F1F-43F9-9ED5-A33E7759B63A}|PATH, Quarantined, [9248], [182836],1.0.2027
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, Quarantined, [1033], [255023],1.0.2027
PUP.Optional.WinYahoo, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Quarantined, [90], [262014],1.0.2027
PUP.Optional.MySafeSavings, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MYSAFESAVINGS|UAVALUE, Quarantined, [462], [343627],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\DYN\INSTALLED|NETRADIO, Quarantined, [9248], [255409],1.0.2027
PUP.Optional.OpinionSquare, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}, Quarantined, [12286], [241422],1.0.2027
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\ACPTAB|HB, Quarantined, [1033], [261599],1.0.2027
PUP.Optional.CrossRider, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E82B843-18EF-495F-A3B8-595599507EBB}|APPNAME, Quarantined, [240], [237488],1.0.2027
PUP.Optional.ProductSetup, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [14827], [242047],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.EXE, Quarantined, [9248], [256972],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.VSHOST.EXE, Quarantined, [9248], [256973],1.0.2027
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, Quarantined, [1033], [315965],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ONLINERADIO|DISPLAYICON, Quarantined, [9248], [255412],1.0.2027
PUP.Optional.NetRadio, HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\NETRADIO|, Quarantined, [9248], [255408],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\NETRADIO|PARTNERID, Quarantined, [9248], [255413],1.0.2027
PUP.Optional.WinResSync.Generic, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WinResSync, Quarantined, [1476], [337554],1.0.2027
PUP.Optional.WinResSync.Generic, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinResSync, Quarantined, [1476], [337554],1.0.2027
PUP.Optional.WinResSync.Generic, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WinResSync, Quarantined, [1476], [337554],1.0.2027
PUP.Optional.WinResSync.Generic, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinResSync, Quarantined, [1476], [337554],1.0.2027
PUP.Optional.Trezaa.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TREZAA, Quarantined, [12780], [185385],1.0.2027
PUP.Optional.WinResSync.Generic, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINRESSYNC, Quarantined, [1476], [337570],1.0.2027
PUP.Optional.WinResSync.Generic, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WINRESSYNC, Quarantined, [1476], [337571],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.EXE, Quarantined, [9248], [256972],1.0.2027
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.VSHOST.EXE, Quarantined, [9248], [256973],1.0.2027

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 13
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\SlimWare Utilities Inc\DriverUpdate, Quarantined, [961], [341510],1.0.2027
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [556], [391425],1.0.2027
PUP.Optional.NetRadio, C:\PROGRAMDATA\NETRADIO, Quarantined, [9248], [255365],1.0.2027
PUP.Optional.AnonymizerGadget, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\AGDATA, Quarantined, [1554], [338259],1.0.2027
PUP.Optional.NetRadio, C:\PROGRAM FILES (X86)\NETRADIO, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NETRADIO, Quarantined, [9248], [255368],1.0.2027
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET, Quarantined, [1151], [329210],1.0.2027
PUP.Optional.WinYahoo, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\{134D2511-37E5-49A9-5A7D-6C417E1590D9}, Quarantined, [90], [246924],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\27f7f88f32a0ee20a85811369a47d3e3, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\333d5e079b876154126ff8d77846cdac, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\65461cf6297978d620f7acf6eadef9e6, Quarantined, [15593], [259462],1.0.2027

File: 79
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-07-11  06-15-42 0.log, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-07-11  06-16-08 0.log, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-07-11  06-19-11 0.log, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf, Quarantined, [961], [341510],1.0.2027
PUP.Optional.DriverUpdate, C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys, Quarantined, [961], [341510],1.0.2027
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [556], [391425],1.0.2027
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [556], [391425],1.0.2027
PUP.Optional.Trezaa, C:\PROGRAMDATA\TREZAASETUPX30044.MSI, Quarantined, [8503], [100305],1.0.2027
PUP.Optional.NetRadio, C:\PROGRAMDATA\NETRADIO\NETRADIO.ICO, Quarantined, [9248], [255365],1.0.2027
PUP.Optional.NetRadio, C:\ProgramData\NetRadio\${FILE_INI}, Quarantined, [9248], [255365],1.0.2027
PUP.Optional.AnonymizerGadget, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\AGDATA\CONFIG.JSON, Quarantined, [1554], [338259],1.0.2027
PUP.Optional.AnonymizerGadget, C:\Users\Administrator\AppData\Roaming\AGData\add.json, Quarantined, [1554], [338259],1.0.2027
PUP.Optional.Agent.BCM, C:\PROGRAMDATA\WINDOWS 7\WINDOWS 7.EXE, Quarantined, [7056], [73087],1.0.2027
PUP.Optional.NetRadio, C:\USERS\PUBLIC\DESKTOP\NETRADIO.LNK, Quarantined, [9248], [255366],1.0.2027
PUP.Optional.Wajam, C:\PROGRAM FILES\65461CF6297978D620F7ACF6EADEF9E6\80AC2E4B5933ABF4E38A926B2D861D1F.SYS, Quarantined, [100], [313082],1.0.2027
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\SETUPODM\LAZYFILE.EXE, Quarantined, [1033], [399708],1.0.2027
PUP.Optional.NetRadio, C:\PROGRAM FILES (X86)\NETRADIO\UNINSTALL.EXE, Quarantined, [9248], [104228],1.0.2027
PUP.Optional.NetRadio, C:\PROGRAM FILES (X86)\NETRADIO\NETRADIO.EXE, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\App.Utility.exe, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\AppLib.Library.dll, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\lstrest.exe, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\LSTREST_NEW.exe, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\Microsoft.Win32.TaskScheduler.dll, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\NetRadio.Library.dll, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\UPDATER_NEW.exe, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.NetRadio, C:\Program Files (x86)\NetRadio\Upgrade.AppS.exe, Quarantined, [9248], [255367],1.0.2027
PUP.Optional.IoloSC, C:\$RECYCLE.BIN\S-1-5-21-1629833701-3699544217-3734216812-500\$R5MXDFM.EXE, Quarantined, [2220], [349236],1.0.2027
Trojan.Clicker, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\1494363272\S5M_INSTALL_325.EXE, Quarantined, [26], [387412],1.0.2027
Trojan.Clicker, C:\WINDOWS\SYSTEM32\TPRDPW64.EXE, Quarantined, [26], [399773],1.0.2027
Adware.SquareNet, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\866123140\IC-0.97A0AABFBCC79.EXE, Quarantined, [1203], [395692],1.0.2027
PUP.Optional.SwytShop, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\866123140\IC-0.E4942EC9DE62B.EXE, Quarantined, [3133], [368892],1.0.2027
Adware.Genius, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\GENIUS2.JS, Quarantined, [9076], [387358],1.0.2027
Trojan.Clicker, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\1494363272\S5M_INSTALL_325.ZIP, Quarantined, [26], [387412],1.0.2027
PUP.Optional.InstallCore, C:\USERS\ADMINISTRATOR\DOWNLOADS\FROOTVPN.EXE, Quarantined, [3], [78708],1.0.2027
PUP.Optional.WeatherBuddy, C:\WINDOWS\WEATHERBUDDY.INI, Quarantined, [1543], [388256],1.0.2027
PUP.Optional.InstallCore, C:\USERS\ADMINISTRATOR\DOWNLOADS\CYBERGHOST_6.0.4.2205.EXE, Quarantined, [3], [395467],1.0.2027
PUP.Optional.SysTweak, C:\USERS\ADMINISTRATOR\DOWNLOADS\WINTHRUSTER_2016_SETUP.EXE, Quarantined, [257], [114383],1.0.2027
PUP.Optional.DriverUpdate, C:\USERS\ADMINISTRATOR\DOWNLOADS\DRIVERUPDATE-SETUP.EXE, Quarantined, [961], [331447],1.0.2027
PUP.Optional.AnonymizerGadget, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\866123140\IC-0.3C16D34590086.EXE, Quarantined, [1554], [338559],1.0.2027
PUP.Optional.SpyHunter, C:\USERS\ADMINISTRATOR\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [927], [345850],1.0.2027
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [556], [391431],1.0.2027
PUP.Optional.Trezaa, C:\WINDOWS\INSTALLER\3BD641.MSI, Quarantined, [8503], [100305],1.0.2027
PUP.Optional.NetRadio, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NETRADIO\NETRADIO MP.LNK, Quarantined, [9248], [255368],1.0.2027
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET\ANONYMIZERGADGET.LNK, Quarantined, [1151], [329210],1.0.2027
PUP.Optional.WinYahoo, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\NADO, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\bapi_chmm.dat, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\bapi_ff.dat, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\bapi_ie.dat, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\dori, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\install.log, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\leli.dat, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\memo.cfg, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\Sqlite3.dll, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\tini, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\toli, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\uninst.dat, Quarantined, [90], [246924],1.0.2027
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\{134D2511-37E5-49A9-5A7D-6C417E1590D9}\uninst.exe, Quarantined, [90], [246924],1.0.2027
PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\65461cf6297978d620f7acf6eadef9e6\27f7f88f32a0ee20a85811369a47d3e3\00082cae1cb0ac04bcd7f6e2010910cb.ico, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\27f7f88f32a0ee20a85811369a47d3e3\7c2eb4de1a04970745991122f019815b.ico, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\27f7f88f32a0ee20a85811369a47d3e3\ccf943c61afb285e37f4a468a0a1fdfc.ico, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\7c2eb4de1a04970745991122f019815b.ico, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\80ac2e4b5933abf4e38a926b2d861d1f.cfg, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\80ac2e4b5933abf4e38a926b2d861d1f.inf, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\80ac2e4b5933abf4e38a926b2d861d1f.sys, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\84b6b322d31cb95eb97944848e3611f7.exe, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\bab1db35695dfb1377e18a338a755be7.exe, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\be145cc9cec67fdb854e8ab30d1f8bb6.exe, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\d8a318cbfce4925da937d548e6ab6e83.exe, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\f85b0091605d6cab6edb527ece04e564, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Wajam.Gen, C:\Program Files\65461cf6297978d620f7acf6eadef9e6\fe339bf9c3eb56bc3de4c4390bcdbf4f, Quarantined, [15593], [259462],1.0.2027
PUP.Optional.Iminent, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [3418], [239391],1.0.2027
PUP.Optional.NetRadio, C:\WINDOWS\SYSTEM32\TASKS\NETRADIOUPDATER, Quarantined, [9248], [255369],1.0.2027
PUP.Optional.WinResSync.Generic, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\PROTECT\b9bd2f55-2196-4eee-bd47-bffa91fc74b8.rs, Quarantined, [1476], [337554],1.0.2027

Physical Sector: 0
(No malicious items detected)


(end)



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 26 May 2017 - 05:17 PM

Good! Now let's do a sweep with JRT and AdwCleaner.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 27 May 2017 - 07:59 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Administrator (Administrator) on Sat 05/27/2017 at 20:27:46.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 14

Successfully deleted: C:\end (File)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder)
Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File)
Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)
Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal (File)
Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage (File)
Successfully deleted: C:\Users\Administrator\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375\user.js (File)
Successfully deleted: C:\Users\Administrator\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Google Update (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\IHUninstallTrackingTASK (Task)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BFD9D8A8-57FF-488A-B919-065EC77CF82F} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/27/2017 at 20:29:16.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v6.047 - Logfile created 27/05/2017 at 20:54:42
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-26.6 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Administrator - SCOTTSDESKTOP
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Administrator\AppData\Local\llssoft
[-] Folder deleted: C:\Users\Administrator\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[-] Folder deleted: C:\ProgramData\IObit\Advanced SystemCare
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea
[-] Folder deleted: C:\Program Files (x86)\Media Widget
[-] Folder deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\WINDOWS\SysWOW64\SSL


***** [ Files ] *****

[-] File deleted: C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DOMStore\XZ9N87B6\gamingwonderland[1].xml
[-] File deleted: C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DOMStore\TIWMFYZQ\myway[1].xml
[-] File deleted: C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DOMStore\TIWMFYZQ\www.zwinky[1].xml
[-] File deleted: C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DOMStore\S2ZM5QM2\myway[1].xml
[-] File deleted: C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DOMStore\HS0HFO5B\www.zwinky[1].xml
[-] File deleted: C:\Users\Administrator\daemonprocess.txt
[-] File deleted: C:\Users\Administrator\AppData\Roaming\LiveSupport.exe_log.txt
[-] File deleted: C:\Users\Administrator\AppData\Roaming\regsvr32.exe_log.txt


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: IHSelfDeleteTASK


***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.zwinky.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\zwinky.com
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\RCMSmartViewBrowser.MM15SmtViewBox
[-] Key deleted: HKLM\SOFTWARE\Classes\RCMSmartViewBrowser.MM15SmtViewBox.1
[-] Key deleted: HKLM\SOFTWARE\Classes\RMMSearchPane.MM15CRMMSaveToSmtView
[-] Key deleted: HKLM\SOFTWARE\Classes\RMMSearchPane.MM15CRMMSaveToSmtView.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SmartViewBrowser.MM15SmtViewBrowser
[-] Key deleted: HKLM\SOFTWARE\Classes\SmartViewBrowser.MM15SmtViewBrowser.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\RCMSmartViewBrowser.MM15SmtViewBox
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\RCMSmartViewBrowser.MM15SmtViewBox.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\RMMSearchPane.MM15CRMMSaveToSmtView
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\RMMSearchPane.MM15CRMMSaveToSmtView.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SmartViewBrowser.MM15SmtViewBrowser
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SmartViewBrowser.MM15SmtViewBrowser.1
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\BSD
[-] Key deleted: HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\SoftSuma
[-] Key deleted: HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\BSD
[-] Key deleted: HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
[#] Key deleted on reboot: HKU\S-1-5-18\Software\BSD
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\SoftSuma
[#] Key deleted on reboot: HKCU\Software\BSD
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\CompeteInc
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\BSD
[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\SoftSuma
[#] Key deleted on reboot: [x64] HKCU\Software\BSD
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\mobilegeni daemon
[-] Value deleted: HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WinResSync]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]


***** [ Web browsers ] *****

[-] [C:\Users\Administrator\AppData\Local\Chromium\User Data\Default] [extension] Deleted: edmgmpmklgfbohogafcfobonnkogchec
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7973 Bytes] - [27/05/2017 20:54:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [7812 Bytes] - [27/05/2017 20:52:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8119 Bytes] ##########
 



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 27 May 2017 - 10:24 PM

Good :) Now let's run a scan with FRST to see what's left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 28 May 2017 - 11:50 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by Administrator (administrator) on SCOTTSDESKTOP (28-05-2017 12:42:08)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBclk.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(SAVITECH) C:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NaturalPoint) C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
(Cisco) C:\Users\Administrator\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [852048 2015-09-23] (Qualcomm Atheros)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-08-11] (Realtek Semiconductor)
HKLM\...\Run: [SVLoadSense] => c:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe [1762000 2015-09-21] (SAVITECH)
HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [557072 2016-08-12] ()
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2014-07-23] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [211000 2014-07-23] (Bluebeam Software, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe [394864 2012-07-30] (NaturalPoint)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxWatchTray15.exe [295112 2015-09-11] (Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [ASUS Media Streamer ShareEdit] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe [1194808 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer DMS] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe [2569528 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer WSAgent] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe [86840 2015-06-03] ()
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.12.577\ASUSWSLoader.exe [63968 2016-10-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132176 2015-09-23] (Qualcomm Atheros)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [Amazon Music] => C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe [3494376 2016-12-14] ()
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe [394864 2012-07-30] (NaturalPoint)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [VideoGuardMonitor] => C:\Users\Administrator\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4809048 2015-07-08] (Disc Soft Ltd)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: G - "G:\Setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: I - "I:\setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: J - "J:\Setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: {37c02375-ac34-11e6-82f7-806e6f6e6963} - "D:\.\Setup.exe"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2fdc65f3-fe31-42a7-b223-bb0aecf05104}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{4f807caa-b8fa-4fd9-ac18-63a5fa7b84d1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76f4f927-4a7e-4e9c-8f57-fc04ed97ae43}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ce6a375d-40f6-4e4b-a9b3-b55d8dae7ada}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231882743927597&GUID=27B26C8D-7620-4838-96B0-F0A8975563CE
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131388381938894831&GUID=27B26C8D-7620-4838-96B0-F0A8975563CE
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> {A74C4F75-7F69-4486-8CCB-071025F7DCC8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-07] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-07] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

Edge:
======
Edge Session Restore: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 [2017-05-28]
FF NewTab: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 ->
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 ->
FF Keyword.URL: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 ->
FF Extension: (Windstream Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2017-05-09] [not signed]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{94285e43-a27b-4f51-b280-00763ae7cd81}] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\{94285e43-a27b-4f51-b280-00763ae7cd81}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\WINDOWS\SysWoW64\npDeployJava1.dll [2016-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\npMotive.dll [2015-09-04] (Windstream Communications)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=3 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=9 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @talk.google.com/GoogleTalkPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @talk.google.com/O1DPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-08-24] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-25] (Octoshape ApS)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-01-03]

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-05-27]
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-25]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-25]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-25]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-25]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-25]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [495816 2015-06-10] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-06-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-06-05] (ASUSTeK Computer Inc.)
R2 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [47280 2016-07-16] (Microsoft Corporation)
R2 ASUS LED Control Service; C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe [295352 2015-11-02] (TODO: <Company name>)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe [2394072 2016-10-11] (ASUSTeK Computer Inc.)
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [346424 2015-04-10] (ASUSTeK)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows ® Win 7 DDK provider)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [23240 2015-09-10] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-22] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1281368 2015-07-08] (Disc Soft Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2017-02-24] (Foxit Software Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-06-10] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1317104 2016-12-25] (Overwolf LTD)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe [810696 2015-09-10] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxMediaDB15.exe [1097928 2015-09-11] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxWatch15.exe [342216 2015-09-11] (Corel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-21] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28600 2015-08-28] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 asstor64; C:\WINDOWS\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\WINDOWS\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [78488 2015-09-23] (Qualcomm Atheros)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2016-12-13] (Disc Soft Ltd)
S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [530416 2015-06-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R0 FNETHYRAMAS; C:\WINDOWS\System32\drivers\FNETHYRAMAS.SYS [53848 2016-12-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [16648 2016-12-10] (FNet Co., Ltd.)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-21] (Intel Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2016-07-12] (ASUSTeK Computer Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-27] (Malwarebytes)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NFC_Driver; C:\WINDOWS\System32\drivers\NFC_Driver.sys [48336 2015-04-10] (Titan ARC Corp.)
R3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2012-07-10] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-05-01] (NVIDIA Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2356184 2015-09-22] (Qualcomm Atheros, Inc.)
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [37032 2016-01-11] (Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [28840 2016-01-11] (Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [36520 2016-01-11] (Corel Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 SvThLSNS; c:\Program Files (x86)\SAVITECH\SVLoadSense\x64\SvThLSNS.sys [15184 2015-09-21] (Windows ® Win 7 DDK provider)
S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
U3 idsvc; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 12:42 - 2017-05-28 12:42 - 00044314 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-05-28 12:40 - 2017-05-28 12:40 - 02429952 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2017-05-28 12:40 - 2017-05-28 12:40 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-05-28 12:34 - 2017-05-28 12:34 - 02429952 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64(1).exe
2017-05-28 12:16 - 2017-05-28 12:16 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-05-28 12:16 - 2017-05-28 12:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ProductData
2017-05-28 12:15 - 2017-05-28 12:15 - 00000000 ___HD C:\OneDriveTemp
2017-05-27 20:55 - 2017-05-27 20:55 - 00000780 _____ C:\ProgramData\SharedProperties.xml
2017-05-27 20:51 - 2017-05-27 20:54 - 00000000 ____D C:\AdwCleaner
2017-05-27 20:29 - 2017-05-27 20:29 - 00002854 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-05-27 20:25 - 2017-05-27 20:25 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT.exe
2017-05-26 15:20 - 2017-05-27 21:08 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-26 15:20 - 2017-05-27 20:55 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-26 15:20 - 2017-05-27 20:55 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-26 15:20 - 2017-05-26 15:20 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-26 15:20 - 2017-05-26 15:20 - 00001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-26 15:20 - 2017-05-26 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-26 15:20 - 2017-05-26 15:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-26 15:20 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-26 15:18 - 2017-05-26 15:19 - 63035592 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-1878.1878-3.1.2.1733.exe
2017-05-26 14:10 - 2017-05-27 20:20 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-05-26 13:21 - 2017-05-27 20:55 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-26 13:21 - 2017-05-26 15:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-26 13:21 - 2017-05-26 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-26 13:21 - 2017-05-26 13:54 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2017-05-25 18:52 - 2017-05-26 13:16 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-25 17:59 - 2017-05-25 18:21 - 00085488 _____ C:\Users\Administrator\Downloads\Addition.txt
2017-05-25 17:59 - 2017-05-25 18:21 - 00079582 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-05-25 17:58 - 2017-05-28 12:42 - 00000000 ____D C:\FRST
2017-05-25 15:16 - 2017-05-25 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk 10
2017-05-25 14:52 - 2017-05-25 17:52 - 00001053 _____ C:\WINDOWS\SysWOW64\SPLSRV.del
2017-05-25 14:51 - 2017-05-25 14:51 - 00003202 _____ C:\WINDOWS\System32\Tasks\SS2svc64Run
2017-05-25 14:51 - 2017-05-25 14:51 - 00003194 _____ C:\WINDOWS\System32\Tasks\SS2svc32Run
2017-05-25 13:00 - 2017-05-26 13:14 - 00000254 _____ C:\WINDOWS\SysWOW64\PARTIZAL.EXE
2017-05-25 12:58 - 2017-05-25 18:31 - 00000000 ____D C:\@RestoreQuarantine
2017-05-25 12:46 - 2017-05-25 18:31 - 00025506 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
2017-05-25 12:36 - 2017-05-25 18:27 - 00000000 ____D C:\ProgramData\RegRun
2017-05-25 12:35 - 2017-05-25 18:30 - 00000000 ____D C:\Users\Administrator\Documents\RegRun2
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-05-25 12:35 - 2017-05-25 12:35 - 00000000 ____D C:\Users\Administrator\Downloads\unhackme
2017-05-25 11:46 - 2017-05-25 11:51 - 18778928 _____ C:\Users\Administrator\Downloads\unhackme.zip
2017-05-24 17:49 - 2017-05-24 17:49 - 00542140 _____ C:\WINDOWS\Minidump\052417-8984-01.dmp
2017-05-24 15:20 - 2017-05-24 15:31 - 18357776 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\MediaCreationTool.exe
2017-05-24 15:19 - 2017-05-24 15:20 - 06385872 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows10Upgrade9252.exe
2017-05-24 14:59 - 2017-05-24 14:59 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-24 14:39 - 2017-05-24 14:39 - 00089088 _____ C:\Users\Administrator\Downloads\Georgia 2017 - ED LOWE  05-23-2017.pdf
2017-05-23 15:44 - 2017-05-23 15:49 - 00000000 ____D C:\Users\Administrator\Downloads\Acumen Application
2017-05-22 19:31 - 2017-05-22 19:34 - 11023528 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro.exe
2017-05-22 19:30 - 2017-05-22 19:30 - 04110280 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2017-05-22 19:19 - 2017-05-22 19:19 - 17091360 _____ (IObit) C:\Users\Administrator\Downloads\iobituninstaller-pro.exe
2017-05-22 19:11 - 2017-05-25 12:46 - 00000000 ____D C:\Program Files (x86)\Total Uninstaller
2017-05-22 19:11 - 2017-05-22 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstaller
2017-05-22 19:09 - 2017-05-22 19:11 - 02284872 _____ (Total Uninstaller, Inc. ) C:\Users\Administrator\Downloads\TotalUninstaller_Setup.exe
2017-05-22 17:21 - 2017-05-22 17:23 - 07986864 _____ ( ) C:\Users\Administrator\Downloads\AVG_Remover.exe
2017-05-21 10:54 - 2017-05-24 17:49 - 3725887019 _____ C:\WINDOWS\MEMORY.DMP
2017-05-21 10:54 - 2017-05-21 10:54 - 00553852 _____ C:\WINDOWS\Minidump\052117-7859-01.dmp
2017-05-19 17:13 - 2017-05-22 19:00 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-05-19 17:13 - 2017-05-19 17:13 - 00001076 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2017-05-19 17:13 - 2017-05-19 17:13 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2017-05-19 17:13 - 2017-05-19 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-05-19 17:12 - 2017-05-19 17:13 - 03086696 _____ C:\Users\Administrator\Downloads\instspeedfan452.exe
2017-05-19 16:04 - 2017-05-19 16:04 - 00545852 _____ C:\WINDOWS\Minidump\051917-7812-01.dmp
2017-05-19 12:43 - 2017-05-19 12:43 - 00545644 _____ C:\WINDOWS\Minidump\051917-7718-01.dmp
2017-05-18 14:35 - 2017-05-18 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-18 14:35 - 2017-05-01 16:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-18 14:35 - 2017-03-10 17:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-18 14:35 - 2017-03-10 17:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-18 14:35 - 2017-03-10 17:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-18 14:35 - 2017-03-10 17:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-18 14:33 - 2017-05-01 18:38 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 35388864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 35281528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 28623480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 11024384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 10547440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 09245744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 09014792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 08805232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 04092088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03792320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03607464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03247736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01988032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01276128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01054144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00991168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00960960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00911992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00821184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00776048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00651200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-05-18 14:33 - 2017-05-01 18:38 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-18 14:29 - 2017-05-18 14:29 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-03 16:21 - 01893496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 01477240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-05-13 16:00 - 2017-05-13 16:00 - 00540244 _____ C:\WINDOWS\Minidump\051317-7921-01.dmp
2017-05-13 15:58 - 2017-05-13 15:58 - 00545852 _____ C:\WINDOWS\Minidump\051317-7984-01.dmp
2017-05-12 19:48 - 2017-05-12 19:48 - 06053013 _____ C:\Users\Administrator\Downloads\2015-Transit-Owners-Manual-version-3_om_EN-US_10_2014.pdf
2017-05-11 11:41 - 2017-05-11 11:41 - 00611540 _____ C:\WINDOWS\Minidump\051117-11968-01.dmp
2017-05-10 16:46 - 2017-05-10 16:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\UNP
2017-05-10 16:22 - 2017-05-10 16:22 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-10 15:38 - 2017-05-10 15:38 - 14012816 _____ C:\Users\Administrator\Downloads\DIR-885L-R_REVA_MANUAL_1.00_EN_US.PDF
2017-05-10 13:00 - 2017-05-10 13:01 - 00000000 ____D C:\Program Files\UNP
2017-05-10 13:00 - 2017-05-10 13:00 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-09 20:53 - 2017-05-09 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windstream
2017-05-09 20:53 - 2017-05-09 20:53 - 00000000 ____D C:\Program Files\Windstream Support Center
2017-05-09 20:52 - 2017-05-25 10:59 - 00000000 ____D C:\Program Files (x86)\Windstream Support Center
2017-05-09 18:14 - 2017-04-28 20:59 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-09 18:14 - 2017-04-28 20:59 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 17:16 - 2017-05-22 17:35 - 00001291 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-05-09 16:55 - 2017-05-26 13:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\oegdoby
2017-05-09 16:54 - 2017-05-09 16:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\c
2017-05-09 16:54 - 2017-05-09 16:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\cjksuosz
2017-05-09 10:59 - 2017-05-09 10:59 - 01548288 _____ C:\WINDOWS\baee17b245f0cc69f0cde0a5451eca68.exe
2017-05-09 10:59 - 2017-05-09 10:59 - 00051619 _____ C:\WINDOWS\uninstaller.dat
2017-05-04 18:41 - 2017-05-04 18:41 - 01892937 _____ C:\Users\Administrator\Documents\Ferris Operators Manual.pdf
2017-05-04 18:39 - 2017-05-04 18:40 - 02002024 _____ C:\Users\Administrator\Downloads\heCyEN8goF4rE7CWn59bp796Dq.PDF
2017-05-01 14:56 - 2017-05-01 14:56 - 02474920 _____ C:\Users\Administrator\Downloads\hppiw.exe
2017-04-29 15:49 - 2017-04-29 15:49 - 00000000 ____D C:\WINDOWS\system32\ihvmanager
2017-04-29 15:49 - 2017-04-29 15:49 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-04-29 14:29 - 2017-04-29 14:33 - 00002584 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-04-29 14:29 - 2017-04-29 14:29 - 00001255 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.7.2.lnk
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-04-29 14:29 - 2016-10-18 17:14 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2017-04-28 14:58 - 2017-05-25 10:54 - 00000000 ____D C:\WINDOWS\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 12:35 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-28 12:25 - 2016-12-23 17:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-28 12:16 - 2016-12-17 15:10 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-05-28 12:16 - 2016-06-01 04:57 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2017-05-28 12:15 - 2016-09-28 13:12 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-05-27 21:01 - 2016-09-27 19:06 - 04284808 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-27 20:55 - 2016-09-27 19:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-27 20:55 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-27 20:55 - 2014-01-22 16:46 - 00000000 ____D C:\ProgramData\TEMP
2017-05-27 20:54 - 2016-09-27 19:06 - 00000000 ____D C:\Users\Administrator
2017-05-27 20:54 - 2016-06-08 03:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IObit
2017-05-27 20:54 - 2016-06-08 03:29 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\IObit
2017-05-27 20:54 - 2016-06-08 03:28 - 00000000 ____D C:\ProgramData\IObit
2017-05-27 20:54 - 2016-06-08 03:28 - 00000000 ____D C:\Program Files (x86)\IObit
2017-05-27 20:23 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-27 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-26 21:58 - 2016-09-27 19:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-26 15:27 - 2014-11-17 20:20 - 00000683 _____ C:\ProgramData\EventStore.xml
2017-05-26 15:27 - 2014-11-17 20:20 - 00000545 _____ C:\ProgramData\CampaignStore.xml
2017-05-26 15:27 - 2014-11-17 20:20 - 00000424 _____ C:\ProgramData\SoftwareVersionStore.xml
2017-05-26 15:27 - 2014-11-17 20:20 - 00000150 _____ C:\ProgramData\SubscriberStatusStore.json
2017-05-26 15:27 - 2014-11-17 16:31 - 00000619 _____ C:\ProgramData\SubscriptionStore.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000583 _____ C:\ProgramData\UpgradeStore.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000412 _____ C:\ProgramData\ConfigurationStore.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000408 _____ C:\ProgramData\FulfillmentStateMachineStores.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000066 _____ C:\ProgramData\AaaAuthorizationStore.json
2017-05-26 15:26 - 2015-08-25 11:14 - 00000000 __SHD C:\ProgramData\Windows 7
2017-05-26 14:07 - 2016-12-17 15:28 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-26 14:07 - 2016-12-17 15:28 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-26 13:53 - 2016-06-25 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\1acb574
2017-05-26 13:53 - 2015-12-06 17:36 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition
2017-05-26 13:53 - 2015-08-25 11:14 - 00000000 __SHD C:\ProgramData\Google
2017-05-25 18:59 - 2016-06-01 04:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-05-25 15:16 - 2016-10-10 16:08 - 00000000 ____D C:\Program Files\LSoft Technologies
2017-05-25 12:49 - 2016-09-27 19:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-05-25 12:48 - 2016-12-10 17:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-05-25 12:45 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2017-05-25 12:44 - 2011-03-27 17:20 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-05-24 17:49 - 2016-12-12 20:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-24 16:18 - 2014-07-03 17:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-05-24 14:59 - 2016-09-27 23:04 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-24 13:44 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-23 16:03 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-23 15:25 - 2009-07-13 22:34 - 00000782 _____ C:\WINDOWS\win.ini
2017-05-22 17:33 - 2013-12-28 15:34 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 17:33 - 2013-12-28 15:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-22 17:23 - 2015-12-22 18:33 - 00000000 ____D C:\Program Files (x86)\GeoComply
2017-05-22 16:43 - 2016-12-21 17:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-22 16:43 - 2013-12-23 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-22 15:05 - 2016-12-23 17:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-05-21 19:38 - 2016-06-26 06:52 - 00000000 ____D C:\Users\Administrator\Documents\The Witcher 3
2017-05-19 16:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-18 14:41 - 2013-12-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-05-18 14:41 - 2013-12-23 17:04 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-05-18 14:41 - 2011-03-27 16:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-18 14:35 - 2016-12-23 17:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-18 14:35 - 2016-12-23 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-18 14:35 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-18 14:35 - 2016-06-01 04:45 - 00000000 ____D C:\Temp
2017-05-18 14:29 - 2016-12-24 17:00 - 00001527 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-18 14:29 - 2016-12-23 17:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-18 14:29 - 2016-12-23 17:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-15 15:28 - 2014-01-02 17:24 - 00013154 _____ C:\Users\Administrator\Documents\Copy of Check list-1.xlsx
2017-05-13 17:13 - 2015-12-21 18:38 - 00016765 _____ C:\Users\Administrator\AppData\Roaming\quadstick_settings.repr
2017-05-11 16:56 - 2016-08-01 19:12 - 00000000 ____D C:\Program Files (x86)\SetupODM
2017-05-11 16:56 - 2016-08-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2017-05-10 19:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-10 19:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-10 16:22 - 2017-04-21 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-10 15:10 - 2016-09-28 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-05-09 20:52 - 2014-07-01 17:04 - 00000000 ____D C:\Program Files (x86)\Windstream
2017-05-09 17:02 - 2015-07-16 16:11 - 00000000 ____D C:\Users\Administrator\Documents\RC Car Stuff
2017-05-08 18:01 - 2013-12-28 17:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\tixati
2017-05-04 17:28 - 2015-05-27 15:43 - 02723221 _____ C:\Users\Administrator\Documents\Ferris Parts Manual.pdf
2017-05-03 16:21 - 2016-12-24 17:00 - 01755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-05-03 16:21 - 2016-12-24 17:00 - 01317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-05-03 16:21 - 2016-12-24 17:00 - 00121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-05-03 15:28 - 2016-12-24 17:00 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-05-01 16:52 - 2016-12-23 17:27 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-05-01 16:51 - 2016-12-23 17:27 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-01 16:13 - 2016-12-08 18:03 - 00000000 __SHD C:\Users\Administrator\80BhjWWuhFVb7qpi
2017-05-01 16:13 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-05-01 14:59 - 2013-12-31 17:11 - 00000000 ____D C:\Users\Administrator\Documents\My Scans
2017-04-29 19:44 - 2016-12-17 15:27 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 19:44 - 2016-09-27 19:11 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 17:57 - 2016-09-27 19:11 - 00003692 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500UA
2017-04-29 17:57 - 2016-09-27 19:11 - 00003424 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500Core
2017-04-29 15:50 - 2016-06-01 04:44 - 00000995 _____ C:\WINDOWS\Ascd_ProcessLog.ini
2017-04-29 15:48 - 2013-12-23 01:55 - 00055481 _____ C:\WINDOWS\Ascd_tmp.ini
2017-04-29 15:29 - 2016-01-12 17:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\AvgSetupLog
2017-04-29 15:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-29 15:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-29 14:29 - 2016-09-27 19:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-29 14:29 - 2016-06-01 04:45 - 00000000 ____D C:\Program Files\Intel
2017-04-29 14:29 - 2013-12-27 14:05 - 00000000 ____D C:\ProgramData\Intel

==================== Files in the root of some directories =======

2014-05-29 13:32 - 2014-05-29 14:25 - 0000097 _____ () C:\Users\Administrator\AppData\Roaming\LauncherSettings_live.cfg
2015-12-21 18:38 - 2017-05-13 17:13 - 0016765 _____ () C:\Users\Administrator\AppData\Roaming\quadstick_settings.repr
2014-02-20 18:18 - 2015-07-04 13:18 - 0000215 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2017-03-18 20:26 - 2017-03-18 20:26 - 0006419 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2016-12-21 19:47 - 2016-12-21 20:24 - 82116608 _____ () C:\Users\Administrator\AppData\Local\rx_image32.Cache
2014-11-17 16:31 - 2017-05-26 15:27 - 0000066 _____ () C:\ProgramData\AaaAuthorizationStore.json
2014-11-17 20:20 - 2017-05-26 15:27 - 0000545 _____ () C:\ProgramData\CampaignStore.xml
2014-11-17 16:31 - 2017-05-26 15:27 - 0000412 _____ () C:\ProgramData\ConfigurationStore.xml
2014-11-17 20:20 - 2017-05-26 15:27 - 0000683 _____ () C:\ProgramData\EventStore.xml
2014-11-17 16:31 - 2017-05-26 15:27 - 0000408 _____ () C:\ProgramData\FulfillmentStateMachineStores.xml
2017-01-04 17:24 - 2017-03-18 20:41 - 0012890 _____ () C:\ProgramData\hpzinstall.log
2017-01-04 17:28 - 2017-01-09 16:06 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-04 14:55 - 2017-01-04 17:27 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2015-09-22 06:40 - 2015-09-22 06:40 - 0002457 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2017-05-27 20:55 - 2017-05-27 20:55 - 0000780 _____ () C:\ProgramData\SharedProperties.xml
2014-11-17 20:20 - 2017-05-26 15:27 - 0000424 _____ () C:\ProgramData\SoftwareVersionStore.xml
2014-11-17 20:20 - 2017-05-26 15:27 - 0000150 _____ () C:\ProgramData\SubscriberStatusStore.json
2014-11-17 16:31 - 2017-05-26 15:27 - 0000619 _____ () C:\ProgramData\SubscriptionStore.xml
2014-11-17 16:31 - 2017-05-26 15:27 - 0000583 _____ () C:\ProgramData\UpgradeStore.xml

Some files in TEMP:
====================
2017-03-20 16:01 - 2017-03-20 16:01 - 0011264 _____ ( ) C:\Users\Administrator\AppData\Local\Temp\3wjlapnv.dll
2017-05-09 20:51 - 2013-10-22 12:57 - 0744960 _____ (Alcatel-Lucent) C:\Users\Administrator\AppData\Local\Temp\IHUC210.tmp.exe
2017-05-09 20:51 - 2013-10-22 16:15 - 0744960 _____ (Alcatel-Lucent) C:\Users\Administrator\AppData\Local\Temp\IHUC57B.tmp.exe
2017-01-24 17:18 - 2017-01-20 10:07 - 0757240 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
2017-04-10 16:32 - 2017-03-31 21:36 - 0868152 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-14 19:15 - 2017-03-31 21:36 - 0369208 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2017-05-22 19:00 - 2017-05-22 19:00 - 0192512 _____ () C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 13:56 - 2015-02-10 13:56 - 0105984 _____ () C:\Users\Administrator\AppData\Local\Temp\sfextra.dll
2017-03-18 19:33 - 2017-01-18 09:16 - 0133808 _____ (mIRC Co. Ltd.) C:\Users\Administrator\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-18 12:34

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by Administrator (28-05-2017 12:42:34)
Running from C:\Users\Administrator\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-28 17:10:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1629833701-3699544217-3734216812-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1629833701-3699544217-3734216812-503 - Limited - Disabled)
Guest (S-1-5-21-1629833701-3699544217-3734216812-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (Version: 7.1 - Intel) Hidden
. . . (x32 Version: 2.7.2.4 - Intel) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.15 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0915-000001000000}) (Version: 9.15.00.0 - Igor Pavlov)
Active@ KillDisk 10 (HKLM\...\{6A633DB7-06E4-4EF1-8FD1-7F8812C590AD}_is1) (Version: 10 - LSoft Technologies Inc)
Active@ KillDisk Professional 10 (HKLM\...\{C932B116-1A14-400B-B0E3-81A86905FF25}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.28 - ASUSTeK Computer Inc.)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Amazon Music (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Amazon Amazon Music) (Version: 5.3.2.1634 - Amazon Services LLC)
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Verifier x64 External Package (Version: 10.1.14393.33 - Microsoft) Hidden
Ares (HKLM-x32\...\Ares) (Version: 2.4.2-Build#3066 - AresGalaxy)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
ASUS HomeCloud Launcher (HKLM-x32\...\4ff11ffb-5880-4338-90e0-1502e835b184) (Version: 1.01.04 - ASUSTeK Computer Inc.)
ASUS Lighting Control (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.01.02 - ASUSTeK Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.30 - ASUSTeK Computer Inc.)
Asus Sonic Suite Plugins (HKLM-x32\...\{c5017606-8bde-4f85-94f4-ba61dcf59860}) (Version: 2.2.2801 - ASUSTeKcomputer.Inc)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BbeXtreme (x32 Version: 12.5.0 - Bluebeam Software) Hidden
Bluebeam Revu x64 12 (HKLM-x32\...\InstallShield_{8F81B206-1111-4EFA-8431-42BB992C5D76}) (Version: 12.5.0 - Bluebeam Software)
Bluebeam Revu x64 12 (Version: 12.5.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C510 (x32 Version: 140.0.344.000 - Hewlett-Packard) Hidden
CheckDevicesConfigurator (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Contents (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation)
CPUID ROG CPU-Z 1.73 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.73 - CPUID, Inc.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0486 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DIRECTV Player (HKLM-x32\...\{33a5f796-fbe8-4ef4-b95d-94e9c3c6efbd}) (Version: 12.0 - DIRECTV)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version:  - id Software)
Dragger32 (HKLM-x32\...\Dragger32) (Version:  - )
Dropbox (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EasyBCD 2.0 (HKLM-x32\...\EasyBCD) (Version: 2.0 - NeoSmart Technologies)
Fallout 4 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0080}) (Version: 6.0 - Black Box)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.4.2.0 - GIANTS Software)
FileZilla Client 3.3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.5.1 - )
FMW 1 (Version: 1.202.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{4A0F12EE-FA84-11E6-8204-000C29FC3B44}) (Version: 8.2.1.6871 - Foxit Software Inc.)
GeoComply Autoupdate (x32 Version: 1.0.0.0 - GeoComply) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
G'zOne Commando 4G LTE USB Driver (HKLM-x32\...\{99E1CC2D-EB4F-498B-B6ED-492654677E7E}) (Version: 5.30.17.1 - NEC CASIO Mobile Communications, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.6.14.19 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HyStream (HKLM-x32\...\{C84C5C3A-6D85-4741-9F9D-03A9084CD2E5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
ICA (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Infinite HD™ App (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
Intel® USB 3.1 Device Driver (HKLM\...\{7DFE2F7E-3154-45D6-A468-4725DE033AC8}) (Version: 15.2.30.250 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
IPM_VS_Pro (x32 Version: 1.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Kits Configuration Installer (x32 Version: 10.1.14393.33 - Microsoft) Hidden
K-Lite Mega Codec Pack 10.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
LauncherSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.10.3 - Marvell)
Media Streamer (HKLM-x32\...\{B457E718-00CA-45C8-9F75-45D66F8DAFF6}) (Version: 3.00.15 - ASUSTeK Computer Inc.)
MediaWidget 7.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
MemTweakIt (HKLM-x32\...\{E51AAC3A-D66D-4912-B883-DAFBA249D10F}) (Version: 2.02.22 - ASUSTeK Computer Inc.)
Microangelo On Display (x64) (HKLM\...\{344A17D9-DE25-4E77-B089-E7F0A0AF2AE7}) (Version: 6.10.70 - Impact Software)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 53.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0.3 (x64 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
MSI Development Tools (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NahimicSettingsConfigurator (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
NatLink version 4.1mike (including Vocola 2.8.1I+ and Unimacro) (HKLM-x32\...\NatLink_is1) (Version:  - )
NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nitro Pro 10 (HKLM\...\{C78478E6-8206-470E-B843-0204995371C6}) (Version: 10.5.1.17 - Nitro)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.101.26.0 - Overwolf Ltd.)
Perl (x64) (HKLM\...\{13088604-3B4D-4C5A-AE0F-6DE82273F1C4}) (Version: 5.20.0 - HexChat)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Player Location Check (HKLM-x32\...\{1E9707E3-86E8-4D1F-A7FB-7D0EEBA1863D}) (Version: 3.0.2.10 - GeoComply)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.0.2.10,3.0.4.3 - GeoComply)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
ProductDaemonSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Python 2.7 pywin32-219 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
QuadStick (HKLM-x32\...\QuadStick) (Version: 2.01 - QuadStick)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.0097 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 4.0.0.601 - Qualcomm Atheros Communications)
Quantum Break (HKLM-x32\...\Quantum Break_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7904 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.32 - ASUSTeK Computer Inc.)
ROG RAMDisk (HKLM-x32\...\{DE8C1883-4F14-40DF-8C8C-376157ADF5A3}) (Version: 2.02.06 - ASUSTeK Computer Inc.)
ROGRAMCACHE (HKLM-x32\...\ROGRAMCACHE) (Version: 3.01.06 - ASUSTeKcomputer Inc)
Roxio Creator NXT 4 (HKLM-x32\...\{7E0B6CC0-B46F-4145-B0BF-026659C6B095}) (Version: 17.0.70.2 - Roxio)
Roxio MyDVD (HKLM-x32\...\{A27A9721-C0D9-483C-87D3-78988A72EDB1}) (Version: 1.0 - Roxio)
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SDK Debuggers (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Share (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SmartNAV (HKLM-x32\...\{00126F77-7EFC-472D-AD35-C6BD971582AA}) (Version:  - )
SmartNav (HKLM-x32\...\{519e374d-b0ee-4c2c-a630-4e940c11e55b}) (Version: 3.20.037 - NaturalPoint)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Sniper Elite 3 (HKLM-x32\...\Sniper Elite 3_is1) (Version:  - )
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SonicRadarSetup (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Sound Blaster X-Fi MB (HKLM-x32\...\{818690C7-8DA5-4623-BBA8-A73CFBD44077}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spintires (HKLM-x32\...\Spintires_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SVLoadSense (HKLM-x32\...\{C4226734-F925-448C-8F15-0D5419F003DF}) (Version: 1.0.12 - SAVITECH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\{EAABE756-8A47-440F-AAC7-2F6BFF589169}) (Version: 6.0 - Black Box)
The Witcher 3 Wild Hunt version 1.0.0 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: 1.0.0 - Bandai Namco)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version:  - Ubisoft)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Total Uninstaller version 3.1.9.60 (HKLM-x32\...\{A32F00F2-F342-4B23-A74B-D83B881D980B}_is1) (Version: 3.1.9.60 - Total Uninstaller, Inc.)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.18 - )
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Universal CRT Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSClassic (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
VSPro (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.12.577 - ASUS Cloud Corporation)
WinAppDeploy (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
Windstream Broadband Check-up Center (HKLM-x32\...\Windstream_BCUC) (Version:  - )
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Support Center (HKLM-x32\...\Windstream-Windstream Support Center) (Version: 9.0.1.51 - Windstream Communications)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Wondershare Video Converter Ultimate 8.8.0.3 (HKLM-x32\...\Wondershare Video Converter Ultimate 8.8.0.3) (Version: 8.8.0.3 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)
WPT Redistributables (x32 Version: 10.1.14393.33 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.14393.33 - Microsoft) Hidden
wxPython 2.8.12.1 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.1-ansi - Total Control Software)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)
XTUPackage (HKLM-x32\...\{84D11A20-6E7F-4FBB-A2FB-117FCF871040}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)
XTUPackageWin7 (HKLM-x32\...\{9B03AE9C-B3E5-46CB-837E-454BDB5D4F3E}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 4\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0B18FAE7-35CE-4D82-92AD-12EF54116E93} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2015-08-31] ()
Task: {0E582723-83A6-456C-B9D5-0E871CE9F840} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {10F242E1-5603-406A-A36F-50EF9A76D1EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {12516ECF-053A-495B-BDA9-41E524D7FACF} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2016-11-02] ()
Task: {1D72E4BE-EFB5-45F0-B3AA-F9AF25C13C40} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {2356FE9B-F6F7-41FA-A46A-01C81111F404} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {29FF1CAE-134E-4EDF-8A28-2D7C13ED547D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2ACE87E7-A3A8-4C16-A9D7-6B5AE6DB6E16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2BD9ABF9-2E9D-4599-B9BE-E301F45E63E4} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2016-11-08] (ASUSTeK Computer Inc.)
Task: {2C7A54A8-42CF-4540-8B89-85C2C21D99C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2F620946-0EAE-47C5-8571-3909D30F5042} - \ASUS\GpuFanHelper -> No File <==== ATTENTION
Task: {30250277-94E2-49CD-97F2-F48D6E6B0E6C} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2015-06-25] ()
Task: {3776ABEB-9B54-41F9-9584-0990C5474ECA} - System32\Tasks\ASUS\RamDisk => C:\Program Files (x86)\ASUS\ROG RAMDisk\loadImage.exe [2014-02-17] ()
Task: {3D1D530B-6BE6-4A78-A348-979253AC690C} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {451B2062-11A5-4196-8660-4B63277E13A1} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {45996489-5FF6-4D87-8DAD-4809C2E71D09} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4AE49800-4BA1-46B5-B80E-0B7F5792BB71} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {4BFE716E-5268-4685-BF1B-D2AF4C1ED87F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D13C40D-DC55-418D-B9B6-72B4AE14AAB1} - System32\Tasks\GC Remove old autoupdate => cmd.exe /c rd /S /Q "C:\Program Files (x86)\GeoComply\Update"
Task: {4F80FA1A-B93E-489C-A5D9-6664950D5163} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {50A33E96-4799-475C-88E1-6A17FCABAE3F} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {5612F2F1-CDB5-44FC-9488-696B18FC0B8A} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {57B58F2B-C6CE-4B23-9763-350094F549B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {585378D9-D019-4446-8696-C5EC8E02043B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {5B16CE5E-D45E-48E6-AAED-A4A7CA3BE15B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5FBC0159-2CA8-4816-9D84-DAB5793097F3} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {60A2F600-603B-461A-A151-AFCADE6AAA69} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {67F08CAF-1320-490E-A390-728429522544} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {705EBF73-122F-43D7-A16C-7127906D3C58} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [2016-08-12] ()
Task: {77D48ABE-634D-4A24-B86D-1C5DDBE380E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {796C63D9-9943-44EB-A736-60470293CCD8} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {79994E8B-BABD-4493-895F-5DECFC0FE030} - System32\Tasks\SS2svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe [2016-08-12] ()
Task: {7AAD5C96-215A-44BF-902D-19FCB1B22868} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {7F122C0F-2586-40D2-BB8B-01FF508DF2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {8471D845-8565-4169-81D5-41E3CD53B23B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {8A10F916-9AD9-46E0-986B-4BD53DA10B9E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {8C4E4DC2-6C30-42D1-908B-58A491851E07} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {8CFCE851-24D7-491A-B349-B696263B628C} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {90431E1A-F669-4925-B0AB-4158ABEF775A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {90CCAC22-C8F0-4E2E-9C15-0C949BB8405C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {966E22DD-C6B2-4BDF-A4F5-4B9E4774D3FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {9C58625D-9CFE-485E-AA49-C82E54229614} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9CB17CF5-0EC8-47D2-95D8-CA95A2B73F36} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {9DAB181A-19A0-4046-87FC-31E043196C5C} - System32\Tasks\ASUS\HyStream service => C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe [2015-06-12] (ASUSTeK Computer Inc.)
Task: {A1737B59-4FED-4E5A-AE75-3FF54A245E45} - System32\Tasks\SS2svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe [2016-08-12] ()
Task: {A19514E9-5403-4FF3-8864-FD171553234E} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {A711E1BF-224D-4E46-879A-222B0E54EFE0} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {A9D072BE-92F5-4C50-974F-DBA831F88A71} - System32\Tasks\Amazon Music Helper => C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe [2016-12-14] ()
Task: {AC4D4FE3-DC02-4806-ADBD-32E3F3600347} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {AD8247BE-1C65-4373-A009-0552C27AE504} - System32\Tasks\ASUS\ASUS Media Streamer DMR => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe [2015-05-12] ()
Task: {AE00BB64-DE6D-4127-8857-FD35897A44B2} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {B0544000-535D-4842-865D-7046AE2F3026} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B15E28D1-9A55-4C50-A320-0226DA784EF8} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {B4A400B7-EF99-4331-9CDE-A13B35502E56} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {B5FBC0BB-575B-4519-A4D3-D97A1A82FF18} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {B623A972-9F59-48BD-93EF-A2E587D48582} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {B76EC1BA-4373-42B3-9D61-5B06470FE076} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {BA054CFC-8721-4507-9FD3-54A2CC0F9DA4} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-12-25] (Overwolf LTD)
Task: {BA5F0AF4-BA35-4C13-BF60-BD7B5A186F54} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {BB1301BE-514D-40D8-93A3-A80A962AC7AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BE8617E1-7E9B-43A7-A009-7CAAA069BD1B} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {C2DE7849-4F1F-4571-B3C3-F3F0CE6F2A8D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C3A887E9-4B6E-42B2-9446-B8AE43476FB8} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {C3BB3343-B592-4A7C-B39A-029EC1E2F2E5} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {CA169E1A-4272-4859-858B-FF2705ED4464} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {CF8B4CC3-6963-4542-B483-E55688087E2F} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {D264D02C-3982-499F-AFD6-C86D234342F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {D2851A53-3044-4564-8D1E-C0C57E76461E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D457091E-29B0-417E-8DA0-B05048AFBC25} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {D4C23683-A5A1-4463-BF5F-1AF31BAECD65} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {D5990566-AA92-4A88-9535-97AC26BAD25C} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {D5DCAA1E-2742-4216-B791-887132250771} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7FF46F2-68F4-4599-90A8-CA7B7F88EC33} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {D860070B-9F40-4839-BBED-C0B2679B079C} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {DC367917-8A9E-424E-9195-2A4BC7D4CC35} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {E5E7FDB7-BAD9-4B02-8265-4072F9627933} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E6122E9F-63D7-4247-9977-84CCCC3AF70D} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {F0524044-F42B-405F-9EC1-631038BE74F0} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-03-25] (ASUSTeK Computer Inc.)
Task: {F36F6B64-EBBC-4AA4-95AC-20CB960A8CD1} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {F6746179-907D-470F-96DD-0748E3263F66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {F9CF821A-B864-4EF6-BD19-E2CAFE713809} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {FE86C3DC-AAEF-4E93-90B8-85ED8978C2AF} - \WPD\SqmUpload_S-1-5-21-1629833701-3699544217-3734216812-500 -> No File <==== ATTENTION
Task: {FEF96465-9752-437B-BF18-A4D4044D55D8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {FF0907A6-4E10-4645-A083-F3C0B689FCA6} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Administrator\AppData\Local\1acb574\eb8c672.lnk -> C:\Users\Administrator\AppData\Local\1acb574\2fdf534.bat (No File)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-06-10 11:20 - 2015-06-10 11:20 - 00495816 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00023240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2015-05-06 04:23 - 2015-05-06 04:23 - 00418968 _____ () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
2015-05-06 04:23 - 2015-05-06 04:23 - 02543768 _____ () C:\Program Files\Nitro\Pro 10\Nitro_KissMetrics.dll
2016-12-24 17:00 - 2017-05-03 16:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2015-06-05 07:00 - 2015-06-05 07:00 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2017-05-26 15:20 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-09-10 02:06 - 2015-09-10 02:06 - 00810696 _____ () C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 17:30 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-23 17:27 - 2017-05-01 16:51 - 00133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-05 13:45 - 2016-11-02 15:04 - 01290200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-08-12 13:17 - 2016-08-12 13:17 - 00287760 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll
2016-08-12 13:17 - 2016-08-12 13:17 - 00209936 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll
2016-12-08 18:02 - 2015-02-27 15:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll
2016-12-19 18:18 - 2016-12-14 17:41 - 03494376 _____ () C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-12-13 18:47 - 2015-05-12 22:49 - 00304952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
2016-12-13 18:48 - 2015-06-25 11:42 - 01986872 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
2016-12-19 19:24 - 2015-08-31 15:25 - 01460176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2009-03-30 10:32 - 2009-03-30 10:32 - 00032768 ____R () C:\Windows\DAODx.exe
2016-09-27 23:02 - 2016-09-27 23:02 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 16:31 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 16:31 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:31 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 16:31 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 17:30 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 17:30 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 17:30 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-25 15:05 - 2017-05-25 15:07 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-26 13:54 - 2015-05-14 10:18 - 01075712 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2016-12-26 13:54 - 2014-08-28 11:37 - 00033424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2015-09-23 06:02 - 2015-09-23 06:02 - 00089680 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2015-09-23 06:01 - 2015-09-23 06:01 - 00384080 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2016-12-10 17:37 - 2016-08-11 21:29 - 00105312 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2016-12-13 18:47 - 2015-07-07 18:07 - 01194808 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
2016-12-13 18:47 - 2015-07-07 18:07 - 02569528 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
2016-12-13 18:47 - 2015-06-03 20:46 - 00086840 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
2016-08-12 13:15 - 2016-08-12 13:15 - 00557072 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
2016-08-12 13:15 - 2016-08-12 13:15 - 02741760 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe
2016-08-12 13:18 - 2016-08-12 13:18 - 00486400 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe
2015-09-10 01:04 - 2015-09-10 01:04 - 03325640 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00525000 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00109256 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2016-06-08 03:29 - 2015-12-23 18:31 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-05-27 20:55 - 2017-05-27 20:55 - 00042792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-06-01 04:46 - 2015-06-05 07:00 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2017-01-27 18:11 - 2017-05-03 16:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00268248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4cTDPAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00786416 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00886232 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2017-02-05 13:45 - 2016-08-24 23:32 - 00828376 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00848344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2017-02-05 13:45 - 2016-11-02 15:06 - 04784088 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2017-02-05 13:45 - 2016-08-24 23:32 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2016-12-19 19:24 - 2015-05-21 23:57 - 01141248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2016-12-26 13:54 - 2015-11-05 12:13 - 01464320 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\MoboConnect.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00838456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2017-02-05 13:45 - 2016-10-11 10:55 - 00061440 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.32\Exeio.dll
2017-02-05 13:45 - 2016-10-11 10:55 - 01752576 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.32\Vender.dll
2017-02-05 13:41 - 2016-08-05 03:25 - 00669656 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMLib.dll
2016-12-26 13:54 - 2012-01-19 10:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2016-06-01 04:54 - 2015-08-20 10:44 - 00064000 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll
2016-12-13 18:48 - 2015-06-05 10:37 - 00179712 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsusService.dll
2016-12-19 19:24 - 2015-08-31 15:21 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2016-12-19 19:24 - 2015-08-14 12:23 - 00621056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2016-12-19 19:24 - 2014-02-24 18:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2013-12-23 17:06 - 2010-02-08 03:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2013-12-23 17:06 - 2008-12-10 06:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2016-12-26 13:54 - 2013-11-20 11:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2016-12-26 13:54 - 2013-07-02 11:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2016-12-24 17:00 - 2017-05-03 16:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-12-30 18:30 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2016-12-13 18:47 - 2015-05-12 22:49 - 00253952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\pngio.dll
2016-08-12 13:15 - 2016-08-12 13:15 - 00098816 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\sradarlauncher.dll
2016-08-12 13:14 - 2016-08-12 13:14 - 00178704 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2DevProps.dll
2016-08-12 13:14 - 2016-08-12 13:14 - 00256016 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
2016-11-28 07:48 - 2016-11-28 07:47 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Administrator\Documents\TURN Q PLUS.pdf:Roxio EMC Stream [38]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-12-07 16:35 - 00001120 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       idb.iobit.com
127.0.0.1       asc55.iobit.com
127.0.0.1       is360.iobit.com
127.0.0.1       asc.iobit.com
127.0.0.1       pf.iobit.com
127.0.0.1       98.129.229.186
127.0.0.1       www.iana.org
127.0.0.1       iana.org#    ::1             localhost
127.0.0.1 54.83.135.167
127.0.0.1 54.83.135.167

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Control Panel\Desktop\\Wallpaper -> c:\users\administrator\pictures\dale-earnhardt-jr-elliott-21916-getty-ftrjpg_1bgtyq4z67iuf1xydrt0jhtl19.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Aero_PowerShell => "C:\WINDOWS\PSGlass.exe"
MSCONFIG\startupreg: Full glass => "C:\WINDOWS\Full glass.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_0BB272A9872478589BC035827915AEFF => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Advanced SystemCare 9"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38D3FF0C-B452-4CF1-95A3-00CFC09F879F}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{B8C67B83-EFE9-47CC-AD2E-9115B77F3C6C}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{5CB56A16-AFFD-44F2-87C6-43435B74F613}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [{6AEAE0EF-DDD3-47F2-ACE4-6AB59C0758A9}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [TCP Query User{EA14CCF8-C501-4475-9144-EB87D49C93C3}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [UDP Query User{19DC2B5F-B1A3-4691-A6A9-CE61046958D7}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [TCP Query User{630A1828-2F97-4C5D-831D-23FA9994FFF3}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{5973780D-64AA-4B23-B2DC-671A75CF3615}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{D499C1A2-0CA1-447D-9302-76591856F8F6}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [UDP Query User{A2EEEE3A-BD0C-4BED-BA7F-F3411B5549EE}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [{6D017E33-C1C0-46A3-ADB0-3DF57048B919}] => (Allow) C:\Program Files (x86)\Trezaa\Trezaa.Service.exe
FirewallRules: [{5129867F-B87F-4266-909B-07E638804735}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{149557DA-4B8B-47E0-AA03-131449DFA35F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{208C5723-2F44-4560-B650-8914E7E64A13}H:\doom\doomx64.exe] => (Allow) H:\doom\doomx64.exe
FirewallRules: [UDP Query User{07B7BE6D-F649-4128-8304-7A384ABA7826}H:\doom\doomx64.exe] => (Allow) H:\doom\doomx64.exe
FirewallRules: [TCP Query User{6918DFA8-87E8-4027-8405-2F9CF4A7D05E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00559E98-3916-48DC-A8A6-AD75FFA915A3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A79E40DE-6380-4AFB-AA54-23574273E171}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS034D\hppiw.exe
FirewallRules: [{5F020567-98F3-444F-B367-FD95695F4C8E}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS034D\hppiw.exe
FirewallRules: [{CD3D67BF-83F8-4F57-820B-FBBF533AE3B5}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS06AB\hppiw.exe
FirewallRules: [{2B8FE0B7-2AC3-4966-97EB-4078B1292A7B}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS06AB\hppiw.exe
FirewallRules: [{DDD44D35-E1A6-4F49-90D4-A515FFBB1E93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E2D27074-5084-4462-8943-43062837672F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F96F4464-FF4A-421F-88E4-783BC81C0752}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{348FA78A-AC70-4E7A-9E36-0BA44E9504CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CB4AD3C1-8B02-4CF2-8FEA-247ACFD50461}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2C9D40C9-AB17-4C38-8AE2-975EB2643729}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{A545C370-DA94-4316-B6FC-2CA54BFB1CE7}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{39C84AFE-71D9-4028-BA7C-00E824A8CB9A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{A884A74E-31EA-4472-A82F-AC8E9F94C4E8}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [TCP Query User{B69489D3-E2A0-4C72-84ED-B47010BAE8DF}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [UDP Query User{4548E515-728A-4C49-B006-71095CFD449C}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [TCP Query User{2E0248B7-3CCD-4898-B4AB-7F185D2CA03C}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{508EF44A-DCEF-42AE-AB66-DFFF85234D26}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{A42688B2-3745-4A46-A7FE-F78B5213B819}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [UDP Query User{A381CD22-AC68-4FDE-AD84-3790D0C067E0}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [{8BDF1218-1500-4E66-94DB-CB9AF7F756AE}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{3DC10B0D-4F10-465B-A1A2-0C40C1E3AEEF}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{CAD801B7-A6E7-4949-AFAF-10DE7BFB4681}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{7C8F27A0-A501-4BE3-856B-C72531B5A0A8}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{9F6C3B98-EA12-4B6B-8E03-4D1B2297D6F9}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{8DB90FDF-2621-45FA-B10D-60D583CAAED6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C91E2884-6076-4DE0-9BB7-4780FAE41D5C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{DFBD0313-4D3C-4121-B4FF-AC723D9BDBCA}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe

==================== Restore Points =========================

25-05-2017 12:41:45 UnHackMe Malware Removal
25-05-2017 12:44:44 Removed Itibiti RTC
25-05-2017 12:45:14 Removed Browser Configuration Utility.
27-05-2017 20:27:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Photosmart eStn C510 series
Description: Photosmart eStn C510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Ethernet Connection (2) I219-V
Description: Intel® Ethernet Connection (2) I219-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: e1iexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2017 12:20:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:20:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:20:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:20:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:19:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (05/28/2017 12:15:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second


System errors:
=============
Error: (05/28/2017 12:35:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: 2017-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4019472).

Error: (05/28/2017 12:15:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/28/2017 12:15:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/28/2017 12:15:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/27/2017 08:55:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uxpatch service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/27/2017 08:55:44 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: uxpatch.sys


CodeIntegrity:
===================================
  Date: 2017-05-26 16:49:31.720
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 16:10:08.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 12:00:58.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-25 12:00:58.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-05-25 12:00:58.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-05-24 13:52:11.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-23 14:44:57.381
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-22 17:45:36.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-19 16:10:56.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-19 16:10:56.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16322.69 MB
Available physical RAM: 11983.69 MB
Total Virtual: 32706.69 MB
Available Virtual: 28021.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.32 GB) (Free:134.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (MB Support CD) (CDROM) (Total:5.92 GB) (Free:0 GB) CDFS
Drive e: (Storage Drive) (Fixed) (Total:931.51 GB) (Free:89.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Intel SSD) (Fixed) (Total:223.57 GB) (Free:23.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 98BBCFEF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 57FC04A8)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00163EA5)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 3 (Size: 2 MB) (Disk ID: 6F20736B)
No partition Table on disk 3.
Disk 3 is a removable device.

==================== End of Addition.txt ============================



#11 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 28 May 2017 - 11:51 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by Administrator (administrator) on SCOTTSDESKTOP (28-05-2017 12:42:08)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBclk.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(SAVITECH) C:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NaturalPoint) C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
(Cisco) C:\Users\Administrator\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [852048 2015-09-23] (Qualcomm Atheros)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-08-11] (Realtek Semiconductor)
HKLM\...\Run: [SVLoadSense] => c:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe [1762000 2015-09-21] (SAVITECH)
HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [557072 2016-08-12] ()
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2014-07-23] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [211000 2014-07-23] (Bluebeam Software, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe [394864 2012-07-30] (NaturalPoint)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxWatchTray15.exe [295112 2015-09-11] (Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [ASUS Media Streamer ShareEdit] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe [1194808 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer DMS] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe [2569528 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer WSAgent] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe [86840 2015-06-03] ()
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.12.577\ASUSWSLoader.exe [63968 2016-10-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132176 2015-09-23] (Qualcomm Atheros)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [Amazon Music] => C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe [3494376 2016-12-14] ()
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe [394864 2012-07-30] (NaturalPoint)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [VideoGuardMonitor] => C:\Users\Administrator\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4809048 2015-07-08] (Disc Soft Ltd)
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: G - "G:\Setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: I - "I:\setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: J - "J:\Setup.exe"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\MountPoints2: {37c02375-ac34-11e6-82f7-806e6f6e6963} - "D:\.\Setup.exe"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2fdc65f3-fe31-42a7-b223-bb0aecf05104}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{4f807caa-b8fa-4fd9-ac18-63a5fa7b84d1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76f4f927-4a7e-4e9c-8f57-fc04ed97ae43}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ce6a375d-40f6-4e4b-a9b3-b55d8dae7ada}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231882743927597&GUID=27B26C8D-7620-4838-96B0-F0A8975563CE
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131388381938894831&GUID=27B26C8D-7620-4838-96B0-F0A8975563CE
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> {A74C4F75-7F69-4486-8CCB-071025F7DCC8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-07] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-07] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-24] (Google Inc.)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

Edge:
======
Edge Session Restore: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 [2017-05-28]
FF NewTab: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 ->
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 ->
FF Keyword.URL: Mozilla\Firefox\Profiles\4qg5t0wy.default-1464769854375 ->
FF Extension: (Windstream Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2017-05-09] [not signed]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{94285e43-a27b-4f51-b280-00763ae7cd81}] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\{94285e43-a27b-4f51-b280-00763ae7cd81}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\WINDOWS\SysWoW64\npDeployJava1.dll [2016-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\npMotive.dll [2015-09-04] (Windstream Communications)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=3 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=9 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @talk.google.com/GoogleTalkPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @talk.google.com/O1DPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1629833701-3699544217-3734216812-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-08-24] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-25] (Octoshape ApS)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-01-03]

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-05-27]
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-25]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-25]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-25]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-25]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-25]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [495816 2015-06-10] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-06-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-06-05] (ASUSTeK Computer Inc.)
R2 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [47280 2016-07-16] (Microsoft Corporation)
R2 ASUS LED Control Service; C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe [295352 2015-11-02] (TODO: <Company name>)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe [2394072 2016-10-11] (ASUSTeK Computer Inc.)
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [346424 2015-04-10] (ASUSTeK)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows ® Win 7 DDK provider)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [23240 2015-09-10] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-22] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1281368 2015-07-08] (Disc Soft Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2017-02-24] (Foxit Software Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-06-10] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1317104 2016-12-25] (Overwolf LTD)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe [810696 2015-09-10] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxMediaDB15.exe [1097928 2015-09-11] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 4\Common\RoxWatch15.exe [342216 2015-09-11] (Corel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-21] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28600 2015-08-28] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 asstor64; C:\WINDOWS\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\WINDOWS\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [78488 2015-09-23] (Qualcomm Atheros)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2016-12-13] (Disc Soft Ltd)
S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [530416 2015-06-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R0 FNETHYRAMAS; C:\WINDOWS\System32\drivers\FNETHYRAMAS.SYS [53848 2016-12-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [16648 2016-12-10] (FNet Co., Ltd.)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-21] (Intel Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2016-07-12] (ASUSTeK Computer Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-27] (Malwarebytes)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NFC_Driver; C:\WINDOWS\System32\drivers\NFC_Driver.sys [48336 2015-04-10] (Titan ARC Corp.)
R3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2012-07-10] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-05-01] (NVIDIA Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2356184 2015-09-22] (Qualcomm Atheros, Inc.)
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [37032 2016-01-11] (Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [28840 2016-01-11] (Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [36520 2016-01-11] (Corel Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 SvThLSNS; c:\Program Files (x86)\SAVITECH\SVLoadSense\x64\SvThLSNS.sys [15184 2015-09-21] (Windows ® Win 7 DDK provider)
S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
U3 idsvc; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 12:42 - 2017-05-28 12:42 - 00044314 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-05-28 12:40 - 2017-05-28 12:40 - 02429952 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2017-05-28 12:40 - 2017-05-28 12:40 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-05-28 12:34 - 2017-05-28 12:34 - 02429952 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64(1).exe
2017-05-28 12:16 - 2017-05-28 12:16 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-05-28 12:16 - 2017-05-28 12:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ProductData
2017-05-28 12:15 - 2017-05-28 12:15 - 00000000 ___HD C:\OneDriveTemp
2017-05-27 20:55 - 2017-05-27 20:55 - 00000780 _____ C:\ProgramData\SharedProperties.xml
2017-05-27 20:51 - 2017-05-27 20:54 - 00000000 ____D C:\AdwCleaner
2017-05-27 20:29 - 2017-05-27 20:29 - 00002854 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-05-27 20:25 - 2017-05-27 20:25 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT.exe
2017-05-26 15:20 - 2017-05-27 21:08 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-26 15:20 - 2017-05-27 20:55 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-26 15:20 - 2017-05-27 20:55 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-26 15:20 - 2017-05-26 15:20 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-26 15:20 - 2017-05-26 15:20 - 00001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-26 15:20 - 2017-05-26 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-26 15:20 - 2017-05-26 15:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-26 15:20 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-26 15:18 - 2017-05-26 15:19 - 63035592 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-1878.1878-3.1.2.1733.exe
2017-05-26 14:10 - 2017-05-27 20:20 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-05-26 13:21 - 2017-05-27 20:55 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-26 13:21 - 2017-05-26 15:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-26 13:21 - 2017-05-26 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-26 13:21 - 2017-05-26 13:54 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2017-05-25 18:52 - 2017-05-26 13:16 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-25 17:59 - 2017-05-25 18:21 - 00085488 _____ C:\Users\Administrator\Downloads\Addition.txt
2017-05-25 17:59 - 2017-05-25 18:21 - 00079582 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-05-25 17:58 - 2017-05-28 12:42 - 00000000 ____D C:\FRST
2017-05-25 15:16 - 2017-05-25 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk 10
2017-05-25 14:52 - 2017-05-25 17:52 - 00001053 _____ C:\WINDOWS\SysWOW64\SPLSRV.del
2017-05-25 14:51 - 2017-05-25 14:51 - 00003202 _____ C:\WINDOWS\System32\Tasks\SS2svc64Run
2017-05-25 14:51 - 2017-05-25 14:51 - 00003194 _____ C:\WINDOWS\System32\Tasks\SS2svc32Run
2017-05-25 13:00 - 2017-05-26 13:14 - 00000254 _____ C:\WINDOWS\SysWOW64\PARTIZAL.EXE
2017-05-25 12:58 - 2017-05-25 18:31 - 00000000 ____D C:\@RestoreQuarantine
2017-05-25 12:46 - 2017-05-25 18:31 - 00025506 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
2017-05-25 12:36 - 2017-05-25 18:27 - 00000000 ____D C:\ProgramData\RegRun
2017-05-25 12:35 - 2017-05-25 18:30 - 00000000 ____D C:\Users\Administrator\Documents\RegRun2
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-05-25 12:35 - 2017-05-25 12:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-05-25 12:35 - 2017-05-25 12:35 - 00000000 ____D C:\Users\Administrator\Downloads\unhackme
2017-05-25 11:46 - 2017-05-25 11:51 - 18778928 _____ C:\Users\Administrator\Downloads\unhackme.zip
2017-05-24 17:49 - 2017-05-24 17:49 - 00542140 _____ C:\WINDOWS\Minidump\052417-8984-01.dmp
2017-05-24 15:20 - 2017-05-24 15:31 - 18357776 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\MediaCreationTool.exe
2017-05-24 15:19 - 2017-05-24 15:20 - 06385872 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows10Upgrade9252.exe
2017-05-24 14:59 - 2017-05-24 14:59 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-24 14:39 - 2017-05-24 14:39 - 00089088 _____ C:\Users\Administrator\Downloads\Georgia 2017 - ED LOWE  05-23-2017.pdf
2017-05-23 15:44 - 2017-05-23 15:49 - 00000000 ____D C:\Users\Administrator\Downloads\Acumen Application
2017-05-22 19:31 - 2017-05-22 19:34 - 11023528 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\HitmanPro.exe
2017-05-22 19:30 - 2017-05-22 19:30 - 04110280 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2017-05-22 19:19 - 2017-05-22 19:19 - 17091360 _____ (IObit) C:\Users\Administrator\Downloads\iobituninstaller-pro.exe
2017-05-22 19:11 - 2017-05-25 12:46 - 00000000 ____D C:\Program Files (x86)\Total Uninstaller
2017-05-22 19:11 - 2017-05-22 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstaller
2017-05-22 19:09 - 2017-05-22 19:11 - 02284872 _____ (Total Uninstaller, Inc. ) C:\Users\Administrator\Downloads\TotalUninstaller_Setup.exe
2017-05-22 17:21 - 2017-05-22 17:23 - 07986864 _____ ( ) C:\Users\Administrator\Downloads\AVG_Remover.exe
2017-05-21 10:54 - 2017-05-24 17:49 - 3725887019 _____ C:\WINDOWS\MEMORY.DMP
2017-05-21 10:54 - 2017-05-21 10:54 - 00553852 _____ C:\WINDOWS\Minidump\052117-7859-01.dmp
2017-05-19 17:13 - 2017-05-22 19:00 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-05-19 17:13 - 2017-05-19 17:13 - 00001076 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2017-05-19 17:13 - 2017-05-19 17:13 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2017-05-19 17:13 - 2017-05-19 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-05-19 17:12 - 2017-05-19 17:13 - 03086696 _____ C:\Users\Administrator\Downloads\instspeedfan452.exe
2017-05-19 16:04 - 2017-05-19 16:04 - 00545852 _____ C:\WINDOWS\Minidump\051917-7812-01.dmp
2017-05-19 12:43 - 2017-05-19 12:43 - 00545644 _____ C:\WINDOWS\Minidump\051917-7718-01.dmp
2017-05-18 14:35 - 2017-05-18 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-18 14:35 - 2017-05-01 16:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-18 14:35 - 2017-03-10 17:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-18 14:35 - 2017-03-10 17:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-18 14:35 - 2017-03-10 17:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-18 14:35 - 2017-03-10 17:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-18 14:33 - 2017-05-01 18:38 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 35388864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 35281528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 28623480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 11024384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 10547440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 09245744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 09014792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 08805232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 04092088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03792320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03607464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 03247736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01988032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01276128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 01054144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00991168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00960960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00911992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00821184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00776048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00651200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-05-18 14:33 - 2017-05-01 18:38 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-05-18 14:33 - 2017-05-01 18:38 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-18 14:29 - 2017-05-18 14:29 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-18 14:29 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 14:29 - 2017-05-03 16:21 - 01893496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 01477240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-05-18 14:29 - 2017-05-03 16:21 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-05-13 16:00 - 2017-05-13 16:00 - 00540244 _____ C:\WINDOWS\Minidump\051317-7921-01.dmp
2017-05-13 15:58 - 2017-05-13 15:58 - 00545852 _____ C:\WINDOWS\Minidump\051317-7984-01.dmp
2017-05-12 19:48 - 2017-05-12 19:48 - 06053013 _____ C:\Users\Administrator\Downloads\2015-Transit-Owners-Manual-version-3_om_EN-US_10_2014.pdf
2017-05-11 11:41 - 2017-05-11 11:41 - 00611540 _____ C:\WINDOWS\Minidump\051117-11968-01.dmp
2017-05-10 16:46 - 2017-05-10 16:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\UNP
2017-05-10 16:22 - 2017-05-10 16:22 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-10 15:38 - 2017-05-10 15:38 - 14012816 _____ C:\Users\Administrator\Downloads\DIR-885L-R_REVA_MANUAL_1.00_EN_US.PDF
2017-05-10 13:00 - 2017-05-10 13:01 - 00000000 ____D C:\Program Files\UNP
2017-05-10 13:00 - 2017-05-10 13:00 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-09 20:53 - 2017-05-09 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windstream
2017-05-09 20:53 - 2017-05-09 20:53 - 00000000 ____D C:\Program Files\Windstream Support Center
2017-05-09 20:52 - 2017-05-25 10:59 - 00000000 ____D C:\Program Files (x86)\Windstream Support Center
2017-05-09 18:14 - 2017-04-28 20:59 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-09 18:14 - 2017-04-28 20:59 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 17:16 - 2017-05-22 17:35 - 00001291 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-05-09 16:55 - 2017-05-26 13:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\oegdoby
2017-05-09 16:54 - 2017-05-09 16:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\c
2017-05-09 16:54 - 2017-05-09 16:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\cjksuosz
2017-05-09 10:59 - 2017-05-09 10:59 - 01548288 _____ C:\WINDOWS\baee17b245f0cc69f0cde0a5451eca68.exe
2017-05-09 10:59 - 2017-05-09 10:59 - 00051619 _____ C:\WINDOWS\uninstaller.dat
2017-05-04 18:41 - 2017-05-04 18:41 - 01892937 _____ C:\Users\Administrator\Documents\Ferris Operators Manual.pdf
2017-05-04 18:39 - 2017-05-04 18:40 - 02002024 _____ C:\Users\Administrator\Downloads\heCyEN8goF4rE7CWn59bp796Dq.PDF
2017-05-01 14:56 - 2017-05-01 14:56 - 02474920 _____ C:\Users\Administrator\Downloads\hppiw.exe
2017-04-29 15:49 - 2017-04-29 15:49 - 00000000 ____D C:\WINDOWS\system32\ihvmanager
2017-04-29 15:49 - 2017-04-29 15:49 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-04-29 14:29 - 2017-04-29 14:33 - 00002584 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-04-29 14:29 - 2017-04-29 14:29 - 00001255 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.7.2.lnk
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-04-29 14:29 - 2017-04-29 14:29 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-04-29 14:29 - 2016-10-18 17:14 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2017-04-28 14:58 - 2017-05-25 10:54 - 00000000 ____D C:\WINDOWS\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 12:35 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-28 12:25 - 2016-12-23 17:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-28 12:16 - 2016-12-17 15:10 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-05-28 12:16 - 2016-06-01 04:57 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2017-05-28 12:15 - 2016-09-28 13:12 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-05-27 21:01 - 2016-09-27 19:06 - 04284808 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-27 20:55 - 2016-09-27 19:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-27 20:55 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-27 20:55 - 2014-01-22 16:46 - 00000000 ____D C:\ProgramData\TEMP
2017-05-27 20:54 - 2016-09-27 19:06 - 00000000 ____D C:\Users\Administrator
2017-05-27 20:54 - 2016-06-08 03:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IObit
2017-05-27 20:54 - 2016-06-08 03:29 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\IObit
2017-05-27 20:54 - 2016-06-08 03:28 - 00000000 ____D C:\ProgramData\IObit
2017-05-27 20:54 - 2016-06-08 03:28 - 00000000 ____D C:\Program Files (x86)\IObit
2017-05-27 20:23 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-27 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-26 21:58 - 2016-09-27 19:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-26 15:27 - 2014-11-17 20:20 - 00000683 _____ C:\ProgramData\EventStore.xml
2017-05-26 15:27 - 2014-11-17 20:20 - 00000545 _____ C:\ProgramData\CampaignStore.xml
2017-05-26 15:27 - 2014-11-17 20:20 - 00000424 _____ C:\ProgramData\SoftwareVersionStore.xml
2017-05-26 15:27 - 2014-11-17 20:20 - 00000150 _____ C:\ProgramData\SubscriberStatusStore.json
2017-05-26 15:27 - 2014-11-17 16:31 - 00000619 _____ C:\ProgramData\SubscriptionStore.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000583 _____ C:\ProgramData\UpgradeStore.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000412 _____ C:\ProgramData\ConfigurationStore.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000408 _____ C:\ProgramData\FulfillmentStateMachineStores.xml
2017-05-26 15:27 - 2014-11-17 16:31 - 00000066 _____ C:\ProgramData\AaaAuthorizationStore.json
2017-05-26 15:26 - 2015-08-25 11:14 - 00000000 __SHD C:\ProgramData\Windows 7
2017-05-26 14:07 - 2016-12-17 15:28 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-26 14:07 - 2016-12-17 15:28 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-26 13:53 - 2016-06-25 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\1acb574
2017-05-26 13:53 - 2015-12-06 17:36 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition
2017-05-26 13:53 - 2015-08-25 11:14 - 00000000 __SHD C:\ProgramData\Google
2017-05-25 18:59 - 2016-06-01 04:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-05-25 15:16 - 2016-10-10 16:08 - 00000000 ____D C:\Program Files\LSoft Technologies
2017-05-25 12:49 - 2016-09-27 19:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-05-25 12:48 - 2016-12-10 17:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-05-25 12:45 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2017-05-25 12:44 - 2011-03-27 17:20 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-05-24 17:49 - 2016-12-12 20:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-24 16:18 - 2014-07-03 17:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-05-24 14:59 - 2016-09-27 23:04 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-24 13:44 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-23 16:03 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-23 15:25 - 2009-07-13 22:34 - 00000782 _____ C:\WINDOWS\win.ini
2017-05-22 17:33 - 2013-12-28 15:34 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 17:33 - 2013-12-28 15:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-22 17:23 - 2015-12-22 18:33 - 00000000 ____D C:\Program Files (x86)\GeoComply
2017-05-22 16:43 - 2016-12-21 17:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-22 16:43 - 2013-12-23 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-22 15:05 - 2016-12-23 17:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-05-21 19:38 - 2016-06-26 06:52 - 00000000 ____D C:\Users\Administrator\Documents\The Witcher 3
2017-05-19 16:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-18 14:41 - 2013-12-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-05-18 14:41 - 2013-12-23 17:04 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-05-18 14:41 - 2011-03-27 16:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-18 14:35 - 2016-12-23 17:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-18 14:35 - 2016-12-23 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-18 14:35 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-18 14:35 - 2016-06-01 04:45 - 00000000 ____D C:\Temp
2017-05-18 14:29 - 2016-12-24 17:00 - 00001527 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-18 14:29 - 2016-12-23 17:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-18 14:29 - 2016-12-23 17:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-15 15:28 - 2014-01-02 17:24 - 00013154 _____ C:\Users\Administrator\Documents\Copy of Check list-1.xlsx
2017-05-13 17:13 - 2015-12-21 18:38 - 00016765 _____ C:\Users\Administrator\AppData\Roaming\quadstick_settings.repr
2017-05-11 16:56 - 2016-08-01 19:12 - 00000000 ____D C:\Program Files (x86)\SetupODM
2017-05-11 16:56 - 2016-08-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2017-05-10 19:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-10 19:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-10 16:22 - 2017-04-21 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-10 15:10 - 2016-09-28 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-05-09 20:52 - 2014-07-01 17:04 - 00000000 ____D C:\Program Files (x86)\Windstream
2017-05-09 17:02 - 2015-07-16 16:11 - 00000000 ____D C:\Users\Administrator\Documents\RC Car Stuff
2017-05-08 18:01 - 2013-12-28 17:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\tixati
2017-05-04 17:28 - 2015-05-27 15:43 - 02723221 _____ C:\Users\Administrator\Documents\Ferris Parts Manual.pdf
2017-05-03 16:21 - 2016-12-24 17:00 - 01755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-05-03 16:21 - 2016-12-24 17:00 - 01317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-05-03 16:21 - 2016-12-24 17:00 - 00121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-05-03 15:28 - 2016-12-24 17:00 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-05-01 16:52 - 2016-12-23 17:27 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-05-01 16:51 - 2016-12-23 17:27 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-01 16:51 - 2016-12-23 17:27 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-01 16:13 - 2016-12-08 18:03 - 00000000 __SHD C:\Users\Administrator\80BhjWWuhFVb7qpi
2017-05-01 16:13 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-05-01 14:59 - 2013-12-31 17:11 - 00000000 ____D C:\Users\Administrator\Documents\My Scans
2017-04-29 19:44 - 2016-12-17 15:27 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 19:44 - 2016-09-27 19:11 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 17:57 - 2016-09-27 19:11 - 00003692 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500UA
2017-04-29 17:57 - 2016-09-27 19:11 - 00003424 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500Core
2017-04-29 15:50 - 2016-06-01 04:44 - 00000995 _____ C:\WINDOWS\Ascd_ProcessLog.ini
2017-04-29 15:48 - 2013-12-23 01:55 - 00055481 _____ C:\WINDOWS\Ascd_tmp.ini
2017-04-29 15:29 - 2016-01-12 17:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\AvgSetupLog
2017-04-29 15:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-29 15:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-29 14:29 - 2016-09-27 19:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-29 14:29 - 2016-06-01 04:45 - 00000000 ____D C:\Program Files\Intel
2017-04-29 14:29 - 2013-12-27 14:05 - 00000000 ____D C:\ProgramData\Intel

==================== Files in the root of some directories =======

2014-05-29 13:32 - 2014-05-29 14:25 - 0000097 _____ () C:\Users\Administrator\AppData\Roaming\LauncherSettings_live.cfg
2015-12-21 18:38 - 2017-05-13 17:13 - 0016765 _____ () C:\Users\Administrator\AppData\Roaming\quadstick_settings.repr
2014-02-20 18:18 - 2015-07-04 13:18 - 0000215 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2017-03-18 20:26 - 2017-03-18 20:26 - 0006419 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2016-12-21 19:47 - 2016-12-21 20:24 - 82116608 _____ () C:\Users\Administrator\AppData\Local\rx_image32.Cache
2014-11-17 16:31 - 2017-05-26 15:27 - 0000066 _____ () C:\ProgramData\AaaAuthorizationStore.json
2014-11-17 20:20 - 2017-05-26 15:27 - 0000545 _____ () C:\ProgramData\CampaignStore.xml
2014-11-17 16:31 - 2017-05-26 15:27 - 0000412 _____ () C:\ProgramData\ConfigurationStore.xml
2014-11-17 20:20 - 2017-05-26 15:27 - 0000683 _____ () C:\ProgramData\EventStore.xml
2014-11-17 16:31 - 2017-05-26 15:27 - 0000408 _____ () C:\ProgramData\FulfillmentStateMachineStores.xml
2017-01-04 17:24 - 2017-03-18 20:41 - 0012890 _____ () C:\ProgramData\hpzinstall.log
2017-01-04 17:28 - 2017-01-09 16:06 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-04 14:55 - 2017-01-04 17:27 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2015-09-22 06:40 - 2015-09-22 06:40 - 0002457 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2017-05-27 20:55 - 2017-05-27 20:55 - 0000780 _____ () C:\ProgramData\SharedProperties.xml
2014-11-17 20:20 - 2017-05-26 15:27 - 0000424 _____ () C:\ProgramData\SoftwareVersionStore.xml
2014-11-17 20:20 - 2017-05-26 15:27 - 0000150 _____ () C:\ProgramData\SubscriberStatusStore.json
2014-11-17 16:31 - 2017-05-26 15:27 - 0000619 _____ () C:\ProgramData\SubscriptionStore.xml
2014-11-17 16:31 - 2017-05-26 15:27 - 0000583 _____ () C:\ProgramData\UpgradeStore.xml

Some files in TEMP:
====================
2017-03-20 16:01 - 2017-03-20 16:01 - 0011264 _____ ( ) C:\Users\Administrator\AppData\Local\Temp\3wjlapnv.dll
2017-05-09 20:51 - 2013-10-22 12:57 - 0744960 _____ (Alcatel-Lucent) C:\Users\Administrator\AppData\Local\Temp\IHUC210.tmp.exe
2017-05-09 20:51 - 2013-10-22 16:15 - 0744960 _____ (Alcatel-Lucent) C:\Users\Administrator\AppData\Local\Temp\IHUC57B.tmp.exe
2017-01-24 17:18 - 2017-01-20 10:07 - 0757240 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
2017-04-10 16:32 - 2017-03-31 21:36 - 0868152 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-14 19:15 - 2017-03-31 21:36 - 0369208 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2017-05-22 19:00 - 2017-05-22 19:00 - 0192512 _____ () C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 13:56 - 2015-02-10 13:56 - 0105984 _____ () C:\Users\Administrator\AppData\Local\Temp\sfextra.dll
2017-03-18 19:33 - 2017-01-18 09:16 - 0133808 _____ (mIRC Co. Ltd.) C:\Users\Administrator\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-18 12:34

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by Administrator (28-05-2017 12:42:34)
Running from C:\Users\Administrator\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-28 17:10:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1629833701-3699544217-3734216812-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1629833701-3699544217-3734216812-503 - Limited - Disabled)
Guest (S-1-5-21-1629833701-3699544217-3734216812-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (Version: 7.1 - Intel) Hidden
. . . (x32 Version: 2.7.2.4 - Intel) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.15 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0915-000001000000}) (Version: 9.15.00.0 - Igor Pavlov)
Active@ KillDisk 10 (HKLM\...\{6A633DB7-06E4-4EF1-8FD1-7F8812C590AD}_is1) (Version: 10 - LSoft Technologies Inc)
Active@ KillDisk Professional 10 (HKLM\...\{C932B116-1A14-400B-B0E3-81A86905FF25}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.28 - ASUSTeK Computer Inc.)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Amazon Music (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Amazon Amazon Music) (Version: 5.3.2.1634 - Amazon Services LLC)
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Verifier x64 External Package (Version: 10.1.14393.33 - Microsoft) Hidden
Ares (HKLM-x32\...\Ares) (Version: 2.4.2-Build#3066 - AresGalaxy)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
ASUS HomeCloud Launcher (HKLM-x32\...\4ff11ffb-5880-4338-90e0-1502e835b184) (Version: 1.01.04 - ASUSTeK Computer Inc.)
ASUS Lighting Control (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.01.02 - ASUSTeK Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.30 - ASUSTeK Computer Inc.)
Asus Sonic Suite Plugins (HKLM-x32\...\{c5017606-8bde-4f85-94f4-ba61dcf59860}) (Version: 2.2.2801 - ASUSTeKcomputer.Inc)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BbeXtreme (x32 Version: 12.5.0 - Bluebeam Software) Hidden
Bluebeam Revu x64 12 (HKLM-x32\...\InstallShield_{8F81B206-1111-4EFA-8431-42BB992C5D76}) (Version: 12.5.0 - Bluebeam Software)
Bluebeam Revu x64 12 (Version: 12.5.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C510 (x32 Version: 140.0.344.000 - Hewlett-Packard) Hidden
CheckDevicesConfigurator (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Contents (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation)
CPUID ROG CPU-Z 1.73 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.73 - CPUID, Inc.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0486 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DIRECTV Player (HKLM-x32\...\{33a5f796-fbe8-4ef4-b95d-94e9c3c6efbd}) (Version: 12.0 - DIRECTV)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version:  - id Software)
Dragger32 (HKLM-x32\...\Dragger32) (Version:  - )
Dropbox (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EasyBCD 2.0 (HKLM-x32\...\EasyBCD) (Version: 2.0 - NeoSmart Technologies)
Fallout 4 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0080}) (Version: 6.0 - Black Box)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.4.2.0 - GIANTS Software)
FileZilla Client 3.3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.5.1 - )
FMW 1 (Version: 1.202.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{4A0F12EE-FA84-11E6-8204-000C29FC3B44}) (Version: 8.2.1.6871 - Foxit Software Inc.)
GeoComply Autoupdate (x32 Version: 1.0.0.0 - GeoComply) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
G'zOne Commando 4G LTE USB Driver (HKLM-x32\...\{99E1CC2D-EB4F-498B-B6ED-492654677E7E}) (Version: 5.30.17.1 - NEC CASIO Mobile Communications, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.6.14.19 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HyStream (HKLM-x32\...\{C84C5C3A-6D85-4741-9F9D-03A9084CD2E5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
ICA (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Infinite HD™ App (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
Intel® USB 3.1 Device Driver (HKLM\...\{7DFE2F7E-3154-45D6-A468-4725DE033AC8}) (Version: 15.2.30.250 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
IPM_VS_Pro (x32 Version: 1.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Kits Configuration Installer (x32 Version: 10.1.14393.33 - Microsoft) Hidden
K-Lite Mega Codec Pack 10.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
LauncherSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.10.3 - Marvell)
Media Streamer (HKLM-x32\...\{B457E718-00CA-45C8-9F75-45D66F8DAFF6}) (Version: 3.00.15 - ASUSTeK Computer Inc.)
MediaWidget 7.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
MemTweakIt (HKLM-x32\...\{E51AAC3A-D66D-4912-B883-DAFBA249D10F}) (Version: 2.02.22 - ASUSTeK Computer Inc.)
Microangelo On Display (x64) (HKLM\...\{344A17D9-DE25-4E77-B089-E7F0A0AF2AE7}) (Version: 6.10.70 - Impact Software)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 53.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0.3 (x64 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
MSI Development Tools (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NahimicSettingsConfigurator (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
NatLink version 4.1mike (including Vocola 2.8.1I+ and Unimacro) (HKLM-x32\...\NatLink_is1) (Version:  - )
NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nitro Pro 10 (HKLM\...\{C78478E6-8206-470E-B843-0204995371C6}) (Version: 10.5.1.17 - Nitro)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.101.26.0 - Overwolf Ltd.)
Perl (x64) (HKLM\...\{13088604-3B4D-4C5A-AE0F-6DE82273F1C4}) (Version: 5.20.0 - HexChat)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Player Location Check (HKLM-x32\...\{1E9707E3-86E8-4D1F-A7FB-7D0EEBA1863D}) (Version: 3.0.2.10 - GeoComply)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.0.2.10,3.0.4.3 - GeoComply)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
ProductDaemonSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Python 2.7 pywin32-219 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
QuadStick (HKLM-x32\...\QuadStick) (Version: 2.01 - QuadStick)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.0097 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 4.0.0.601 - Qualcomm Atheros Communications)
Quantum Break (HKLM-x32\...\Quantum Break_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7904 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.32 - ASUSTeK Computer Inc.)
ROG RAMDisk (HKLM-x32\...\{DE8C1883-4F14-40DF-8C8C-376157ADF5A3}) (Version: 2.02.06 - ASUSTeK Computer Inc.)
ROGRAMCACHE (HKLM-x32\...\ROGRAMCACHE) (Version: 3.01.06 - ASUSTeKcomputer Inc)
Roxio Creator NXT 4 (HKLM-x32\...\{7E0B6CC0-B46F-4145-B0BF-026659C6B095}) (Version: 17.0.70.2 - Roxio)
Roxio MyDVD (HKLM-x32\...\{A27A9721-C0D9-483C-87D3-78988A72EDB1}) (Version: 1.0 - Roxio)
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SDK Debuggers (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Share (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SmartNAV (HKLM-x32\...\{00126F77-7EFC-472D-AD35-C6BD971582AA}) (Version:  - )
SmartNav (HKLM-x32\...\{519e374d-b0ee-4c2c-a630-4e940c11e55b}) (Version: 3.20.037 - NaturalPoint)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Sniper Elite 3 (HKLM-x32\...\Sniper Elite 3_is1) (Version:  - )
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SonicRadarSetup (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (Version: 2.2.2801 - ASUSTeKcomputer.Inc) Hidden
Sound Blaster X-Fi MB (HKLM-x32\...\{818690C7-8DA5-4623-BBA8-A73CFBD44077}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spintires (HKLM-x32\...\Spintires_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SVLoadSense (HKLM-x32\...\{C4226734-F925-448C-8F15-0D5419F003DF}) (Version: 1.0.12 - SAVITECH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\{EAABE756-8A47-440F-AAC7-2F6BFF589169}) (Version: 6.0 - Black Box)
The Witcher 3 Wild Hunt version 1.0.0 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: 1.0.0 - Bandai Namco)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version:  - Ubisoft)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Total Uninstaller version 3.1.9.60 (HKLM-x32\...\{A32F00F2-F342-4B23-A74B-D83B881D980B}_is1) (Version: 3.1.9.60 - Total Uninstaller, Inc.)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.18 - )
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Universal CRT Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSClassic (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
VSPro (x32 Version: 1.0.0.93 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.12.577 - ASUS Cloud Corporation)
WinAppDeploy (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
Windstream Broadband Check-up Center (HKLM-x32\...\Windstream_BCUC) (Version:  - )
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Support Center (HKLM-x32\...\Windstream-Windstream Support Center) (Version: 9.0.1.51 - Windstream Communications)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Wondershare Video Converter Ultimate 8.8.0.3 (HKLM-x32\...\Wondershare Video Converter Ultimate 8.8.0.3) (Version: 8.8.0.3 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)
WPT Redistributables (x32 Version: 10.1.14393.33 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.14393.33 - Microsoft) Hidden
wxPython 2.8.12.1 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.1-ansi - Total Control Software)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)
XTUPackage (HKLM-x32\...\{84D11A20-6E7F-4FBB-A2FB-117FCF871040}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)
XTUPackageWin7 (HKLM-x32\...\{9B03AE9C-B3E5-46CB-837E-454BDB5D4F3E}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 4\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0B18FAE7-35CE-4D82-92AD-12EF54116E93} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2015-08-31] ()
Task: {0E582723-83A6-456C-B9D5-0E871CE9F840} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {10F242E1-5603-406A-A36F-50EF9A76D1EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {12516ECF-053A-495B-BDA9-41E524D7FACF} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2016-11-02] ()
Task: {1D72E4BE-EFB5-45F0-B3AA-F9AF25C13C40} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {2356FE9B-F6F7-41FA-A46A-01C81111F404} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {29FF1CAE-134E-4EDF-8A28-2D7C13ED547D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2ACE87E7-A3A8-4C16-A9D7-6B5AE6DB6E16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2BD9ABF9-2E9D-4599-B9BE-E301F45E63E4} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2016-11-08] (ASUSTeK Computer Inc.)
Task: {2C7A54A8-42CF-4540-8B89-85C2C21D99C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2F620946-0EAE-47C5-8571-3909D30F5042} - \ASUS\GpuFanHelper -> No File <==== ATTENTION
Task: {30250277-94E2-49CD-97F2-F48D6E6B0E6C} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2015-06-25] ()
Task: {3776ABEB-9B54-41F9-9584-0990C5474ECA} - System32\Tasks\ASUS\RamDisk => C:\Program Files (x86)\ASUS\ROG RAMDisk\loadImage.exe [2014-02-17] ()
Task: {3D1D530B-6BE6-4A78-A348-979253AC690C} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {451B2062-11A5-4196-8660-4B63277E13A1} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {45996489-5FF6-4D87-8DAD-4809C2E71D09} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4AE49800-4BA1-46B5-B80E-0B7F5792BB71} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {4BFE716E-5268-4685-BF1B-D2AF4C1ED87F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D13C40D-DC55-418D-B9B6-72B4AE14AAB1} - System32\Tasks\GC Remove old autoupdate => cmd.exe /c rd /S /Q "C:\Program Files (x86)\GeoComply\Update"
Task: {4F80FA1A-B93E-489C-A5D9-6664950D5163} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {50A33E96-4799-475C-88E1-6A17FCABAE3F} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {5612F2F1-CDB5-44FC-9488-696B18FC0B8A} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {57B58F2B-C6CE-4B23-9763-350094F549B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {585378D9-D019-4446-8696-C5EC8E02043B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {5B16CE5E-D45E-48E6-AAED-A4A7CA3BE15B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5FBC0159-2CA8-4816-9D84-DAB5793097F3} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {60A2F600-603B-461A-A151-AFCADE6AAA69} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {67F08CAF-1320-490E-A390-728429522544} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {705EBF73-122F-43D7-A16C-7127906D3C58} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [2016-08-12] ()
Task: {77D48ABE-634D-4A24-B86D-1C5DDBE380E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {796C63D9-9943-44EB-A736-60470293CCD8} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {79994E8B-BABD-4493-895F-5DECFC0FE030} - System32\Tasks\SS2svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe [2016-08-12] ()
Task: {7AAD5C96-215A-44BF-902D-19FCB1B22868} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {7F122C0F-2586-40D2-BB8B-01FF508DF2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {8471D845-8565-4169-81D5-41E3CD53B23B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {8A10F916-9AD9-46E0-986B-4BD53DA10B9E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {8C4E4DC2-6C30-42D1-908B-58A491851E07} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {8CFCE851-24D7-491A-B349-B696263B628C} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {90431E1A-F669-4925-B0AB-4158ABEF775A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {90CCAC22-C8F0-4E2E-9C15-0C949BB8405C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {966E22DD-C6B2-4BDF-A4F5-4B9E4774D3FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {9C58625D-9CFE-485E-AA49-C82E54229614} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9CB17CF5-0EC8-47D2-95D8-CA95A2B73F36} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {9DAB181A-19A0-4046-87FC-31E043196C5C} - System32\Tasks\ASUS\HyStream service => C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe [2015-06-12] (ASUSTeK Computer Inc.)
Task: {A1737B59-4FED-4E5A-AE75-3FF54A245E45} - System32\Tasks\SS2svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe [2016-08-12] ()
Task: {A19514E9-5403-4FF3-8864-FD171553234E} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {A711E1BF-224D-4E46-879A-222B0E54EFE0} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {A9D072BE-92F5-4C50-974F-DBA831F88A71} - System32\Tasks\Amazon Music Helper => C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe [2016-12-14] ()
Task: {AC4D4FE3-DC02-4806-ADBD-32E3F3600347} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {AD8247BE-1C65-4373-A009-0552C27AE504} - System32\Tasks\ASUS\ASUS Media Streamer DMR => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe [2015-05-12] ()
Task: {AE00BB64-DE6D-4127-8857-FD35897A44B2} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {B0544000-535D-4842-865D-7046AE2F3026} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B15E28D1-9A55-4C50-A320-0226DA784EF8} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {B4A400B7-EF99-4331-9CDE-A13B35502E56} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {B5FBC0BB-575B-4519-A4D3-D97A1A82FF18} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {B623A972-9F59-48BD-93EF-A2E587D48582} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {B76EC1BA-4373-42B3-9D61-5B06470FE076} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {BA054CFC-8721-4507-9FD3-54A2CC0F9DA4} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-12-25] (Overwolf LTD)
Task: {BA5F0AF4-BA35-4C13-BF60-BD7B5A186F54} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {BB1301BE-514D-40D8-93A3-A80A962AC7AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BE8617E1-7E9B-43A7-A009-7CAAA069BD1B} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {C2DE7849-4F1F-4571-B3C3-F3F0CE6F2A8D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C3A887E9-4B6E-42B2-9446-B8AE43476FB8} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {C3BB3343-B592-4A7C-B39A-029EC1E2F2E5} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {CA169E1A-4272-4859-858B-FF2705ED4464} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {CF8B4CC3-6963-4542-B483-E55688087E2F} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {D264D02C-3982-499F-AFD6-C86D234342F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {D2851A53-3044-4564-8D1E-C0C57E76461E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D457091E-29B0-417E-8DA0-B05048AFBC25} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {D4C23683-A5A1-4463-BF5F-1AF31BAECD65} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {D5990566-AA92-4A88-9535-97AC26BAD25C} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {D5DCAA1E-2742-4216-B791-887132250771} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1629833701-3699544217-3734216812-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7FF46F2-68F4-4599-90A8-CA7B7F88EC33} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {D860070B-9F40-4839-BBED-C0B2679B079C} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {DC367917-8A9E-424E-9195-2A4BC7D4CC35} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {E5E7FDB7-BAD9-4B02-8265-4072F9627933} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E6122E9F-63D7-4247-9977-84CCCC3AF70D} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {F0524044-F42B-405F-9EC1-631038BE74F0} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-03-25] (ASUSTeK Computer Inc.)
Task: {F36F6B64-EBBC-4AA4-95AC-20CB960A8CD1} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {F6746179-907D-470F-96DD-0748E3263F66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {F9CF821A-B864-4EF6-BD19-E2CAFE713809} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {FE86C3DC-AAEF-4E93-90B8-85ED8978C2AF} - \WPD\SqmUpload_S-1-5-21-1629833701-3699544217-3734216812-500 -> No File <==== ATTENTION
Task: {FEF96465-9752-437B-BF18-A4D4044D55D8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {FF0907A6-4E10-4645-A083-F3C0B689FCA6} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Administrator\AppData\Local\1acb574\eb8c672.lnk -> C:\Users\Administrator\AppData\Local\1acb574\2fdf534.bat (No File)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-06-10 11:20 - 2015-06-10 11:20 - 00495816 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00023240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2015-05-06 04:23 - 2015-05-06 04:23 - 00418968 _____ () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
2015-05-06 04:23 - 2015-05-06 04:23 - 02543768 _____ () C:\Program Files\Nitro\Pro 10\Nitro_KissMetrics.dll
2016-12-24 17:00 - 2017-05-03 16:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2015-06-05 07:00 - 2015-06-05 07:00 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2017-05-26 15:20 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-09-10 02:06 - 2015-09-10 02:06 - 00810696 _____ () C:\Program Files (x86)\Roxio Creator NXT 4\Roxio Burn\RoxioBurnLauncher.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 17:30 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-23 17:27 - 2017-05-01 16:51 - 00133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-05 13:45 - 2016-11-02 15:04 - 01290200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-08-12 13:17 - 2016-08-12 13:17 - 00287760 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll
2016-08-12 13:17 - 2016-08-12 13:17 - 00209936 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll
2016-12-08 18:02 - 2015-02-27 15:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll
2016-12-19 18:18 - 2016-12-14 17:41 - 03494376 _____ () C:\Users\Administrator\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-12-13 18:47 - 2015-05-12 22:49 - 00304952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
2016-12-13 18:48 - 2015-06-25 11:42 - 01986872 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
2016-12-19 19:24 - 2015-08-31 15:25 - 01460176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2009-03-30 10:32 - 2009-03-30 10:32 - 00032768 ____R () C:\Windows\DAODx.exe
2016-09-27 23:02 - 2016-09-27 23:02 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 16:31 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 16:31 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:31 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 16:31 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 17:30 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 17:30 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 17:30 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-25 15:05 - 2017-05-25 15:07 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-25 15:05 - 2017-05-25 15:07 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-26 13:54 - 2015-05-14 10:18 - 01075712 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2016-12-26 13:54 - 2014-08-28 11:37 - 00033424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2015-09-23 06:02 - 2015-09-23 06:02 - 00089680 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2015-09-23 06:01 - 2015-09-23 06:01 - 00384080 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2016-12-10 17:37 - 2016-08-11 21:29 - 00105312 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2016-12-13 18:47 - 2015-07-07 18:07 - 01194808 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
2016-12-13 18:47 - 2015-07-07 18:07 - 02569528 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
2016-12-13 18:47 - 2015-06-03 20:46 - 00086840 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
2016-08-12 13:15 - 2016-08-12 13:15 - 00557072 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
2016-08-12 13:15 - 2016-08-12 13:15 - 02741760 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe
2016-08-12 13:18 - 2016-08-12 13:18 - 00486400 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe
2015-09-10 01:04 - 2015-09-10 01:04 - 03325640 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00525000 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2015-09-10 01:04 - 2015-09-10 01:04 - 00109256 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2016-06-08 03:29 - 2015-12-23 18:31 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-05-27 20:55 - 2017-05-27 20:55 - 00042792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-06-01 04:46 - 2015-06-05 07:00 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2017-01-27 18:11 - 2017-05-03 16:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00268248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4cTDPAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00786416 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00886232 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2017-02-05 13:45 - 2016-08-24 23:32 - 00828376 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2017-02-05 13:45 - 2016-10-11 23:55 - 00848344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2017-02-05 13:45 - 2016-11-02 15:06 - 04784088 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2017-02-05 13:45 - 2016-08-24 23:32 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2016-12-19 19:24 - 2015-05-21 23:57 - 01141248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2016-12-26 13:54 - 2015-11-05 12:13 - 01464320 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\MoboConnect.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00838456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2017-02-05 13:45 - 2016-10-11 10:55 - 00061440 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.32\Exeio.dll
2017-02-05 13:45 - 2016-10-11 10:55 - 01752576 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.32\Vender.dll
2017-02-05 13:41 - 2016-08-05 03:25 - 00669656 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMLib.dll
2016-12-26 13:54 - 2012-01-19 10:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2017-02-05 13:45 - 2015-09-17 11:58 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2016-06-01 04:54 - 2015-08-20 10:44 - 00064000 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll
2016-12-13 18:48 - 2015-06-05 10:37 - 00179712 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsusService.dll
2016-12-19 19:24 - 2015-08-31 15:21 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2016-12-19 19:24 - 2015-08-14 12:23 - 00621056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2016-12-19 19:24 - 2014-02-24 18:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2013-12-23 17:06 - 2010-02-08 03:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2013-12-23 17:06 - 2008-12-10 06:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2016-12-26 13:54 - 2013-11-20 11:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2016-12-26 13:54 - 2013-07-02 11:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2016-12-24 17:00 - 2017-05-03 16:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-12-30 18:30 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2016-12-13 18:47 - 2015-05-12 22:49 - 00253952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\pngio.dll
2016-08-12 13:15 - 2016-08-12 13:15 - 00098816 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\sradarlauncher.dll
2016-08-12 13:14 - 2016-08-12 13:14 - 00178704 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2DevProps.dll
2016-08-12 13:14 - 2016-08-12 13:14 - 00256016 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
2016-11-28 07:48 - 2016-11-28 07:47 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Administrator\Documents\TURN Q PLUS.pdf:Roxio EMC Stream [38]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-12-07 16:35 - 00001120 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       idb.iobit.com
127.0.0.1       asc55.iobit.com
127.0.0.1       is360.iobit.com
127.0.0.1       asc.iobit.com
127.0.0.1       pf.iobit.com
127.0.0.1       98.129.229.186
127.0.0.1       www.iana.org
127.0.0.1       iana.org#    ::1             localhost
127.0.0.1 54.83.135.167
127.0.0.1 54.83.135.167

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Control Panel\Desktop\\Wallpaper -> c:\users\administrator\pictures\dale-earnhardt-jr-elliott-21916-getty-ftrjpg_1bgtyq4z67iuf1xydrt0jhtl19.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Aero_PowerShell => "C:\WINDOWS\PSGlass.exe"
MSCONFIG\startupreg: Full glass => "C:\WINDOWS\Full glass.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_0BB272A9872478589BC035827915AEFF => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Advanced SystemCare 9"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38D3FF0C-B452-4CF1-95A3-00CFC09F879F}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{B8C67B83-EFE9-47CC-AD2E-9115B77F3C6C}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{5CB56A16-AFFD-44F2-87C6-43435B74F613}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [{6AEAE0EF-DDD3-47F2-ACE4-6AB59C0758A9}] => (Allow) C:\WINDOWS\SysWOW64\ftp.exe
FirewallRules: [TCP Query User{EA14CCF8-C501-4475-9144-EB87D49C93C3}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [UDP Query User{19DC2B5F-B1A3-4691-A6A9-CE61046958D7}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [TCP Query User{630A1828-2F97-4C5D-831D-23FA9994FFF3}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{5973780D-64AA-4B23-B2DC-671A75CF3615}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{D499C1A2-0CA1-447D-9302-76591856F8F6}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [UDP Query User{A2EEEE3A-BD0C-4BED-BA7F-F3411B5549EE}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [{6D017E33-C1C0-46A3-ADB0-3DF57048B919}] => (Allow) C:\Program Files (x86)\Trezaa\Trezaa.Service.exe
FirewallRules: [{5129867F-B87F-4266-909B-07E638804735}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{149557DA-4B8B-47E0-AA03-131449DFA35F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{208C5723-2F44-4560-B650-8914E7E64A13}H:\doom\doomx64.exe] => (Allow) H:\doom\doomx64.exe
FirewallRules: [UDP Query User{07B7BE6D-F649-4128-8304-7A384ABA7826}H:\doom\doomx64.exe] => (Allow) H:\doom\doomx64.exe
FirewallRules: [TCP Query User{6918DFA8-87E8-4027-8405-2F9CF4A7D05E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00559E98-3916-48DC-A8A6-AD75FFA915A3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A79E40DE-6380-4AFB-AA54-23574273E171}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS034D\hppiw.exe
FirewallRules: [{5F020567-98F3-444F-B367-FD95695F4C8E}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS034D\hppiw.exe
FirewallRules: [{CD3D67BF-83F8-4F57-820B-FBBF533AE3B5}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS06AB\hppiw.exe
FirewallRules: [{2B8FE0B7-2AC3-4966-97EB-4078B1292A7B}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS06AB\hppiw.exe
FirewallRules: [{DDD44D35-E1A6-4F49-90D4-A515FFBB1E93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E2D27074-5084-4462-8943-43062837672F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F96F4464-FF4A-421F-88E4-783BC81C0752}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{348FA78A-AC70-4E7A-9E36-0BA44E9504CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CB4AD3C1-8B02-4CF2-8FEA-247ACFD50461}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2C9D40C9-AB17-4C38-8AE2-975EB2643729}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{A545C370-DA94-4316-B6FC-2CA54BFB1CE7}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{39C84AFE-71D9-4028-BA7C-00E824A8CB9A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{A884A74E-31EA-4472-A82F-AC8E9F94C4E8}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [TCP Query User{B69489D3-E2A0-4C72-84ED-B47010BAE8DF}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [UDP Query User{4548E515-728A-4C49-B006-71095CFD449C}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dmr\aodmr.exe
FirewallRules: [TCP Query User{2E0248B7-3CCD-4898-B4AB-7F185D2CA03C}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{508EF44A-DCEF-42AE-AB66-DFFF85234D26}C:\users\administrator\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\administrator\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{A42688B2-3745-4A46-A7FE-F78B5213B819}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [UDP Query User{A381CD22-AC68-4FDE-AD84-3790D0C067E0}C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe] => (Allow) C:\program files (x86)\asus\homecloud\media streamer\asus media streamer\dlna\dms\aodms.exe
FirewallRules: [{8BDF1218-1500-4E66-94DB-CB9AF7F756AE}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{3DC10B0D-4F10-465B-A1A2-0C40C1E3AEEF}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{CAD801B7-A6E7-4949-AFAF-10DE7BFB4681}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{7C8F27A0-A501-4BE3-856B-C72531B5A0A8}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{9F6C3B98-EA12-4B6B-8E03-4D1B2297D6F9}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{8DB90FDF-2621-45FA-B10D-60D583CAAED6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C91E2884-6076-4DE0-9BB7-4780FAE41D5C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{DFBD0313-4D3C-4121-B4FF-AC723D9BDBCA}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe

==================== Restore Points =========================

25-05-2017 12:41:45 UnHackMe Malware Removal
25-05-2017 12:44:44 Removed Itibiti RTC
25-05-2017 12:45:14 Removed Browser Configuration Utility.
27-05-2017 20:27:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Photosmart eStn C510 series
Description: Photosmart eStn C510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Ethernet Connection (2) I219-V
Description: Intel® Ethernet Connection (2) I219-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: e1iexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2017 12:20:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:20:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:20:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:20:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2017 12:19:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (05/28/2017 12:15:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (05/28/2017 12:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second


System errors:
=============
Error: (05/28/2017 12:35:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: 2017-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4019472).

Error: (05/28/2017 12:15:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/28/2017 12:15:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/28/2017 12:15:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/27/2017 08:55:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/27/2017 08:55:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uxpatch service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/27/2017 08:55:44 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: uxpatch.sys


CodeIntegrity:
===================================
  Date: 2017-05-26 16:49:31.720
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 16:10:08.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 12:00:58.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-25 12:00:58.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-05-25 12:00:58.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-05-24 13:52:11.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-23 14:44:57.381
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-22 17:45:36.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-19 16:10:56.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-19 16:10:56.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16322.69 MB
Available physical RAM: 11983.69 MB
Total Virtual: 32706.69 MB
Available Virtual: 28021.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.32 GB) (Free:134.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (MB Support CD) (CDROM) (Total:5.92 GB) (Free:0 GB) CDFS
Drive e: (Storage Drive) (Fixed) (Total:931.51 GB) (Free:89.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Intel SSD) (Fixed) (Total:223.57 GB) (Free:23.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 98BBCFEF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 57FC04A8)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00163EA5)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 3 (Size: 2 MB) (Disk ID: 6F20736B)
No partition Table on disk 3.
Disk 3 is a removable device.

==================== End of Addition.txt ============================



#12 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 28 May 2017 - 11:57 AM

Thank you for your help

Attached Files



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 29 May 2017 - 08:07 AM

Alright, there's not much left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
After running the fix above, "AVG" should be listed in your list of installed programs. Uninstall it. If you can't, let me know what error you're getting.

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 scottl523

scottl523
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 29 May 2017 - 04:12 PM

AVG wasn't in my list of installed programs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by Administrator (29-05-2017 16:47:36) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicyScripts: Restriction <======= ATTENTION

Toolbar: HKU\S-1-5-21-1629833701-3699544217-3734216812-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

AVG (Version: 1.181.4 - AVG Technologies) Hidden

CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {29FF1CAE-134E-4EDF-8A28-2D7C13ED547D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2ACE87E7-A3A8-4C16-A9D7-6B5AE6DB6E16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C7A54A8-42CF-4540-8B89-85C2C21D99C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2F620946-0EAE-47C5-8571-3909D30F5042} - \ASUS\GpuFanHelper -> No File <==== ATTENTION
Task: {3D1D530B-6BE6-4A78-A348-979253AC690C} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {451B2062-11A5-4196-8660-4B63277E13A1} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {45996489-5FF6-4D87-8DAD-4809C2E71D09} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4AE49800-4BA1-46B5-B80E-0B7F5792BB71} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {4BFE716E-5268-4685-BF1B-D2AF4C1ED87F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4F80FA1A-B93E-489C-A5D9-6664950D5163} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {50A33E96-4799-475C-88E1-6A17FCABAE3F} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {5612F2F1-CDB5-44FC-9488-696B18FC0B8A} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {57B58F2B-C6CE-4B23-9763-350094F549B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5FBC0159-2CA8-4816-9D84-DAB5793097F3} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {60A2F600-603B-461A-A151-AFCADE6AAA69} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {67F08CAF-1320-490E-A390-728429522544} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {796C63D9-9943-44EB-A736-60470293CCD8} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {8CFCE851-24D7-491A-B349-B696263B628C} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {9C58625D-9CFE-485E-AA49-C82E54229614} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9CB17CF5-0EC8-47D2-95D8-CA95A2B73F36} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {A19514E9-5403-4FF3-8864-FD171553234E} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {A711E1BF-224D-4E46-879A-222B0E54EFE0} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {AE00BB64-DE6D-4127-8857-FD35897A44B2} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {B0544000-535D-4842-865D-7046AE2F3026} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B15E28D1-9A55-4C50-A320-0226DA784EF8} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {B5FBC0BB-575B-4519-A4D3-D97A1A82FF18} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C3A887E9-4B6E-42B2-9446-B8AE43476FB8} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {C3BB3343-B592-4A7C-B39A-029EC1E2F2E5} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {CF8B4CC3-6963-4542-B483-E55688087E2F} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {D2851A53-3044-4564-8D1E-C0C57E76461E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D457091E-29B0-417E-8DA0-B05048AFBC25} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {D4C23683-A5A1-4463-BF5F-1AF31BAECD65} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {D5990566-AA92-4A88-9535-97AC26BAD25C} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {D860070B-9F40-4839-BBED-C0B2679B079C} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {DC367917-8A9E-424E-9195-2A4BC7D4CC35} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {E5E7FDB7-BAD9-4B02-8265-4072F9627933} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {F36F6B64-EBBC-4AA4-95AC-20CB960A8CD1} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {F9CF821A-B864-4EF6-BD19-E2CAFE713809} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {FE86C3DC-AAEF-4E93-90B8-85ED8978C2AF} - \WPD\SqmUpload_S-1-5-21-1629833701-3699544217-3734216812-500 -> No File <==== ATTENTION

AlternateDataStreams: C:\Users\Administrator\Documents\TURN Q PLUS.pdf:Roxio EMC Stream [38]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]

MSCONFIG\startupreg: GoogleChromeAutoLaunch_0BB272A9872478589BC035827915AEFF => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\...\StartupApproved\Run: => "Advanced SystemCare 9"

C:\Program Files\OutfoxTV
C:\Program Files (x86)\IObit
C:\Program Files (x86)\Yahoo!
C:\ProgramData\IObit
C:\ProgramData\Google
C:\ProgramData\Windows 7
C:\Users\Administrator\80BhjWWuhFVb7qpi
C:\Users\Administrator\AppData\Local\1acb574
C:\Users\Administrator\AppData\Local\cjksuosz
C:\Users\Administrator\AppData\Local\oegdoby
C:\Users\Administrator\AppData\LocalLow\IObit
C:\Users\Administrator\AppData\Roaming\c
C:\Users\Administrator\AppData\Roaming\IObit
C:\WINDOWS\baee17b245f0cc69f0cde0a5451eca68.exe

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => key removed successfully
HKLM\System\CurrentControlSet\Services\LiveUpdateSvc => key removed successfully
LiveUpdateSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\FileMonitor => key removed successfully
FileMonitor => service removed successfully
HKLM\System\CurrentControlSet\Services\Partizan => key removed successfully
Partizan => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-1629833701-3699544217-3734216812-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088482FA-65B8-4E17-9ABF-1DCD48E8D373} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09F06BFE-A3C8-40E3-846A-6E6F4000C238} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29FF1CAE-134E-4EDF-8A28-2D7C13ED547D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29FF1CAE-134E-4EDF-8A28-2D7C13ED547D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ACE87E7-A3A8-4C16-A9D7-6B5AE6DB6E16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ACE87E7-A3A8-4C16-A9D7-6B5AE6DB6E16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C7A54A8-42CF-4540-8B89-85C2C21D99C1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C7A54A8-42CF-4540-8B89-85C2C21D99C1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F620946-0EAE-47C5-8571-3909D30F5042} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F620946-0EAE-47C5-8571-3909D30F5042} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\GpuFanHelper => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D1D530B-6BE6-4A78-A348-979253AC690C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D1D530B-6BE6-4A78-A348-979253AC690C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{451B2062-11A5-4196-8660-4B63277E13A1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{451B2062-11A5-4196-8660-4B63277E13A1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel\Intel Telemetry 2 (x86) => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45996489-5FF6-4D87-8DAD-4809C2E71D09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45996489-5FF6-4D87-8DAD-4809C2E71D09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AE49800-4BA1-46B5-B80E-0B7F5792BB71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AE49800-4BA1-46B5-B80E-0B7F5792BB71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BFE716E-5268-4685-BF1B-D2AF4C1ED87F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BFE716E-5268-4685-BF1B-D2AF4C1ED87F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F80FA1A-B93E-489C-A5D9-6664950D5163} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F80FA1A-B93E-489C-A5D9-6664950D5163} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50A33E96-4799-475C-88E1-6A17FCABAE3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50A33E96-4799-475C-88E1-6A17FCABAE3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5612F2F1-CDB5-44FC-9488-696B18FC0B8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5612F2F1-CDB5-44FC-9488-696B18FC0B8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57B58F2B-C6CE-4B23-9763-350094F549B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57B58F2B-C6CE-4B23-9763-350094F549B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FBC0159-2CA8-4816-9D84-DAB5793097F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FBC0159-2CA8-4816-9D84-DAB5793097F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A2F600-603B-461A-A151-AFCADE6AAA69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A2F600-603B-461A-A151-AFCADE6AAA69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67F08CAF-1320-490E-A390-728429522544} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F08CAF-1320-490E-A390-728429522544} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{796C63D9-9943-44EB-A736-60470293CCD8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{796C63D9-9943-44EB-A736-60470293CCD8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8CFCE851-24D7-491A-B349-B696263B628C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CFCE851-24D7-491A-B349-B696263B628C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C58625D-9CFE-485E-AA49-C82E54229614} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C58625D-9CFE-485E-AA49-C82E54229614} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB17CF5-0EC8-47D2-95D8-CA95A2B73F36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB17CF5-0EC8-47D2-95D8-CA95A2B73F36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A19514E9-5403-4FF3-8864-FD171553234E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A19514E9-5403-4FF3-8864-FD171553234E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A711E1BF-224D-4E46-879A-222B0E54EFE0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A711E1BF-224D-4E46-879A-222B0E54EFE0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE00BB64-DE6D-4127-8857-FD35897A44B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE00BB64-DE6D-4127-8857-FD35897A44B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0544000-535D-4842-865D-7046AE2F3026} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0544000-535D-4842-865D-7046AE2F3026} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0CBAB43-44FC-469B-A4CE-87426761FDCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B15E28D1-9A55-4C50-A320-0226DA784EF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B15E28D1-9A55-4C50-A320-0226DA784EF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5FBC0BB-575B-4519-A4D3-D97A1A82FF18} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5FBC0BB-575B-4519-A4D3-D97A1A82FF18} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3A887E9-4B6E-42B2-9446-B8AE43476FB8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3A887E9-4B6E-42B2-9446-B8AE43476FB8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3BB3343-B592-4A7C-B39A-029EC1E2F2E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3BB3343-B592-4A7C-B39A-029EC1E2F2E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF8B4CC3-6963-4542-B483-E55688087E2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF8B4CC3-6963-4542-B483-E55688087E2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2851A53-3044-4564-8D1E-C0C57E76461E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2851A53-3044-4564-8D1E-C0C57E76461E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D457091E-29B0-417E-8DA0-B05048AFBC25} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D457091E-29B0-417E-8DA0-B05048AFBC25} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4C23683-A5A1-4463-BF5F-1AF31BAECD65} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4C23683-A5A1-4463-BF5F-1AF31BAECD65} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5990566-AA92-4A88-9535-97AC26BAD25C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5990566-AA92-4A88-9535-97AC26BAD25C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D860070B-9F40-4839-BBED-C0B2679B079C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D860070B-9F40-4839-BBED-C0B2679B079C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC367917-8A9E-424E-9195-2A4BC7D4CC35} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC367917-8A9E-424E-9195-2A4BC7D4CC35} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5E7FDB7-BAD9-4B02-8265-4072F9627933} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5E7FDB7-BAD9-4B02-8265-4072F9627933} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EACA24FF-236C-401D-A1E7-B3D5267B8A50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACA24FF-236C-401D-A1E7-B3D5267B8A50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RacTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F36F6B64-EBBC-4AA4-95AC-20CB960A8CD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F36F6B64-EBBC-4AA4-95AC-20CB960A8CD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9CF821A-B864-4EF6-BD19-E2CAFE713809} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9CF821A-B864-4EF6-BD19-E2CAFE713809} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE86C3DC-AAEF-4E93-90B8-85ED8978C2AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE86C3DC-AAEF-4E93-90B8-85ED8978C2AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1629833701-3699544217-3734216812-500 => key removed successfully
C:\Users\Administrator\Documents\TURN Q PLUS.pdf => ":Roxio EMC Stream" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_0BB272A9872478589BC035827915AEFF => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OutfoxTV => key removed successfully
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949 => value removed successfully
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949 => value not found.
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Advanced SystemCare 9 => value removed successfully
HKU\S-1-5-21-1629833701-3699544217-3734216812-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 9 => value not found.
"C:\Program Files\OutfoxTV" => not found.
C:\Program Files (x86)\IObit => moved successfully
C:\Program Files (x86)\Yahoo! => moved successfully
C:\ProgramData\IObit => moved successfully
C:\ProgramData\Google => moved successfully
C:\ProgramData\Windows 7 => moved successfully
C:\Users\Administrator\80BhjWWuhFVb7qpi => moved successfully
C:\Users\Administrator\AppData\Local\1acb574 => moved successfully
C:\Users\Administrator\AppData\Local\cjksuosz => moved successfully
C:\Users\Administrator\AppData\Local\oegdoby => moved successfully
C:\Users\Administrator\AppData\LocalLow\IObit => moved successfully
C:\Users\Administrator\AppData\Roaming\c => moved successfully
C:\Users\Administrator\AppData\Roaming\IObit => moved successfully
C:\WINDOWS\baee17b245f0cc69f0cde0a5451eca68.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 239060590 B
Java, Flash, Steam htmlcache => 491903125 B
Windows/system/drivers => 516433624 B
Edge => 47830653 B
Chrome => 332862174 B
Firefox => 399128347 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 39744 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 2423246 B
NetworkService => 261876 B
Administrator => 14745433396 B

RecycleBin => 1156506945 B
EmptyTemp: => 16.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:50:54 ====



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 29 May 2017 - 06:50 PM

I can see that from the fixlog. Run a new scan with FRST and provide me the FRST.txt and Addition.txt logs.

Also, how's your system behaving now? Are there any other issues to address?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users