Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection won't allow me to run most programs, especially anti-virus programs.


  • This topic is locked This topic is locked
24 replies to this topic

#1 TheRealJustan

TheRealJustan

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 30 October 2017 - 07:50 PM

So I initially, I posted about my problem here. Below I've included the highlights: 

 

I'm not able to pinpoint exactly which bug this is, but what I can say is that due to its presence, I am severely limited in what I'm able to do on my computer. I got help a few years ago, for a very similar issue (which was resolved), but this one seems worse in a lot of ways. Whereas with that infection, i was unable to run most anti-virus software, and unable to save most files, this infection will not allow me to run any applications. Anything with a ".exe" extension will result in one of the error messages posted below, or it will simply do nothing at all. To put it into perspective, I'm not even able to open up a media player and watch a DVD, because this virus has seemed block just about all instances of the ".exe" extension. I'm currently running Windows 8.1 in Safe Mode. It's the only way I was able to get the FRST logs.

 

Here's a few more examples:

 

I can no longer activate the Task Manager. It simply tries to load it and gives me a basic error, and offers hitting "Esc" or the "Power Button to shut down/restart" as a solution, should continue having problems. I've never sen that before today...

 

My designated web browser "Opera" no longer opens, even after three system restarts. So far, it seems Chrome is the only browser I can use. 

 

Trying to access any type of system function such as a System Restore brings me an error message about "inconsistent attributes" (as seen below).

 

As posted in my initial topic: The icing on the cake is that I can no longer open rkill without the same "inconsistent attributes" message, and Malwarebytes Anti-Malware won't open at all...no error messages, no nothing. It simply begins loading and it stops. Any type of anti-anything software seems to be a no go, other than Emsis. I was only able to run Emsis Anti-Malware, but after the scan and subsequent restart was accomplished, I was back to the same issues, with nothing changed. 

 

Quote

 

C:\User\Downloads\[software].exe

 

The extended attributes are inconsistent.

 

This happens for just about every program, except for Google Chrome. 

 

I tried to grab a screenshot of one of these error messages, but that requires me to either open up Windows Paint or Snagit to run. Neither which I'm able to do. When I try to run paint, I get the following message:

 

Quote

The application was unable to start correctly (0xc0000005). Click OK to close the application.

 

 

 

And now for the logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by Justan (administrator) on GM0310 (30-10-2017 19:47:50)
Running from G:\
Loaded Profiles: Justan (Available Profiles: Justan & Natalie & Games & Kids)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-01-30] (IDT, Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-10-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8844592 2017-09-29] (Emsisoft Ltd)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2725400 2015-02-05] (Sony Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-05-21] ()
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [71312 2014-03-07] (Charity Engine)
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\charityengine.exe [3757712 2014-03-07] (Charity Engine)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2184776 2017-07-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-03-10] (Autodesk, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Google Update] => C:\Users\Justan\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <==== ATTENTION
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-25] (Valve Corporation)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Justan\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\MountPoints2: {3e90b785-a09a-11e6-bfd3-8851fb60267a} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\MountPoints2: {4a947b64-bf38-11e5-bfab-8851fb60267a} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\MountPoints2: {59133810-8e71-11e7-bff6-8851fb60267a} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\MountPoints2: {93ce2b43-1117-11e6-bfb4-8851fb60267a} - "I:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\MountPoints2: {f90e165b-d39e-11e5-bfad-8851fb60267a} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-01-19]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk [2017-10-05]
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2016-01-19]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-01-19]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Justan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XFINITY WiFi.lnk [2017-10-12]
ShortcutTarget: XFINITY WiFi.lnk -> C:\Program Files (x86)\Comcast\XFINITY WiFi\XFINITY WiFi.exe (Smith Micro Software, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{67FF5371-A68B-42C9-9366-02BB82BCB9C9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D72FEB1D-25D0-4819-AD73-8A9D9D5D2AD7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D72FEB1D-25D0-4819-AD73-8A9D9D5D2AD7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> {D0C5850D-9F09-4AD0-B35E-F99CD1379D55} URL = hxxps://search.yahoo.com/yhs/search?hspart=verti&hsimp=yhs-verti_002&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-07] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
BHO: NJStarBHO Class -> {E74F179F-F6CC-4BE0-9638-DEA49583953F} -> C:\Program Files (x86)\NJStar Communicator\x64\NJStarBHO64.dll [2015-12-07] (NJStar Software Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-05-21] (Wondershare)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: NJStarBHO Class -> {E74F179F-F6CC-4BE0-9638-DEA49583953F} -> C:\Program Files (x86)\NJStar Communicator\NJStarBHO32.dll [2015-12-07] (NJStar Software Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default [2017-09-16]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0l6btq3y.default -> Google (avast)
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\0l6btq3y.default -> hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\0l6btq3y.default -> Google (avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0l6btq3y.default -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\0l6btq3y.default -> hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\0l6btq3y.default -> hxxps://www.google.com/search/?trackid=sp-006
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> backup.ftp", "128.199.111.111"
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> backup.ftp_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> backup.socks", "128.199.111.111"
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> backup.socks_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> backup.ssl", "128.199.111.111"
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> backup.ssl_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> ftp", "167.114.53.152 "
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> ftp_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> http", "167.114.53.152 "
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> http_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> socks", "167.114.53.152 "
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> socks_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> ssl", "167.114.53.152 "
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> ssl_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\0l6btq3y.default -> type", 0
FF Extension: (HelloSign for Gmail) - C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default\Extensions\@hellosign-for-gmail.xpi [2016-07-18]
FF Extension: (Active Whois & Flags extension) - C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default\Extensions\info@johnru.com.xpi [2017-09-14]
FF SearchPlugin: C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default\searchplugins\google-avast.xml [2015-07-01]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-07-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Justan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @talk.google.com/O1DPlugin -> C:\Users\Justan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1878577048-805392268-2015328708-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Justan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-21] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Justan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Justan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://msn.com/"
CHR Profile: C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default [2017-10-30]
CHR Extension: (Active Whois & Flags extension) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coojahlenlkakmmnbkfapdhmcffcjplg [2017-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Chrome Media Router) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR Profile: C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-07-12]
CHR Profile: C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-07-12]
CHR Extension: (No Name) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (No Name) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (No Name) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-05-18]
CHR Extension: (No Name) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (No Name) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (No Name) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-17]
CHR Extension: (NJStar Convertor) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlklhlmekdhcfmndodpbjmgpepoeiiaf [2015-05-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (No Name) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR Profile: C:\Users\Justan\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-12]
CHR Extension: (Google Docs) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-21]
CHR Extension: (Google Search) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-17]
CHR Extension: (NJStar Chinese Website Convertor) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jlklhlmekdhcfmndodpbjmgpepoeiiaf [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-21]
CHR Extension: (Google Wallet) - C:\Users\Justan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Honey) - C:\Users\Justan\AppData\Roaming\Opera Software\Opera Stable\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-10-09]
OPR Extension: (Honey) - C:\Users\Justan\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2017-07-07]
OPR Extension: (Download Chrome Extension) - C:\Users\Justan\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-09-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9151744 2017-09-29] (Emsisoft Ltd)
S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1309176 2017-03-10] (Autodesk Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-10-20] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-20] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-06] (AVG Technologies CZ, s.r.o.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [392168 2016-08-31] (Digital Wave Ltd.)
S2 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [279552 2016-06-13] () [File not signed]
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
S2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-20] ()
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
S2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-20] ()
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-06] (Electronic Arts)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [331776 2013-01-30] (IDT, Inc.) [File not signed]
S2 Start Menu Logon Manager; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [764672 2016-07-25] (ReviverSoft)
S2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-07-07] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] ()
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-07-07] ()
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-10-20] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314640 2017-10-20] (AVG Technologies CZ, s.r.o.)
S0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-10-20] (AVG Technologies CZ, s.r.o.)
S0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-10-20] (AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-10-20] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-10-20] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [140192 2017-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-10-20] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-10-20] (AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1022288 2017-10-26] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [579584 2017-10-20] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [193768 2017-10-20] (AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [355856 2017-10-20] (AVG Technologies CZ, s.r.o.)
S1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S2 EPSTNT01; C:\Windows\SysWow64\Drivers\EPSTNT01.sys [19744 1998-11-26] (© SEIKO EPSON Corporation.) [File not signed]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-05-07] (Huawei Technologies Co., Ltd.)
S3 MAUSBMIDISPORT; C:\WINDOWS\system32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
S2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-29] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-30] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-30] (Malwarebytes)
S3 mlkumidi; C:\WINDOWS\system32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-06-06] ()
S1 VBoxDrv; C:\Windows\SysWOW64\DRIVERS\VBoxDrv.sys [254240 2014-05-16] (Oracle Corporation)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [196040 2017-09-13] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-09-13] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [138432 2017-09-13] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cleanhlp; \??\F:\EEK\bin\cleanhlp64.sys [X]
S3 cpuz138; \??\C:\Users\Justan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-30 19:47 - 2017-10-30 19:47 - 000000000 ____D C:\FRST
2017-10-30 19:40 - 2017-10-30 19:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-30 01:02 - 2017-10-30 01:02 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-29 17:30 - 2017-10-30 19:47 - 000328720 _____ C:\WINDOWS\ntbtlog.txt
2017-10-29 16:26 - 2017-10-29 16:26 - 002674047 _____ C:\Users\Justan\Downloads\Brentwood.pdf
2017-10-29 04:14 - 2017-10-29 04:14 - 000000000 ____D C:\ProgramData\Emsisoft
2017-10-29 04:09 - 2017-10-29 04:09 - 000000915 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-10-29 04:09 - 2017-10-29 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-10-29 04:08 - 2017-10-30 19:42 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-10-29 03:31 - 2017-10-29 03:34 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\Justan\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2017-10-29 03:19 - 2017-10-29 03:23 - 000001718 _____ C:\Users\Justan\Desktop\Rkill.txt
2017-10-29 03:19 - 2017-10-29 03:19 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Justan\Downloads\rkill64.exe
2017-10-29 03:18 - 2017-10-29 03:18 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Justan\Downloads\rkill.exe
2017-10-29 03:13 - 2017-10-29 03:13 - 006559869 _____ C:\Users\Justan\Downloads\PCHunter_free.zip
2017-10-29 02:02 - 2017-10-30 19:44 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-29 02:02 - 2017-10-29 02:02 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-29 02:00 - 2017-10-29 02:00 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-29 02:00 - 2017-10-29 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-29 02:00 - 2017-10-29 02:00 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-29 02:00 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-29 01:58 - 2017-10-29 01:59 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-28 20:39 - 2017-10-28 20:39 - 003934840 _____ (Google) C:\Users\Justan\Downloads\chrome_cleanup_tool.exe
2017-10-28 20:09 - 2017-10-28 20:10 - 033210096 _____ C:\Users\Justan\Downloads\dMC-R16.2-Ref-Trial.exe
2017-10-27 01:02 - 2017-10-27 01:02 - 000000000 ____D C:\Users\Justan\Downloads\opensnc-src-0.1.4
2017-10-27 01:00 - 2017-10-27 01:00 - 010525059 _____ C:\Users\Justan\Downloads\opensnc-src-0.1.4.tar.gz
2017-10-27 00:56 - 2017-10-27 00:57 - 000000000 ____D C:\Users\Justan\Downloads\opensnc-win-0.1.4
2017-10-27 00:55 - 2017-10-27 00:55 - 012447389 _____ C:\Users\Justan\Downloads\opensnc-win-0.1.4.zip
2017-10-27 00:32 - 2017-10-27 00:39 - 000000000 ____D C:\Users\Justan\Documents\C++ Files
2017-10-27 00:22 - 2017-10-27 00:24 - 000000000 ____D C:\Users\Justan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-10-27 00:21 - 2017-10-27 00:21 - 000000000 ____D C:\Users\Justan\AppData\Local\Package Cache
2017-10-27 00:19 - 2017-10-27 00:19 - 031619840 _____ (Python Software Foundation) C:\Users\Justan\Downloads\python-3.6.3-amd64.exe
2017-10-27 00:14 - 2017-10-27 00:17 - 000000000 ____D C:\Users\Justan\Documents\Python
2017-10-27 00:09 - 2017-10-27 00:18 - 000000000 ____D C:\Users\Justan\.thonny
2017-10-27 00:06 - 2017-10-27 00:06 - 000002124 _____ C:\Users\Justan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thonny.lnk
2017-10-27 00:06 - 2017-10-27 00:06 - 000002116 _____ C:\Users\Justan\Desktop\Thonny.lnk
2017-10-27 00:04 - 2017-10-27 00:04 - 010604800 _____ (Aivar Annamaa ) C:\Users\Justan\Downloads\thonny-2.1.12.exe
2017-10-26 23:09 - 2017-10-26 23:09 - 000000000 ____D C:\Users\Justan\Downloads\Polygon
2017-10-26 23:08 - 2017-10-26 23:08 - 000021078 _____ C:\Users\Justan\Downloads\Polygon.zip
2017-10-26 22:14 - 2017-10-26 22:14 - 000028893 _____ C:\Users\Justan\Downloads\Class-A.zip
2017-10-26 21:10 - 2017-10-26 21:11 - 000042148 _____ C:\Users\Justan\Downloads\AEC-Imperial.zip
2017-10-26 00:34 - 2017-10-26 00:34 - 000025875 _____ C:\Users\Justan\Downloads\Elec_Diagram.zip
2017-10-26 00:00 - 2017-10-26 00:00 - 000054890 _____ C:\Users\Justan\Downloads\Arrange-A.zip
2017-10-25 23:13 - 2017-10-25 23:13 - 000022327 _____ C:\Users\Justan\Downloads\Schematic.zip
2017-10-25 22:22 - 2017-10-25 22:22 - 000056597 _____ C:\Users\Justan\Downloads\Process.zip
2017-10-25 22:16 - 2017-10-25 22:16 - 000072084 _____ C:\Users\Justan\Downloads\Missing View.zip
2017-10-25 22:05 - 2017-10-25 22:05 - 000022324 _____ C:\Users\Justan\Downloads\Pattern.zip
2017-10-25 21:35 - 2017-10-25 21:35 - 000071917 _____ C:\Users\Justan\Downloads\Arm.zip
2017-10-25 21:04 - 2017-10-25 21:04 - 000023660 _____ C:\Users\Justan\Downloads\Fence-A.zip
2017-10-24 00:39 - 2017-10-24 00:39 - 000001231 _____ C:\Users\Justan\Downloads\bkd32.zip
2017-10-23 21:09 - 2017-10-23 21:09 - 000000000 ____D C:\Users\Justan\AppData\Roaming\Daum
2017-10-23 20:52 - 2017-10-23 20:52 - 000000000 ____D C:\Users\Justan\AppData\Roaming\PotPlayerMini64
2017-10-23 20:49 - 2017-10-23 21:09 - 000000996 _____ C:\Users\Justan\Desktop\PotPlayer 64 bit.lnk
2017-10-23 20:49 - 2017-10-23 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-10-23 20:49 - 2017-10-23 20:49 - 000000000 ____D C:\Program Files\DAUM
2017-10-23 20:46 - 2017-10-23 20:46 - 021916424 _____ (Kakao) C:\Users\Justan\Downloads\PotPlayerSetup64.exe
2017-10-23 16:05 - 2017-10-23 16:09 - 000025248 _____ C:\Users\Justan\Documents\sonic_retro_essay.odt
2017-10-23 16:05 - 2017-10-23 16:09 - 000000105 ____H C:\Users\Justan\Documents\.~lock.sonic_retro_essay.odt#
2017-10-20 04:28 - 2017-10-20 04:28 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-10-19 12:45 - 2017-10-19 12:45 - 001491069 _____ C:\Users\Justan\Downloads\Gamble Natalie TR 2016.pdf
2017-10-19 03:19 - 2017-10-19 03:19 - 023501805 _____ C:\Users\Justan\Downloads\EMU_General_MIDI_Collection.zip
2017-10-19 01:26 - 2017-10-19 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtualMIDISynth
2017-10-19 01:26 - 2017-10-19 01:26 - 000000000 ____D C:\Program Files\VirtualMIDISynth
2017-10-19 01:25 - 2017-10-19 01:25 - 001246664 _____ (CoolSoft) C:\Users\Justan\Downloads\CoolSoft_VirtualMIDISynth_2.0.1.exe
2017-10-18 16:35 - 2017-10-18 16:35 - 000000000 ____D C:\Users\Kids\AppData\Roaming\Autodesk
2017-10-18 16:35 - 2017-10-18 16:35 - 000000000 ____D C:\Users\Kids\AppData\Local\Autodesk
2017-10-18 05:35 - 2017-10-18 05:40 - 000000000 ____D C:\MinGW
2017-10-18 05:35 - 2017-10-18 05:35 - 000000982 _____ C:\Users\Justan\AppData\Roaming\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2017-10-18 05:35 - 2017-10-18 05:35 - 000000958 _____ C:\Users\Justan\Desktop\MinGW Installer.lnk
2017-10-18 05:34 - 2017-10-18 05:34 - 000086528 _____ (MinGW.org Project) C:\Users\Justan\Downloads\mingw-get-setup.exe
2017-10-12 13:58 - 2017-10-12 13:58 - 000000000 ____D C:\Users\Justan\apktool
2017-10-12 13:54 - 2017-10-12 14:16 - 000000000 ____D C:\Users\Justan\.apkstudio
2017-10-12 13:54 - 2017-10-12 13:54 - 000001984 _____ C:\Users\Public\Desktop\APK Studio.lnk
2017-10-12 13:54 - 2017-10-12 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APK Studio
2017-10-12 13:54 - 2017-10-12 13:54 - 000000000 ____D C:\Program Files (x86)\apkstudio
2017-10-12 13:52 - 2017-10-12 13:52 - 017487521 _____ (Vaibhav Pandey) C:\Users\Justan\Downloads\apkstudio-d49d3de-windows.exe
2017-10-12 04:08 - 2017-10-12 04:08 - 000551896 _____ C:\Users\Justan\Downloads\fruit.zip
2017-10-11 12:14 - 2017-10-29 04:49 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJustan.job
2017-10-11 12:14 - 2017-10-25 11:06 - 000003166 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJustan
2017-10-11 07:28 - 2017-10-11 07:28 - 007905536 _____ (Tim Kosse) C:\Users\Justan\Downloads\FileZilla_3.28.0_win64-setup.exe
2017-10-10 21:03 - 2017-10-10 21:03 - 000000222 _____ C:\Users\Justan\Desktop\Sonic Mania.url
2017-10-09 22:34 - 2017-10-09 22:34 - 000001099 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-10-09 22:34 - 2017-10-09 22:34 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-10-09 22:34 - 2017-10-09 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-10-09 22:34 - 2017-10-09 22:34 - 000000000 ____D C:\Program Files\Oracle
2017-10-09 22:34 - 2017-09-13 11:04 - 000965984 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2017-10-09 22:34 - 2017-09-13 11:04 - 000149816 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2017-10-09 22:24 - 2017-10-09 22:25 - 123929944 _____ (Oracle Corporation) C:\Users\Justan\Downloads\VirtualBox-5.1.28-117968-Win.exe
2017-10-07 16:20 - 2017-10-07 16:22 - 130726342 _____ C:\Users\Justan\Downloads\Sega Master System PSG Sf2s.rar
2017-10-07 16:14 - 2017-10-07 16:14 - 000000000 ____D C:\Users\Justan\Downloads\FR_OCR_4020_EU
2017-10-07 16:13 - 2017-10-07 16:13 - 015327871 _____ C:\Users\Justan\Downloads\frocr_4020_eu.exe
2017-10-07 16:01 - 2017-10-07 16:01 - 000000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2017-10-07 16:01 - 2017-10-07 16:01 - 000000982 _____ C:\Users\Public\Desktop\VueScan x32.lnk
2017-10-07 16:01 - 2017-10-07 16:01 - 000000000 ____D C:\Program Files (x86)\VueScan
2017-10-07 16:00 - 2017-10-07 16:00 - 009453840 _____ (Hamrick Software) C:\Users\Justan\Downloads\vuex3295.exe
2017-10-05 22:55 - 2017-10-05 22:55 - 000000000 ____D C:\Program Files (x86)\DeviceManagerHidden
2017-10-05 22:35 - 2017-10-05 22:35 - 000006189 _____ C:\Users\Justan\Downloads\microtek_scanmaker_4800_updated.zip
2017-10-05 22:16 - 2017-10-07 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microtek ScanWizard 5 for Windows
2017-10-05 22:16 - 2017-10-05 22:16 - 000002074 _____ C:\Users\Public\Desktop\ScanWizard 5.lnk
2017-10-05 22:16 - 2017-10-05 22:16 - 000002048 _____ C:\Users\Public\Desktop\My Images.lnk
2017-10-05 22:16 - 2017-10-05 22:16 - 000002012 _____ C:\Users\Public\Desktop\Microtek Scanner Configuration.lnk
2017-10-05 22:15 - 2017-10-05 22:15 - 000000000 ____D C:\Kpcms
2017-10-05 22:15 - 2007-04-11 09:47 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM20w.dll
2017-10-05 22:15 - 2007-01-16 14:11 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM24w.dll
2017-10-05 22:15 - 2006-04-25 22:14 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM23w.dll
2017-10-05 22:15 - 2005-07-22 11:31 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM21w.dll
2017-10-05 22:15 - 2005-07-01 14:05 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM22w.dll
2017-10-05 22:15 - 2005-03-07 13:54 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM1FW.dll
2017-10-05 22:15 - 2005-03-02 09:17 - 000030557 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD17.dll
2017-10-05 22:15 - 2005-01-26 19:30 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM0Aw.dll
2017-10-05 22:15 - 2004-12-02 18:27 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSM0Bw.dll
2017-10-05 22:15 - 2004-07-19 08:44 - 000044491 _____ C:\WINDOWS\SysWOW64\MiiIniFile13.ini
2017-10-05 22:15 - 2004-07-16 18:20 - 000126976 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSM13w.dll
2017-10-05 22:15 - 2004-07-16 14:53 - 000118784 _____ (Realtek) C:\WINDOWS\SysWOW64\MiiRTS8822.dll
2017-10-05 22:15 - 2004-04-12 11:27 - 000106496 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSM1CW.dll
2017-10-05 22:15 - 2004-03-25 14:38 - 000114688 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSM17W.dll
2017-10-05 22:15 - 2004-02-18 09:28 - 000035589 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD12.dll
2017-10-05 22:15 - 2004-02-18 09:27 - 000030565 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD15.dll
2017-10-05 22:15 - 2004-01-08 11:39 - 000184320 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSM0CW.dll
2017-10-05 22:15 - 2003-10-08 15:26 - 000208896 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSM08w.dll
2017-10-05 22:15 - 2003-08-11 12:54 - 000204800 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSME6w.dll
2017-10-05 22:15 - 2003-07-18 11:42 - 000030565 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD13.dll
2017-10-05 22:15 - 2003-07-17 16:12 - 000012499 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\Msmusd7.dll
2017-10-05 22:15 - 2003-07-08 18:06 - 000192512 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSME4W.dll
2017-10-05 22:15 - 2003-06-11 12:03 - 000015396 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\Msmusd5.dll
2017-10-05 22:15 - 2003-05-07 12:02 - 000208896 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSME5w.dll
2017-10-05 22:15 - 2003-05-01 19:14 - 000030053 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD11.dll
2017-10-05 22:15 - 2003-04-24 19:00 - 000035589 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD10.dll
2017-10-05 22:15 - 2003-03-19 16:57 - 000030013 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD9.dll
2017-10-05 22:15 - 2003-03-07 08:56 - 000098304 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMD8w.dll
2017-10-05 22:15 - 2002-10-30 15:21 - 000062947 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMC1W.dll
2017-10-05 22:15 - 2002-10-21 11:06 - 000038215 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSM8BW.dll
2017-10-05 22:15 - 2002-10-08 18:53 - 000041733 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMB1W.dll
2017-10-05 22:15 - 2002-07-16 15:29 - 000067522 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMD9W.dll
2017-10-05 22:15 - 2002-04-18 15:46 - 000073601 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMD4W.dll
2017-10-05 22:15 - 2002-03-27 16:34 - 000072584 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMCFw.dll
2017-10-05 22:15 - 2002-02-06 10:37 - 000030030 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD7.dll
2017-10-05 22:15 - 2001-12-26 08:47 - 000035563 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMWUD.dll
2017-10-05 22:15 - 2001-12-18 14:48 - 000062462 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMCEw.dll
2017-10-05 22:15 - 2001-10-22 11:28 - 000035246 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMBDW.dll
2017-10-05 22:15 - 2001-10-22 11:28 - 000034720 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMB0W.dll
2017-10-05 22:15 - 2001-08-29 13:22 - 000035906 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMC9W.dll
2017-10-05 22:15 - 2001-08-29 13:22 - 000035906 _____ (Microtek International Inc.) C:\WINDOWS\SysWOW64\MSMA7W.dll
2017-10-05 22:15 - 2001-06-20 15:44 - 000013962 _____ ( Microtek International Inc.) C:\WINDOWS\SysWOW64\Msmusd6.dll
2017-10-05 22:15 - 1998-09-14 08:41 - 000285216 _____ C:\WINDOWS\SysWOW64\Drivers\Onsio.sys
2017-10-05 22:15 - 1998-08-01 12:00 - 000060928 _____ (OnSpec Electronic, Inc.) C:\WINDOWS\SysWOW64\Drivers\Smplscsi.sys
2017-10-05 22:15 - 1997-02-14 13:10 - 000007680 _____ C:\WINDOWS\SysWOW64\Drivers\Onsreged.sys
2017-10-05 22:08 - 2017-10-05 22:08 - 000003058 _____ C:\WINDOWS\System32\Tasks\{7803C6BD-92C3-4B5B-99E9-1A5209316ABB}
2017-10-05 20:45 - 2017-10-05 20:45 - 000000000 ____D C:\Program Files (x86)\Microtek
2017-10-05 20:31 - 2017-10-05 20:31 - 000003132 _____ C:\WINDOWS\System32\Tasks\{2DE1EE99-2A38-4A11-861D-417768962693}
2017-10-05 20:31 - 2017-10-05 20:31 - 000000000 ____D C:\disk4
2017-10-05 20:31 - 2017-10-05 20:31 - 000000000 ____D C:\disk3
2017-10-05 20:31 - 2017-10-05 20:31 - 000000000 ____D C:\disk2
2017-10-05 20:31 - 2017-10-05 20:31 - 000000000 ____D C:\Disk1
2017-10-05 20:31 - 2007-06-27 13:04 - 000100352 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\MSM1FW2.dll
2017-10-05 20:30 - 2017-10-05 20:30 - 000000000 ____D C:\Users\Justan\Downloads\SW5_6310_EU
2017-10-05 20:28 - 2017-10-05 20:30 - 025415534 _____ C:\Users\Justan\Downloads\sw5_6310_eu.exe
2017-10-05 20:20 - 2017-10-02 13:01 - 001926750 _____ C:\Users\Justan\Documents\Chopster%20Official%20Design%20Document.doc_0.odt
2017-10-05 20:12 - 2017-10-05 20:13 - 020811088 _____ C:\Users\Justan\Downloads\microtek_sms430_6171p.zip
2017-10-05 19:46 - 2017-10-07 16:01 - 000000000 ____D C:\WINDOWS\twain_64
2017-10-05 19:45 - 2017-10-05 19:45 - 010340472 _____ (Hamrick Software) C:\Users\Justan\Downloads\vuex6495.exe
2017-10-03 17:27 - 2017-10-03 17:27 - 000890008 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe
2017-10-03 17:27 - 2017-10-03 17:27 - 000889496 _____ (Python Software Foundation) C:\WINDOWS\py.exe
2017-10-01 16:14 - 2017-10-01 16:14 - 000979968 _____ C:\Users\Justan\Documents\S3782i1.ppt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-30 19:42 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-30 19:41 - 2016-07-27 00:06 - 000000000 _____ C:\hsrv.txt
2017-10-30 19:38 - 2013-08-22 09:25 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2017-10-30 19:35 - 2015-06-16 05:54 - 000000000 ____D C:\Users\Justan\AppData\Local\CrashDumps
2017-10-30 19:31 - 2013-11-18 15:57 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1878577048-805392268-2015328708-1001
2017-10-30 19:29 - 2015-01-17 22:07 - 000000000 ____D C:\Users\Justan\OneDrive
2017-10-30 19:24 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2017-10-30 04:44 - 2015-12-06 02:31 - 000000000 ____D C:\ProgramData\BOINC
2017-10-30 01:06 - 2014-11-01 21:24 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-29 21:41 - 2013-12-14 03:09 - 000000000 ____D C:\Users\Justan\AppData\Local\ElevatedDiagnostics
2017-10-29 17:30 - 2015-01-17 21:28 - 000000000 ____D C:\Users\Justan
2017-10-29 17:11 - 2013-11-23 12:20 - 000000000 ____D C:\Users\Justan\AppData\Local\Adobe
2017-10-29 16:57 - 2016-11-21 14:10 - 000000000 ____D C:\Users\Kids
2017-10-29 16:57 - 2015-01-17 21:28 - 000000000 ____D C:\Users\Natalie
2017-10-29 16:57 - 2015-01-17 21:28 - 000000000 ____D C:\Users\Games
2017-10-29 05:49 - 2017-05-15 13:13 - 000000000 ____D C:\Users\Justan\AppData\Local\Akamai
2017-10-29 04:49 - 2013-11-18 16:29 - 000000000 ____D C:\ProgramData\ReviverSoft
2017-10-29 04:46 - 2017-04-24 20:52 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-10-29 03:06 - 2015-01-16 04:21 - 000000000 ____D C:\Users\Justan\AppData\Roaming\GameMaker-Studio
2017-10-29 03:06 - 2013-11-18 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2017-10-29 02:00 - 2014-09-19 05:31 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-10-29 02:00 - 2014-02-14 02:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-28 20:43 - 2013-11-18 15:58 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-28 20:43 - 2013-11-18 15:58 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-28 20:02 - 2013-11-22 04:34 - 000000000 ____D C:\Users\Justan\AppData\Roaming\FileZilla
2017-10-28 19:02 - 2014-01-14 00:44 - 000000000 ____D C:\Users\Justan\AppData\Roaming\vlc
2017-10-28 07:05 - 2016-11-13 13:37 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-10-28 06:09 - 2017-07-27 00:10 - 000000000 ____D C:\Users\Justan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2017-10-27 07:43 - 2017-05-20 02:13 - 000003842 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1453140141
2017-10-27 07:43 - 2016-01-18 14:02 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-27 01:17 - 2014-08-21 06:12 - 000000000 ____D C:\Users\Justan\AppData\Roaming\CodeBlocks
2017-10-27 00:25 - 2013-04-19 12:58 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-26 16:29 - 2017-04-06 00:11 - 001022288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsnx.sys
2017-10-26 03:17 - 2015-07-22 18:42 - 000004424 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-26 03:17 - 2013-12-24 19:10 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-26 03:17 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 03:17 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 21:08 - 2012-03-15 11:30 - 000035863 _____ C:\Users\Justan\AppData\Local\Fence-A.dwg
2017-10-25 17:13 - 2017-09-02 22:42 - 000000000 ____D C:\Users\Justan\Documents\Feed ME
2017-10-23 21:50 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-23 02:31 - 2016-11-21 14:39 - 000000000 ____D C:\Users\Kids\AppData\Roaming\vlc
2017-10-20 20:29 - 2016-11-21 14:19 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1878577048-805392268-2015328708-1010
2017-10-20 19:20 - 2016-11-21 14:40 - 000000000 ____D C:\Users\Kids\AppData\Roaming\dvdcss
2017-10-20 04:29 - 2017-04-06 00:11 - 000003920 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-10-20 04:28 - 2017-04-06 00:11 - 000579584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000355856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000193768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-10-20 04:28 - 2017-04-06 00:11 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-10-20 04:28 - 2015-07-01 14:35 - 000000000 ____D C:\ProgramData\AVG
2017-10-18 17:26 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-18 17:22 - 2014-12-09 13:44 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-18 16:38 - 2016-11-21 16:53 - 000000000 ____D C:\Users\Kids\AppData\Roaming\AVG
2017-10-18 16:37 - 2016-11-21 14:16 - 000000000 ____D C:\Users\Kids\AppData\Local\Avg
2017-10-18 16:36 - 2016-11-21 14:11 - 000000000 ____D C:\Users\Kids\AppData\Roaming\Adobe
2017-10-18 00:08 - 2016-07-27 00:07 - 000000000 ____D C:\Users\Justan\.VirtualBox
2017-10-17 14:10 - 2016-11-23 00:03 - 000000000 ____D C:\Users\Justan\Documents\Fusion Tutorials
2017-10-17 08:55 - 2014-11-21 04:44 - 000893460 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-12 13:58 - 2016-11-13 23:35 - 000000000 ____D C:\Users\Justan\Documents\Chopster
2017-10-12 05:34 - 2015-02-23 05:50 - 000000000 ____D C:\Users\Justan\AppData\Roaming\Skype
2017-10-11 15:39 - 2013-12-25 02:42 - 000000000 ____D C:\Users\Justan\AppData\Local\HPConnectedMusic
2017-10-11 07:29 - 2013-11-22 04:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-10-11 07:29 - 2013-11-22 04:33 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-10-10 21:03 - 2015-01-16 04:09 - 000000000 ____D C:\Users\Justan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-10-08 23:24 - 2013-11-20 02:22 - 000000000 ____D C:\Users\Justan\AppData\Local\Hewlett-Packard
2017-10-07 16:15 - 2013-04-19 12:59 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-05 19:55 - 2017-08-04 12:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-05 19:55 - 2013-12-24 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-03 13:02 - 2017-02-08 08:46 - 000000000 ____D C:\Users\Justan\AppData\Roaming\Aseprite
 
==================== Files in the root of some directories =======
 
2014-03-11 11:15 - 2005-08-14 14:49 - 000002238 _____ () C:\Program Files (x86)\reFX Icon.ico
2014-03-11 11:15 - 2014-03-11 11:15 - 000002384 _____ () C:\Program Files (x86)\unins000.dat
2014-03-11 11:15 - 2014-03-11 11:15 - 000691545 _____ () C:\Program Files (x86)\unins000.exe
2014-03-11 11:15 - 2007-12-30 00:46 - 001859584 _____ (reFX) C:\Program Files (x86)\Vanguard.dll
2014-03-11 11:15 - 2006-07-11 23:15 - 000000144 _____ () C:\Program Files (x86)\www.reFX.net.url
2014-01-31 04:05 - 2014-02-19 11:47 - 000000132 _____ () C:\Users\Justan\AppData\Roaming\Adobe PNG Format CC Prefs
2015-02-16 01:18 - 2016-01-16 00:22 - 000000574 _____ () C:\Users\Justan\AppData\Roaming\burnaware.ini
2015-07-01 09:18 - 2015-07-01 09:18 - 000000046 _____ () C:\Users\Justan\AppData\Roaming\Camdata.ini
2015-07-01 09:18 - 2015-07-01 09:18 - 000000408 _____ () C:\Users\Justan\AppData\Roaming\CamLayout.ini
2015-07-01 09:18 - 2015-07-01 09:18 - 000000408 _____ () C:\Users\Justan\AppData\Roaming\CamShapes.ini
2015-07-01 02:08 - 2015-07-01 02:11 - 000004536 _____ () C:\Users\Justan\AppData\Roaming\CamStudio.cfg
2014-05-27 21:27 - 2016-01-15 23:23 - 000000140 _____ () C:\Users\Justan\AppData\Roaming\default.pls
2016-07-27 00:00 - 2016-07-27 00:06 - 000002639 _____ () C:\Users\Justan\AppData\Roaming\droid4xinstaller.log
2015-07-01 01:57 - 2015-07-01 01:57 - 000000096 _____ () C:\Users\Justan\AppData\Roaming\version2.xml
2015-07-01 02:57 - 2015-07-01 02:57 - 000000045 _____ () C:\Users\Justan\AppData\Roaming\WB.CFG
2015-01-19 04:29 - 2015-10-09 05:01 - 000012800 _____ () C:\Users\Justan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-15 11:30 - 2017-10-25 21:08 - 000035863 _____ () C:\Users\Justan\AppData\Local\Fence-A.dwg
2017-01-01 04:07 - 2017-01-01 04:07 - 000001845 _____ () C:\Users\Justan\AppData\Local\recently-used.xbel
2017-04-13 04:25 - 2017-04-13 04:25 - 000007605 _____ () C:\Users\Justan\AppData\Local\Resmon.ResmonCfg
2017-05-22 18:54 - 2017-05-22 18:54 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-11-19 06:11 - 2015-11-19 06:11 - 000000016 _____ () C:\ProgramData\mntemp
2015-11-19 06:11 - 2015-11-19 06:11 - 000005044 _____ () C:\ProgramData\oqztiqep.adk
 
Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe
 
 
Some files in TEMP:
====================
2015-08-05 12:05 - 2013-06-04 13:30 - 000050432 ____R () C:\Users\Justan\AppData\Local\Temp\Extract.exe
2017-10-23 10:05 - 2017-10-23 10:05 - 001856576 _____ (Oracle Corporation) C:\Users\Justan\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-10-07 15:58 - 2017-10-07 15:58 - 000089576 _____ () C:\Users\Justan\AppData\Local\Temp\vsdel.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-29 04:29
 
==================== End of FRST.txt ============================
 
 
And also...
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Justan (30-10-2017 19:50:25)
Running from G:\
Windows 8.1 (Update) (X64) (2015-01-18 01:59:30)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1878577048-805392268-2015328708-500 - Administrator - Disabled)
Games (S-1-5-21-1878577048-805392268-2015328708-1009 - Limited - Enabled) => C:\Users\Games
Guest (S-1-5-21-1878577048-805392268-2015328708-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1878577048-805392268-2015328708-1003 - Limited - Enabled)
Justan (S-1-5-21-1878577048-805392268-2015328708-1001 - Administrator - Enabled) => C:\Users\Justan
Kids (S-1-5-21-1878577048-805392268-2015328708-1010 - Limited - Enabled) => C:\Users\Kids
Natalie (S-1-5-21-1878577048-805392268-2015328708-1008 - Limited - Enabled) => C:\Users\Natalie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
4 Elements II (HKLM-x32\...\WTA-93d0843d-3415-476d-ae32-321c4cdd49f5) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader OCR Engine for Microtek (HKLM-x32\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version:  - )
Active Whois 5.2 (HKLM-x32\...\Active Whois_is1) (Version: 5.2 - Ivan Mayrakov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Affinity Designer (HKLM\...\{FF6BE303-AC9B-4577-B10D-CCA99183BEAF}) (Version: 1.5.3.69 - Serif (Europe) Ltd)
Airport Mania (HKLM-x32\...\WTA-a4f27d5a-9c3d-43de-a5d5-3db065247952) (Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
APK Studio (HKLM-x32\...\APK Studio d49d3de) (Version: d49d3de - Vaibhav Pandey)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Auslogics File Recovery (HKLM-x32\...\{D8F33108-139F-409A-A160-B9510DE736B3}_is1) (Version: 5.3.0.0 - Auslogics Labs Pty Ltd)
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0409-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (HKLM\...\{5783F2D7-E001-0409-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.5.154 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
AVG (HKLM\...\{BA40B3B4-7707-437E-84FF-8C18BE5AD9B6}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Azteca (HKLM-x32\...\WTA-dbdb331e-49cf-4c06-b316-5b87783e794f) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-d7cb58cf-35c5-4801-bc12-a11105277392) (Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-c52f1483-d202-467b-bd95-9ffb93867c11) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-4904adfa-25af-4380-acc9-09069fd029d8) (Version: 2.2.0.98 - WildTangent) Hidden
BurnAware Free 7.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Charity Engine (HKLM-x32\...\{7309D717-F38D-436D-9537-066AA0AC7639}) (Version: 7.0.80 - Charity Engine)
Chowdren version 1.01 (HKLM-x32\...\{B1109B38-B197-48FD-AD72-0135788FD21D}_is1) (Version: 1.01 - MP2 Games)
Clickteam Fusion 2.5 (HKLM-x32\...\Clickteam Fusion 2.5) (Version:  - Clickteam)
Clickteam Fusion 2.5 Android Exporter (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Clickteam Fusion 2.5 Android Exporter) (Version:  - )
Clickteam Fusion 2.5 Free Edition (HKLM-x32\...\Clickteam Fusion 2.5 Free Edition) (Version:  - Clickteam)
CodeBlocks (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
CoolSoft VirtualMIDISynth 2.0.1 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 2.0.1.0 - CoolSoft)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-79d04fbe-f0e8-4428-b4ac-4e257c575a4f) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-d0ee0154-bfb9-421c-9d3a-062caaeb69df) (Version: 2.2.0.98 - WildTangent) Hidden
CrazyTalk v7.32 PRO Trial (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
Curse at Twilight (HKLM-x32\...\WTA-f7278120-59dc-42ff-a111-aa2f064bdcb7) (Version: 3.0.2.32 - WildTangent) Hidden
Curse at Twilight: Thief of Souls (HKLM-x32\...\BFG-Curse at Twilight - Thief of Souls) (Version:  - )
CVPiano-Modeled (HKLM-x32\...\CVPiano-Modeled) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.4422 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-4730c99c-1637-4ae6-b846-73cb77478908) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dorgem 2.1.0 (HKLM-x32\...\Dorgem_is1) (Version:  - Frank Fesevur)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Droid4X (HKLM-x32\...\Droid4X) (Version: 0.10.3 - Haiyu Dongxiang Co.,Ltd.)
Edirol Hyper Canvas VSTi DXi 1.6.0 (HKLM-x32\...\Edirol Hyper Canvas VSTi DXi_is1) (Version:  - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.4 - Emsisoft Ltd.)
EPSON StylusRIP (HKLM-x32\...\{578448E7-5AA3-47B6-A1ED-A6FF5D0DE444}) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (HKLM-x32\...\WTA-ec44cd99-1075-4389-b786-308ea2eb16ab) (Version: 2.2.0.98 - WildTangent) Hidden
Feathercoin 0.8.6 (HKLM-x32\...\Feathercoin) (Version: 0.8.6 - Feathercoin)
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FL Studio v7.0 (HKLM-x32\...\FL Studio_is1) (Version:  - AiR, Inc.)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FMW 1 (HKLM\...\{3F8A655C-2D4D-4BAC-8384-0E937CC137C8}) (Version: 1.225.1 - AVG Technologies) Hidden
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free Video to DVD Converter (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.99.823 - Digital Wave Ltd)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.216.35258 - YoYo Games Ltd.)
GameMaker-Studio 1.3 (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\GameMaker-Studio13) (Version:  - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
GDevelop version 3.5 (HKLM-x32\...\GDevelop_is1) (Version: 3.5 - Florian Rival)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-cf3f301d-16ea-4f53-97e5-4c9121be21ac) (Version: 2.2.0.110 - WildTangent) Hidden
GrafX2 (GNU GPL) (HKLM-x32\...\Grafx2-SDL) (Version: 2.4.wip2035 - )
GraphicsGale FreeEdition version 2.05.02 (HKLM-x32\...\GraphicsGale FreeEdition_is1) (Version:  - HUMANBALANCE Ltd.)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.55.00.06 - Huawei Technologies Co.,Ltd)
Homeschool Tracker Basic (HKLM-x32\...\{AD528602-C32D-4E9B-A5A5-609F2A186808}) (Version: 2.5.1 - TGHomeSoft)
House of 1000 Doors: Family Secret (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\House of 1000 Doors: Family Secret) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-55171172-2b87-4829-8c85-be83c319917c) (Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.37.11 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6451.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Install Creator Pro (HKLM-x32\...\Install Creator Pro) (Version:  - )
Intel XDK (HKLM-x32\...\ARP_for_prd_xdk_0.0.1494) (Version: 0.0.1494 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
iZotope Nectar 2 (HKLM-x32\...\iZotope Nectar 2_is1) (Version: 2.03 - iZotope, Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-36e4a2fe-75c2-44ba-aec2-b5be1fd9ddd4) (Version: 2.2.0.98 - WildTangent) Hidden
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Luxor Evolved (HKLM-x32\...\WTA-3c42e890-8337-419d-8b7f-9584571b77a1) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-aa7913ee-36ca-4019-b64b-f5e2b69c37ec) (Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-c6251b3e-2377-4158-b1d1-dc7915cc2689) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.6.2000 - Maxthon International Limited)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.00.0201 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
MergeModule_x64 (HKLM\...\{3D576235-F0CE-4B50-A9C6-0775B9E50B63}) (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{306CBA87-E890-4FBB-9AB8-E65C96D352B2}) (Version: 9.1.00 - Sony Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
minimoog-v 2.5.1 (HKLM-x32\...\minimoogv2_5_is1) (Version: 2.5.1 - Arturia)
Movavi Screen Capture Studio 7 (HKLM-x32\...\Movavi Screen Capture Studio 7) (Version: 7.0.0 - Movavi)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicLab RealGuitar (HKLM\...\{1864B4F0-8888-5A57-9930-C2B307597966}) (Version: 3.0 - MusicLab, Inc.)
MusicLab RealGuitar 2.0 (HKLM-x32\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version:  - MusicLab, Inc.)
MusicLab Virtual MIDI Driver (HKLM\...\{A30B7FD7-04A1-46e1-ABDF-FD592C113253}) (Version: 2.0.1.0 - MusicLab, Inc.)
Mystery Legends: Sleepy Hollow (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Mystery Legends: Sleepy Hollow) (Version: 1.0.0.2 - eGames)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-4cefe42e-e31f-4fa0-a0b5-32ba3d6ee1a2) (Version: 2.2.0.98 - WildTangent) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.4 - NETGEAR)
NJStar Communicator (HKLM-x32\...\NJStar Communicator) (Version: 3.30 - NJStar Software Corp.)
NTI Backup Now EZ (HKLM-x32\...\{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32 - NTI Corporation) Hidden
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32 - NTI Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Oracle VM VirtualBox 5.1.28 (HKLM\...\{11BAF690-37C7-4A56-B518-3696BD15592F}) (Version: 5.1.28 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
Peggle Nights (HKLM-x32\...\WTA-dfc32304-5bd7-42d7-8d9c-d41520f7a4e4) (Version: 2.2.0.98 - WildTangent) Hidden
Pianissimo (HKLM-x32\...\Pianissimo) (Version:  - Acoustica)
Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version:  - )
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-40437871-eac5-4deb-89c7-454bd24f23ca) (Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}) (Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{8E5861CA-9B65-488B-972E-405AD03EBC7C}) (Version: 9.2.00 - Sony Corporation) Hidden
Polar Bowler (HKLM-x32\...\WTA-f73a1623-1eb3-4ed8-8e84-bc04b0269eea) (Version: 2.2.0.97 - WildTangent) Hidden
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.3795 - Kakao Corp.)
Python 3.6.3 (64-bit) (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\{b3a11d5f-0d2d-4bc3-ad72-39f3fa14162c}) (Version: 3.6.3150.0 - Python Software Foundation)
Python 3.6.3 Core Interpreter (64-bit) (HKLM\...\{5CAB3F9C-AC0C-4796-984C-292FF82FB112}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (64-bit) (HKLM\...\{B6B221CE-20AA-46D6-8156-911613216968}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Documentation (64-bit) (HKLM\...\{404A8C42-6B82-4B32-AC7F-0583644A04F2}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (64-bit) (HKLM\...\{D3ABC2C4-85AF-4AFD-94D4-F2B84F49BFEA}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 pip Bootstrap (64-bit) (HKLM\...\{48EC8399-294B-40F5-8274-E2AFBF0CFCBE}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (64-bit) (HKLM\...\{60B3332C-989F-4609-8D4F-7B1FD1DB0A5D}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (64-bit) (HKLM\...\{8FE3FFD1-2F7E-4EBB-A4B7-627E279DA70E}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (64-bit) (HKLM\...\{2C6B5217-ACF4-4082-B19C-3463C9340E41}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Utility Scripts (64-bit) (HKLM\...\{E3F016B8-A524-4F97-9095-944C31A971E0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
reFX Vanguard 1.7.2 (HKLM-x32\...\reFX Vanguard 1.7.2_is1) (Version:  - )
rgcAudio z3ta Plus v1.40 (HKLM-x32\...\rgcAudio z3ta Plus v1.40) (Version:  - )
Riva FLV Player (HKLM-x32\...\Riva FLV Player_is1) (Version: 1.0.0000 - Rothenberger & Partner)
Roads of Rome 3 (HKLM-x32\...\WTA-5d97ebb0-53ac-4236-a60a-2f5a0f078239) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-16f05c58-f074-4564-886e-2b771cc1f5a3) (Version: 3.0.2.32 - WildTangent) Hidden
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
SharpDevelop 4.4 (HKLM-x32\...\{E0535D44-B913-4B51-BEEE-AB81EF53CC34}) (Version: 4.4.9749 - ic#code)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Sling (HKLM-x32\...\{A0C306FE-01A5-4B94-A037-EF5403F8CE41}) (Version: 5.0.174 - Echostar)
Snagit 12 (HKLM-x32\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Start Menu Reviver (HKLM-x32\...\Start Menu Reviver) (Version: 3.0.0.18 - ReviverSoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (HKLM-x32\...\WTA-06ff664c-d96e-452a-80f0-79e251cf6e1e) (Version: 2.2.0.110 - WildTangent) Hidden
TDR VOS SlickEQ version 1.2.0 (HKLM\...\TDR VOS SlickEQ_is1) (Version: 1.2.0 - Tokyo Dawn Labs)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Thonny 2.1.12 (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Thonny_is1) (Version: 2.1.12 - Aivar Annamaa)
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
Total Video Converter 3.70 100621 (HKLM-x32\...\Total Video Converter 3.70_is1) (Version:  - EffectMatrix Inc.)
Ultimate Paint 2.88 Freeware Edition (HKLM-x32\...\UP286_is1) (Version: 2.88 - J-T-L Development)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
Unity (HKLM-x32\...\Unity) (Version: 5.5.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-4200e410-3e91-4822-a010-60067bbbc772) (Version: 3.0.2.32 - WildTangent) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VueScan x32 (HKLM-x32\...\VueScan x32) (Version:  - )
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Wajam (HKLM-x32\...\WajaNetEn) (Version: 1.58.1.16 (i1.0) - Wajam) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Wondershare Video Converter Pro(Build 8.1.2.1) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 8.1.2.1 - Wondershare Software)
XFINITY WiFi (HKLM-x32\...\{E8B0DF22-4FF2-4979-ABE1-D91E5066390E}) (Version: 1.2.59 - Comcast)
X-Lite (HKLM-x32\...\{D79740D7-405F-4A07-A144-40A655CA4B7C}) (Version: 48.7.6589 - CounterPath Corporation)
yabause 0.9.14 (HKLM-x32\...\yabause 0.9.14) (Version: 0.9.14 - Yabause team)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Youda Jewel Shop (HKLM-x32\...\WTA-a2302d53-ce3b-491d-9fe8-d92c8ce4ead6) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-4008521c-3fca-4771-95c4-298bf1559608) (Version: 2.2.0.98 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-02-07] (Autodesk)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-20] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-05] (Cyberlink)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2015-02-27] ()
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-05] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-01-02] (Piriform Ltd)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-10-21] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-20] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-01-02] (Piriform Ltd)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-18] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-18] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05B308A7-95A6-4274-88EC-4CD958AEF28D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {15815CCE-2E68-4A4B-8ED0-6AD5E94BAC83} - System32\Tasks\{7803C6BD-92C3-4B5B-99E9-1A5209316ABB} => C:\WINDOWS\system32\pcalua.exe -a C:\Disk1\SetupInf.exe -d C:\Disk1
Task: {24481923-1EED-4D3B-876B-07B2645889E6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {24A5BEAE-1A55-462F-B52A-354DDCBC6C89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {2B3B9108-960A-421A-97E2-7407A4BCE671} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {326BC306-A3A1-419D-9124-C80D95107646} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {34CFA243-E8CD-425C-96C1-E796A6A9512D} - System32\Tasks\{2DE1EE99-2A38-4A11-861D-417768962693} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Justan\Downloads\sw5_6310_eu.exe -d C:\Users\Justan\Downloads
Task: {3A7DE5CB-BF99-44A6-84B5-42AFF56BA6D3} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {426E6058-B904-40BE-99BD-E4F6949955A9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-justangamble@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {46852035-E1DB-4501-A83E-046255DF4674} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {4786E486-C831-4968-AE88-A4C9659E7CA0} - System32\Tasks\Opera scheduled Autoupdate 1453140141 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {4FE674E7-013A-423D-BE1B-E062608CBA9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5747520B-24D3-4401-BADA-4428CCAC3610} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6D1CB801-7280-44F6-8BB2-656CAD97564B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001Core1d092c24db813e6 => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {704C1EC7-BBBF-4146-B8FF-9A1B638DFE1B} - System32\Tasks\HPCeeScheduleForJustan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {708F0D04-BF35-46F3-986D-CA91CCD4A1D6} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DailyGatedCheck
Task: {708F0D04-BF35-46F3-986D-CA91CCD4A1D6} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(4): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {753E0CCC-1577-4C6E-A245-86EC3BC14EC3} - System32\Tasks\{00A1B890-5B0C-42E8-9421-A9E049D29142} => C:\windows\system32\pcalua.exe -a E:\mw2.EXE -d E:\
Task: {83C1C62B-2458-438D-96CE-79EDD911DB9D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-10-27] (Maxthon International ltd.)
Task: {8E7FB90E-34EB-41B0-9D84-F4D23B190D82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {96A3D2EC-B0D7-4AA0-9ECB-17738ECF18BD} - System32\Tasks\{17B577E0-AB93-4010-9B10-853F2CD74B9F} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {9A131AD0-9B19-42C6-8BE7-A4B51C2EFCC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A21DEAE4-825D-49DF-B611-45F87ADFF4D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {A41509D6-432A-4EDA-8B98-454015AEA482} - System32\Tasks\Google Update => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {A41D1065-0DF9-4B5C-B3F0-6865C31D8E47} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {A529408F-BE49-433F-A3D4-1402C7255BBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001UA => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {AAB0032C-578A-41CD-BB5A-DFEEEF9B93DD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {B164A272-1E40-4405-A3CD-D57018539607} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {B5A46F33-C056-46BF-ACD3-098C945B6C12} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-10-20] (AVG Technologies CZ, s.r.o.)
Task: {B74C126A-DC5F-44BC-A8F5-D190C77383AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {BE4801EA-D33A-4B36-B595-A7F3855A4935} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {C72CC742-7390-4958-8ADD-7FA7FA515E40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001Core => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {CA7CB07A-E06F-432B-A427-90E41798B785} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {CE202A4C-F704-418D-B297-377CBB29752E} - \ReviverSoft Start Menu Reviver Run once task -> No File <==== ATTENTION
Task: {D22AF097-63FE-40CE-8F80-96F32449AAF7} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E088B591-8874-4421-A26C-F4A0D01EA207} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {E191D3CB-BDF6-4988-93D3-FA087E09C223} - System32\Tasks\{279CABD2-9632-4A1A-A0B2-E4CA2BDB4B9E} => C:\windows\system32\pcalua.exe -a C:\Users\Justan\Downloads\iDraw332eng.exe -d C:\Users\Justan\Downloads
Task: {E6BE597D-6E9F-485E-B990-ECB619ED17CA} - \Dregol sefi -> No File <==== ATTENTION
Task: {E7B17C20-3E7F-4B6F-8C22-CAA8642A1340} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {EBB254BE-9615-474C-8D98-3B0F3B94A50F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-09-05] (Microsoft Corporation)
Task: {EEFCB027-8267-4191-8383-47F923CA691D} - \ReviverSoft Start Menu Run once task -> No File <==== ATTENTION
Task: {F2C8E225-A936-4B6D-AA58-E03A24C16AED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1878577048-805392268-2015328708-1001Core.job => C:\Users\Justan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJustan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-29 02:00 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-18 00:50 - 2017-07-18 00:50 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2017-03-19 03:06 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\123simsen.com -> www.123simsen.com
 
There are 7864 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2016-01-15 23:41 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Justan\Documents\Fly Crazy\fp_cover_00.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: CouponPrinterService => 2
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\StartupApproved\StartupFolder: => "XFINITY WiFi.lnk"
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E098B76B-0AAE-4DF5-B3A0-E3ED35F95111}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{C5650F8F-8776-4FD8-B7BF-C33131F2E861}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\gamemaker_studio\GameMakerPlayer.exe
FirewallRules: [{5C98DF12-0920-4DA9-928B-47C807E8EBBC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B2DF1F28-8CEA-4DE6-B7D1-0472B99A87DE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{93DB9366-2DA4-4B90-BE7F-125CFEEFBFC4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{3773AB94-B2B4-4396-8580-E1CF2AAA9D54}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{80B2681C-EAF1-4A84-A7C0-74B47201F1C6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A4486874-C6FF-4E38-A214-E6F5F81D3557}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E3568FC-0D57-45A0-8F25-CC125F48704B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2DBC4597-10D9-4953-B6FC-13459F34BC5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3BD98BFB-C16C-4361-A3B5-557A70D5305E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CF35D530-0D2F-45FF-965E-B8E4717C5508}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{71A9D266-4217-41A1-B422-65DA2A606C08}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{5B8F73FF-FD7C-4CB1-8480-EC05972DB046}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{396985C6-C824-45CC-96E5-32AB81BE8C4B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{26563B6E-D3A5-4692-835C-97ADE7B273D4}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Block) C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [TCP Query User{9D7301C0-D0E5-49D8-B7A5-A013608961D9}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Block) C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [{F128DA64-A2FB-465B-B00C-ECD84CC46B9F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{13BD7D25-D734-4845-B790-1C53350DA851}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B7EBACAA-13AB-415B-9A4B-699A47097F43}] => (Allow) C:\Users\Justan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0981BE8E-D071-4BFE-A453-82E64F43A479}] => (Allow) C:\Users\Justan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{03423F43-7796-4DCF-BA7C-988B901943C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{71B65BA9-380B-4BDB-B76E-EC94AC58BFFB}] => (Allow) LPort=1900
FirewallRules: [{B40900FB-846A-404D-8C77-88881F21AF5A}] => (Allow) LPort=2869
FirewallRules: [{EAEE18B0-B5EE-4E22-9F65-684B4410F991}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{484CA78C-8745-4ED5-8DD2-A4CBDACFB86B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BEE111E0-D38E-4D34-9E94-7D9D7D8BDD22}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5F8DCDA-6C40-4301-B702-BADF15CAC373}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D718183-9FF2-4F16-B96F-7C97578E4F64}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D2B2F17-CCB7-45F1-A2D3-BDE4BBAE6354}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6135AB06-7FBF-4DDB-BFA6-3C142639B2F4}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{00C773EC-18E3-46A1-A9F6-63A638E10A59}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F67C1C10-6395-43BD-8A20-3703779EB883}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{B1AC7CFA-4F14-4160-86D7-5C65A238FD4E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4EA0F5EC-1311-48BD-B256-0C04C1B09077}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D23258D4-BF2C-4DBA-8291-DDEDD4FB78C0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF0B4843-077C-4EC1-AC13-06F545B2F2A1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{FB74727E-DD60-4D49-947F-6087010EE658}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D63AFE2F-B49A-4EA8-802C-31C34EB90312}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1A44EA5D-C190-4FEF-8074-4375C772BE91}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{F2F0191F-DE94-41CB-937B-398291EFE14F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E17654C3-C95A-4E60-8A61-89A0FB4E3604}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89852FF6-3D1D-4BD6-9AB3-1BECF68895FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA73F706-23B5-4150-9981-6E8AB7D2E48E}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{F95EA994-2501-4861-9514-09CAF6EFF8A4}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{4425EDEF-FB4A-4C31-90AF-E20DCBE13B54}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{BE062748-75EA-4B84-93F4-6672478D770F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{DD4F57FD-D341-4D98-85A8-FD47B216D564}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{DBA20A7E-25FF-474E-9B29-A587A17C806B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [TCP Query User{71A9A2B6-899A-473E-A539-3D554BE14512}C:\program files (x86)\sonetel\sonetel client\softphone.exe] => (Allow) C:\program files (x86)\sonetel\sonetel client\softphone.exe
FirewallRules: [UDP Query User{BC52EE9F-33DD-47BE-A1FA-C0411CEFBD53}C:\program files (x86)\sonetel\sonetel client\softphone.exe] => (Allow) C:\program files (x86)\sonetel\sonetel client\softphone.exe
FirewallRules: [{250B1017-72E8-417F-836E-2E0B8FA9E4FD}] => (Allow) C:\Program Files (x86)\Zoiper\Zoiper.exe
FirewallRules: [{FB6A2729-77AD-4125-B481-8152B5EE4C3B}] => (Allow) C:\Program Files (x86)\Zoiper\Zoiper.exe
FirewallRules: [TCP Query User{5AB6CC9F-E252-43D8-9A24-69E16D0E600B}C:\program files (x86)\zoiper\zoiper.exe] => (Block) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [UDP Query User{68C4018C-8798-41E6-9D9E-4EC8BE8DF11C}C:\program files (x86)\zoiper\zoiper.exe] => (Block) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{F6C3BCE1-2EC4-4CF8-B12D-3063EB4F5D38}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{BA54E2B4-84A7-4759-BA8C-18F206F945EB}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{E3E90FAF-2CC6-441E-AC20-95BC640EFFE0}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [TCP Query User{EB0DBAB7-FCDC-40F1-9F06-37F461A2E8F7}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{5253CB4E-E064-4C46-9CFF-E886E814A2E7}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{AFCEA62E-DA9D-414E-9CEF-074475DFAEFC}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{909065C6-9C69-41A5-B0A5-ABCDBDBABE58}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{B8EE3AFD-632D-4CD5-8B35-8640E3F4C1E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{896A8C82-7D30-4E94-A872-0036F730B96D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C246A1D8-5C34-4234-83EC-C1C886B6A39F}] => (Allow) LPort=8298
FirewallRules: [{E03FA82E-F6A4-4DF5-9C9F-4EACF55D268F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{201959E1-E351-4578-92B0-5486E8AE4CB2}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{A01BC982-D5F8-4923-BDA8-90866947DB85}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B53797A0-B07F-4623-ABC3-FE89E81F2C69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{70F49592-2682-4A94-BE77-FFD2ACA3B98B}] => (Allow) C:\Program Files (x86)\Alawar\House of 1000 Doors Family Secret\F2PHttpDaemon.exe
FirewallRules: [{063B47F4-7321-4564-B4F3-234CAA54E418}] => (Allow) C:\Users\Justan\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{5105CEB2-003D-40C4-AFDB-DF0B203D621D}] => (Allow) C:\Users\Justan\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [TCP Query User{9FEE4BC7-825A-494C-980C-DA26258AC5AC}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D48A66CA-3932-4682-BE79-D4125015DA47}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{9DAC00A0-C134-4ED5-BABC-B0C1088D0FDE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8388E917-44BD-4D64-AE04-49C6C91EAAA7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{B5F1A445-67D5-4D8F-BC67-563C139069D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E4042D43-9B71-4E0D-9F83-13DF808B4DCD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5990CD9A-60E7-4512-9FB5-2DC9B508017E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{3F3A5FA9-B69D-42D4-8A02-E027017AF242}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{30AD8C75-FDB4-47B7-ACE0-66477310157B}C:\users\justan\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\justan\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [UDP Query User{F5114072-0A50-4E6D-8229-7F72F32A61BB}C:\users\justan\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\justan\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{67B9B656-87E3-4BA4-BAE5-056294CA4334}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{0A2CF49E-F21E-47D2-A22B-3F2C6C96BFAD}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{16422B8E-8F2E-4F9E-AC6A-C6BAAC3196CC}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{11CBF8B9-3B2A-4643-9981-87CB28DA010C}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{DD48A2F3-0422-4B5C-9638-0C6165EAC534}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clickteam Fusion 2.5\mmf2u.exe
FirewallRules: [{F784A62C-7608-4622-A674-4EFF89E30E91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clickteam Fusion 2.5\mmf2u.exe
FirewallRules: [TCP Query User{381F9794-EA0B-42E2-93B1-7277E57B7BD1}C:\users\justan\downloads\yabause-0.9.13-win64\yabause-0.9.13-win64\yabause.exe] => (Allow) C:\users\justan\downloads\yabause-0.9.13-win64\yabause-0.9.13-win64\yabause.exe
FirewallRules: [UDP Query User{6FCCA6D8-B1A0-4D03-BCA8-80728A2CD11A}C:\users\justan\downloads\yabause-0.9.13-win64\yabause-0.9.13-win64\yabause.exe] => (Allow) C:\users\justan\downloads\yabause-0.9.13-win64\yabause-0.9.13-win64\yabause.exe
FirewallRules: [TCP Query User{8B99E9EF-E00F-4C47-8090-5DB85AD4C725}C:\program files (x86)\yabause 0.9.14\yabause.exe] => (Allow) C:\program files (x86)\yabause 0.9.14\yabause.exe
FirewallRules: [UDP Query User{1532708B-6D8F-44CA-87E9-215222AEC12C}C:\program files (x86)\yabause 0.9.14\yabause.exe] => (Allow) C:\program files (x86)\yabause 0.9.14\yabause.exe
FirewallRules: [{AD2EF26F-F338-4F64-A1FB-9E852466A070}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{1461382A-71C6-4E0A-84F6-FE21F6053EFF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{2B37DBC9-9719-448B-B8D0-4C1E943A3EF5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C078F090-5701-4D60-875D-913FE5E8D0B0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{62384285-3547-43E7-B8B0-FB4A1B739CD5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{85DEBE31-20B0-4523-BF8A-9A604B63005D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{D5FADBCC-B2E9-45BE-84D5-1D0ACB64F05A}C:\program files (x86)\njstar communicator\minismtp.exe] => (Block) C:\program files (x86)\njstar communicator\minismtp.exe
FirewallRules: [UDP Query User{56138EBC-C1C2-48F3-A52C-AB1CAA2F9720}C:\program files (x86)\njstar communicator\minismtp.exe] => (Block) C:\program files (x86)\njstar communicator\minismtp.exe
FirewallRules: [{9627ED17-1594-4F0E-9BD8-663E21F061B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BB10FADB-E92E-48BB-A550-23BEFB67BA94}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{1E7F9BB3-8204-41C6-8096-F4FDEAFF3473}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{0FD4C2E0-1B20-4BBC-A70B-6D6FAAF73DBF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{4ED656AB-EC39-49CA-9873-EC6E541E26B2}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{F583B267-B0CD-4DF1-8C5B-1919B6093BCD}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{DFE0FD69-3E86-464C-BB39-BC616DCB0B82}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{A6D47002-CB22-4714-83E3-CDB335545DDA}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{DAF26460-651D-4020-A66F-5DD4552645FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Aseprite\Aseprite.exe
FirewallRules: [{EA69F6DC-5A66-4F88-852E-1315388EF543}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Aseprite\Aseprite.exe
FirewallRules: [{616C91F4-10AD-485D-9439-B929A4BC08D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{E4DE198D-684C-4FCF-9EEE-23B8DFE7C4E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{761C9759-6B19-4D20-BA16-0985A6F9FE42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [{C2A48CA8-CBFF-4037-BA8F-FEBFC645E448}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [TCP Query User{3266CB13-CF91-40A3-9B31-05DFCB3D75BB}C:\users\justan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\justan\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F1BB17D9-96A0-4B90-8E0E-8AC29C3D3EC0}C:\users\justan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\justan\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{23DBB421-CB6C-4912-B061-79BFE61CD041}C:\users\justan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\justan\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A306FCAC-07C2-4938-A746-D8E6F085D11B}C:\users\justan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\justan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{3D88F786-4432-4619-B92D-4B431452D25E}] => (Allow) LPort=50248
FirewallRules: [{24548E81-C9F4-4FF4-A9A4-7F632DCE52DA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C432C7D8-EE68-4BFE-A90C-EFC6020A3D5B}] => (Allow) C:\Program Files (x86)\VueScan\vuescan.exe
FirewallRules: [{0BC9468E-99D5-4471-8425-435190C29C48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{E2A73860-DFCB-4294-99F0-97AF57A0A96A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{CD07E98A-258C-4EB2-8CFC-D8E687017B07}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.50\opera.exe
FirewallRules: [{A0B7EEA1-4B10-421F-951C-919DE5C6873F}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{C040E8E5-BFB2-4DE6-B174-A5E5D8C0BDDF}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{462AF59D-E4E8-4AC1-81C9-AEC6671B7810}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.52\opera.exe
 
==================== Restore Points =========================
 
23-10-2017 05:39:58 Scheduled Checkpoint
27-10-2017 00:20:44 Python 3.6.3 (64-bit)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/30/2017 07:45:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
Error: (10/30/2017 07:42:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: a2service.exe, version: 2017.9.0.8006, time stamp: 0x59ce1f57
Faulting module name: a2core.dll_unloaded, version: 10.0.0.244, time stamp: 0x599d8cd8
Exception code: 0xc0000005
Fault offset: 0x0000000000006ccf
Faulting process id: 0x3fc
Faulting application start time: 0x01d351d88ebc118a
Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Faulting module path: a2core.dll
Report Id: fd1c1ea6-bdcb-11e7-8010-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0x338
Faulting application start time: 0x01d351d8155347f9
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 53095d5e-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0x13d0
Faulting application start time: 0x01d351d815344911
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 52ea5e70-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0x1744
Faulting application start time: 0x01d351d8149bb0a2
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 52568aca-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0x1a98
Faulting application start time: 0x01d351d8147f1428
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 5232c719-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0xd4c
Faulting application start time: 0x01d351d813fbf127
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 51afa415-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0x9ac
Faulting application start time: 0x01d351d813da8fe0
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 5190a521-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0x1488
Faulting application start time: 0x01d351d812f0e695
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 50a4996a-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/30/2017 07:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17787, time stamp: 0x551b7247
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000012ba9a
Faulting process id: 0x191c
Faulting application start time: 0x01d351d8125f754d
Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe
Faulting module path: unknown
Report Id: 5017ecfb-bdcb-11e7-800e-8851fb60267a
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/30/2017 07:55:05 PM) (Source: DCOM) (EventID: 10005) (User: GM0310)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/30/2017 07:54:45 PM) (Source: DCOM) (EventID: 10005) (User: GM0310)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/30/2017 07:53:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/30/2017 07:53:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/30/2017 07:53:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/30/2017 07:51:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/30/2017 07:51:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/30/2017 07:51:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/30/2017 07:50:23 PM) (Source: DCOM) (EventID: 10005) (User: GM0310)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/30/2017 07:50:23 PM) (Source: DCOM) (EventID: 10005) (User: GM0310)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2017-10-30 19:32:26.829
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-10-30 19:27:51.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 04:32:14.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 04:02:50.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 03:55:58.236
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 03:35:54.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 03:02:43.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 02:41:13.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 02:29:02.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-30 02:08:56.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 8076.85 MB
Available physical RAM: 6502.62 MB
Total Virtual: 12655.85 MB
Available Virtual: 11353.27 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:911.67 GB) (Free:558.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.93 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FROZEN) (CDROM) (Total:7.27 GB) (Free:0 GB) UDF
Drive f: (HDWD120) (Fixed) (Total:1862.89 GB) (Free:1184.76 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:211.42 GB) NTFS
Drive i: () (Removable) (Total:57.7 GB) (Free:54.89 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA95A219)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: D59F1579)
Partition 1: (Not Active) - (Size=90 MB) - (Type=EF)
Partition 2: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 57.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

 


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:29 PM

Posted 31 October 2017 - 01:43 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
 
 
Remove he following program:
 
Wajam
  • Highlight the entire content of the quote box below.

Start::
S3 cpuz138; \??\C:\Users\Justan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
C:\Users\Justan\AppData\Local\Temp\cpuz138
FirewallRules: [{71B65BA9-380B-4BDB-B76E-EC94AC58BFFB}] => (Allow) LPort=1900
FirewallRules: [{B40900FB-846A-404D-8C77-88881F21AF5A}] => (Allow) LPort=2869
FirewallRules: [{C246A1D8-5C34-4234-83EC-C1C886B6A39F}] => (Allow) LPort=8298
FirewallRules: [{3D88F786-4432-4619-B92D-4B431452D25E}] => (Allow) LPort=50248
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <==== ATTENTION
Task: {96A3D2EC-B0D7-4AA0-9ECB-17738ECF18BD} - System32\Tasks\{17B577E0-AB93-4010-9B10-853F2CD74B9F} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {CE202A4C-F704-418D-B297-377CBB29752E} - \ReviverSoft Start Menu Reviver Run once task -> No File <==== ATTENTION
Task: {E6BE597D-6E9F-485E-B990-ECB619ED17CA} - \Dregol sefi -> No File <==== ATTENTION
Task: {EEFCB027-8267-4191-8383-47F923CA691D} - \ReviverSoft Start Menu Run once task -> No File <==== ATTENTION
Toolbar: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {CE202A4C-F704-418D-B297-377CBB29752E} - \ReviverSoft Start Menu Reviver Run once task -> No File <==== ATTENTION
Task: {E6BE597D-6E9F-485E-B990-ECB619ED17CA} - \Dregol sefi -> No File <==== ATTENTION
Task: {EEFCB027-8267-4191-8383-47F923CA691D} - \ReviverSoft Start Menu Run once task -> No File <==== ATTENTION
2015-08-05 12:05 - 2013-06-04 13:30 - 000050432 ____R () C:\Users\Justan\AppData\Local\Temp\Extract.exe
2017-10-23 10:05 - 2017-10-23 10:05 - 001856576 _____ (Oracle Corporation) C:\Users\Justan\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-10-07 15:58 - 2017-10-07 15:58 - 000089576 _____ () C:\Users\Justan\AppData\Local\Temp\vsdel.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
C:\ProgramData\StartMenuReviver.exe
2015-08-05 12:05 - 2013-06-04 13:30 - 000050432 ____R () C:\Users\Justan\AppData\Local\Temp\Extract.exe
2017-10-23 10:05 - 2017-10-23 10:05 - 001856576 _____ (Oracle Corporation) C:\Users\Justan\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-10-07 15:58 - 2017-10-07 15:58 - 000089576 _____ () C:\Users\Justan\AppData\Local\Temp\vsdel.exe
CMD: BCDEDIT /ENUM ALL
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\Select"
Reg: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" /s /v Start
Reg: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 31 October 2017 - 02:08 PM

Hi JSntgRvr

 

I have to to break this log up, as I got a notification that my post was too long. I hope this is okay. Here is the first half:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Justan (31-10-2017 14:52:36) Run:3
Running from G:\
Loaded Profiles: Justan (Available Profiles: Justan & Natalie & Games & Kids)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
S3 cpuz138; \??\C:\Users\Justan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
C:\Users\Justan\AppData\Local\Temp\cpuz138
FirewallRules: [{71B65BA9-380B-4BDB-B76E-EC94AC58BFFB}] => (Allow) LPort=1900
FirewallRules: [{B40900FB-846A-404D-8C77-88881F21AF5A}] => (Allow) LPort=2869
FirewallRules: [{C246A1D8-5C34-4234-83EC-C1C886B6A39F}] => (Allow) LPort=8298
FirewallRules: [{3D88F786-4432-4619-B92D-4B431452D25E}] => (Allow) LPort=50248
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <==== ATTENTION
Task: {96A3D2EC-B0D7-4AA0-9ECB-17738ECF18BD} - System32\Tasks\{17B577E0-AB93-4010-9B10-853F2CD74B9F} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {CE202A4C-F704-418D-B297-377CBB29752E} - \ReviverSoft Start Menu Reviver Run once task -> No File <==== ATTENTION
Task: {E6BE597D-6E9F-485E-B990-ECB619ED17CA} - \Dregol sefi -> No File <==== ATTENTION
Task: {EEFCB027-8267-4191-8383-47F923CA691D} - \ReviverSoft Start Menu Run once task -> No File <==== ATTENTION
Toolbar: HKU\S-1-5-21-1878577048-805392268-2015328708-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Justan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {CE202A4C-F704-418D-B297-377CBB29752E} - \ReviverSoft Start Menu Reviver Run once task -> No File <==== ATTENTION
Task: {E6BE597D-6E9F-485E-B990-ECB619ED17CA} - \Dregol sefi -> No File <==== ATTENTION
Task: {EEFCB027-8267-4191-8383-47F923CA691D} - \ReviverSoft Start Menu Run once task -> No File <==== ATTENTION
2015-08-05 12:05 - 2013-06-04 13:30 - 000050432 ____R () C:\Users\Justan\AppData\Local\Temp\Extract.exe
2017-10-23 10:05 - 2017-10-23 10:05 - 001856576 _____ (Oracle Corporation) C:\Users\Justan\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-10-07 15:58 - 2017-10-07 15:58 - 000089576 _____ () C:\Users\Justan\AppData\Local\Temp\vsdel.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
C:\ProgramData\StartMenuReviver.exe
2015-08-05 12:05 - 2013-06-04 13:30 - 000050432 ____R () C:\Users\Justan\AppData\Local\Temp\Extract.exe
2017-10-23 10:05 - 2017-10-23 10:05 - 001856576 _____ (Oracle Corporation) C:\Users\Justan\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-10-07 15:58 - 2017-10-07 15:58 - 000089576 _____ () C:\Users\Justan\AppData\Local\Temp\vsdel.exe
CMD: BCDEDIT /ENUM ALL
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\Select"
Reg: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" /s /v Start
Reg: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:


#4 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 31 October 2017 - 02:20 PM

It seems I'll have to break this into multiple parts, in order to fit:

 

 

 
*****************
 
cpuz138 => service not found.
"C:\Users\Justan\AppData\Local\Temp\cpuz138" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71B65BA9-380B-4BDB-B76E-EC94AC58BFFB} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B40900FB-846A-404D-8C77-88881F21AF5A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C246A1D8-5C34-4234-83EC-C1C886B6A39F} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D88F786-4432-4619-B92D-4B431452D25E} => value not found.
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96A3D2EC-B0D7-4AA0-9ECB-17738ECF18BD} => key not found. 
C:\WINDOWS\System32\Tasks\{17B577E0-AB93-4010-9B10-853F2CD74B9F} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{17B577E0-AB93-4010-9B10-853F2CD74B9F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE202A4C-F704-418D-B297-377CBB29752E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReviverSoft Start Menu Reviver Run once task => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6BE597D-6E9F-485E-B990-ECB619ED17CA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dregol sefi => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEFCB027-8267-4191-8383-47F923CA691D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReviverSoft Start Menu Run once task => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key not found. 
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE202A4C-F704-418D-B297-377CBB29752E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReviverSoft Start Menu Reviver Run once task => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6BE597D-6E9F-485E-B990-ECB619ED17CA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dregol sefi => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEFCB027-8267-4191-8383-47F923CA691D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReviverSoft Start Menu Run once task => key not found. 
"C:\Users\Justan\AppData\Local\Temp\Extract.exe" => not found.
"C:\Users\Justan\AppData\Local\Temp\jre-8u151-windows-au.exe" => not found.
"C:\Users\Justan\AppData\Local\Temp\vsdel.exe" => not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => key not found. 
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Classes\.scr => key not found. 
"C:\ProgramData\StartMenuReviver.exe" => not found.
"C:\Users\Justan\AppData\Local\Temp\Extract.exe" => not found.
"C:\Users\Justan\AppData\Local\Temp\jre-8u151-windows-au.exe" => not found.
"C:\Users\Justan\AppData\Local\Temp\vsdel.exe" => not found.
 
========= BCDEDIT /ENUM ALL =========


#5 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 31 October 2017 - 02:21 PM

Finally:
 
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {962717b5-b136-11e2-9dc2-8851fb60267a}
                        {962717b6-b136-11e2-9dc2-8851fb60267a}
                        {962717bc-b136-11e2-9dc2-8851fb60267a}
                        {31fe8adf-b12f-11e2-be6e-806e6f6e6963}
                        {962717ba-b136-11e2-9dc2-8851fb60267a}
                        {962717bb-b136-11e2-9dc2-8851fb60267a}
timeout                 2
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume4
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {80bb20b9-5089-11e3-be6f-8851fb60267a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {31fe8adf-b12f-11e2-be6e-806e6f6e6963}
description             UEFI: IPv6 Realtek PCIe GBE Family Controller
 
Firmware Application (101fffff)
-------------------------------
identifier              {962717b5-b136-11e2-9dc2-8851fb60267a}
description             USB Floppy/CD
 
Firmware Application (101fffff)
-------------------------------
identifier              {962717b6-b136-11e2-9dc2-8851fb60267a}
description             USB Hard Drive
 
Firmware Application (101fffff)
-------------------------------
identifier              {962717ba-b136-11e2-9dc2-8851fb60267a}
description             USB Floppy/CD
 
Firmware Application (101fffff)
-------------------------------
identifier              {962717bb-b136-11e2-9dc2-8851fb60267a}
description             Hard Drive
 
Firmware Application (101fffff)
-------------------------------
identifier              {962717bc-b136-11e2-9dc2-8851fb60267a}
description             UEFI: IPv4 Realtek PCIe GBE Family Controller
 
Windows Boot Loader
-------------------
identifier              {80bb20b6-5089-11e3-be6f-8851fb60267a}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{80bb20b7-5089-11e3-be6f-8851fb60267a}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{80bb20b7-5089-11e3-be6f-8851fb60267a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {80bb20bb-5089-11e3-be6f-8851fb60267a}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {80bb20b9-5089-11e3-be6f-8851fb60267a}
nx                      OptIn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {80bb20bb-5089-11e3-be6f-8851fb60267a}
device                  ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{80bb20bc-5089-11e3-be6f-8851fb60267a}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{80bb20bc-5089-11e3-be6f-8851fb60267a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {80bb20b9-5089-11e3-be6f-8851fb60267a}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {80bb20bb-5089-11e3-be6f-8851fb60267a}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {962717bd-b136-11e2-9dc2-8851fb60267a}
device                  partition=C:
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {80bb20b6-5089-11e3-be6f-8851fb60267a}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume4
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {80bb20b7-5089-11e3-be6f-8851fb60267a}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {80bb20b8-5089-11e3-be6f-8851fb60267a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
Device options
--------------
identifier              {80bb20bc-5089-11e3-be6f-8851fb60267a}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume7
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
========= End of CMD: =========
 
 
========================= Folder: C:\Windows\System32\Drivers ========================
 
2013-11-18 15:49 - 2013-11-18 15:49 - 000000000 _RASH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\103C_HP_cPC_500-023w_Y53316J_0U_Q4CE319093D_E13AM2RR8604_4A_I2ADA_SFoxconn_V1.00_B8.15_T130205_W8101-0_L409_M8077_J1000_7Intel_86A9_93.40_#130419_N10EC8168;168C0032_Z_G80860152_Ohp DVD A DH16ACSHR_DHWP3086.MRK
2013-08-22 07:38 - 2013-08-22 07:38 - 000231424 ___AC [E1832BD9FD7E0FC2DC9FA5935DE3E8C1] (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000108896 ____A [AD508A1A46EC21B740AB31C28EFDFDB1] (LSI) C:\Windows\System32\Drivers\3ware.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000533824 ___AC [E796AE43DDD1844281DB4D57294D17C0] (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2013-08-22 07:37 - 2013-08-22 08:49 - 000079712 ____A [AC8279D229398BCF05C3154ADCA86813] (Microsoft Corporation) C:\Windows\System32\Drivers\acpiex.sys
2013-08-22 07:39 - 2013-08-22 07:38 - 000010240 ___AC [A8970D9BF23CD309E0403978A1B58F3F] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipagr.sys
2013-08-22 07:39 - 2013-08-22 07:38 - 000012288 ___AC [111A89C99C5B4F1A7BCE5F643DD86F65] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2013-08-22 07:39 - 2013-08-22 07:38 - 000010752 ___AC [5758387D68A20AE7D3245011B07E36E7] (Microsoft Corporation) C:\Windows\System32\Drivers\acpitime.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000782176 ____A [7C1FDF1B48298CBA7CE4BDD4978951AD] (PMC-Sierra) C:\Windows\System32\Drivers\adp80xx.sys
2017-02-01 23:28 - 2015-10-13 13:10 - 000559616 ____A [A460C3AF3755A2A79A3C8EFE72E147B5] (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2017-02-01 23:19 - 2016-07-07 18:32 - 000095744 ____A [D5ECE7E7F349EB3C4B152AFF3577280D] (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2013-08-22 07:39 - 2013-08-22 08:43 - 000062304 ___AC [7DFAEBA9AD62D20102B576D5CAC45EC8] (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2015-07-22 15:14 - 2015-03-19 21:56 - 000080384 ____A [FE14D249D39368CA62D8DA6BC94AC694] (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2013-08-22 04:46 - 2013-08-22 04:46 - 000095744 ___AC [7589DE749DB6F71A68489DCE04158729] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2013-08-22 04:46 - 2013-08-22 04:46 - 000098816 ___AC [B46D2D89AFF8A9490FA8C98C7A5616E3] (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000079200 ____A [D2BF2F94A47D332814910FD47C6BBCD2] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000259424 ____A [A8E04943C7BBA7219AA50400272C3C6E] (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000025952 ____A [CEA5F4F27CFC08E3A44D576811B35F50] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000082944 ____A [415DD71628795197F7AFC176CBADC74E] (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000114016 ____A [65045784366F7EC5FB4E71BCF923187B] (PMC-Sierra, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2013-08-22 07:39 - 2013-08-22 07:38 - 000026624 ____A [3DB7721F06BC2FEDB25029EA23AB27DA] (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2013-08-22 08:22 - 2013-08-22 08:43 - 000026464 ___AC [74B14192CF79A72F7536B27CB8814FBD] (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2013-08-22 08:22 - 2013-08-22 08:43 - 000199520 ___AC [38E1F4E0148A24C65D215F14D57B0711] (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-04-19 13:00 - 2013-05-17 00:49 - 003847168 ____A [1BBC9DC016F64B5031A35BBD0C037761] (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athw8x.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000166624 ____A [281F272D964F0540458C7461E679DDEC] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbdiska.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000314640 ____A [CA9D9932A597ACC6EE931FAB854A88F9] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbidsdrivera.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000192584 ____A [A1651522600E7F3CAC76D1E8ED19F062] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbidsha.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000336896 ____A [A2E7E80A6FC50936C462433755CFCF4B] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbloga.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000051336 ____A [347E82D80CCD856E70AD30F65E0005DF] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbuniva.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000039424 ____A [FB38E4E23F4BAAED94DCECD385100F57] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgHwid.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000140192 ____A [66CD7BE57D936EC0E6FE5D6EFA3F27D0] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgMonFlt.sys
2017-04-06 00:11 - 2017-07-19 17:55 - 000139112 ____A [96EEB2B224654ABC4D77AAF965389A8B] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmonflt.sys.150050139442101
2017-04-06 00:11 - 2017-10-20 04:28 - 000102792 ____A [3439B9FE6E2665F94C36C7D375F9ECE8] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgRdr2.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000076832 ____A [4CA84A3A5FB1C89CA119609C3EC1CEEE] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgRvrt.sys
2017-04-06 00:11 - 2017-10-26 16:29 - 001022288 ____A [09882028D20A3FA880B9F2ACF2FE4EA1] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgsnx.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000579584 ____A [6575A751293B76631E5807191D8C9816] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgSP.sys
2017-04-06 00:11 - 2017-10-20 04:28 - 000193768 ____A [D4FD2D0EFE561E23648EBF2A4EA4C1FC] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgStm.sys
2017-04-06 00:11 - 2017-05-14 13:16 - 000159496 ____A [97DF7BC580FE76FBC0F125DCAC7015D5] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgstm.sys.149478219290601
2017-04-06 00:11 - 2017-10-20 04:28 - 000355856 ____A [341BFF7498CD49FA2A686F4C1230E256] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgVmm.sys
2017-04-06 00:11 - 2017-07-03 13:44 - 000353232 ____A [5838281153BBB402393E99E2189FD1E2] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgvmm.sys.149910389500004
2013-08-22 07:39 - 2013-08-22 07:39 - 000050688 ___AC [8CC7F7E4AFCBA605921B137ED7992C68] (Microsoft Corporation) C:\Windows\System32\Drivers\BasicDisplay.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000033280 ___AC [38A82F4EE8C416A6744B6D30381ED768] (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2013-08-22 07:40 - 2013-08-22 08:49 - 000035168 ___AC [99387C515F80270F097F6DD9B5315649] (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2013-08-22 02:57 - 2013-08-12 19:25 - 000017624 ____A [C1ABB0F7E3BEA48A0417BDF6FF14AB21] (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\bcmfn2.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000007680 ____A [EC19013E4CF87609534165DF897274D6] (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2017-02-01 23:24 - 2016-10-04 16:39 - 000101376 ____A [4938A9236300A356F97E378491EE4844] (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000115712 ____A [F3C060444777A59FC63D920719E43CCD] (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000019456 ___AC [1C89EF529DB7DCA98E801EFDCC8437DE] (Microsoft Corporation) C:\Windows\System32\Drivers\BtaMPM.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000036992 ___AC [A8F23D453A424FF4DE04989C4727ECC7] (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2015-07-22 15:16 - 2015-03-08 22:02 - 000057856 ___AC [272A62B660A48AEF366F8A1836CED19F] (Microsoft Corporation) C:\Windows\System32\Drivers\bthhfenum.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000030720 ___AC [71FE2A48E4C93DDB9798C024880B6C07] (Microsoft Corporation) C:\Windows\System32\Drivers\BthhfHid.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000064000 ___AC [EF4B9E7C9AD88C00C18A12B0D22D1894] (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000531296 ____A [A4A73F631FE2AA2826FBE4A399B04DEF] (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000088576 ____A [2FA6510E33F7DEFEC03658B74101A9B9] (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2013-08-22 04:46 - 2013-08-22 04:46 - 000164352 ___AC [C6796EA22B513E3457514D92DCDB1A3D] (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000044032 ___AC [BE9936EDD3267FAAFF94A7835867F00B] (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2017-02-01 23:14 - 2016-05-06 17:59 - 000331608 ____A [F9ED4FFE6EBAC59F564323848974C3B4] (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2017-02-01 23:24 - 2016-11-16 17:49 - 000377176 ____A [9DA497AEAF35AA7BF7710132FC2A9906] (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
2013-04-19 13:05 - 2012-06-25 13:24 - 000092536 ____A [075CCE75090786F124573A788C8656E6] (CyberLink) C:\Windows\System32\Drivers\CLVirtualDrive.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000025472 ___AC [EF6EF85DADC3184A10D8F2F7159973CB] (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2017-02-01 23:24 - 2016-10-10 14:18 - 000022360 ____A [53517BC5BC4DD8B1FC860300A193E992] (Microsoft Corporation) C:\Windows\System32\Drivers\cmimcext.sys
2017-02-01 23:24 - 2016-11-19 17:24 - 000567152 ____A [EFC79D3224D19FD926FFEA0A24729FEF] (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-08-22 07:39 - 2013-08-22 07:38 - 000036352 ___AC [03AAED827C36F35D70900558B8274905] (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000043008 ____A [A1FF7DFBFBE164CF92603C651D304DD2] (Microsoft Corporation) C:\Windows\System32\Drivers\condrv.sys
2013-04-19 13:02 - 2012-05-29 18:53 - 000027456 ____A [2285B31039611D509F6120D691CA661F] (Windows ® Codename Longhorn DDK provider) C:\Windows\System32\Drivers\cpqdfw.sys
2013-08-22 07:40 - 2013-08-22 08:43 - 000068960 ____A [FA47B0AA255B7CF4519E995C6404AE22] (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2013-08-22 07:39 - 2013-08-22 08:50 - 000057696 ____A [315BA4BC19316D72B2E037534E048B93] (Microsoft Corporation) C:\Windows\System32\Drivers\dam.sys
2017-02-01 23:25 - 2016-09-08 10:00 - 000138240 ____A [FBFF94FC1FE0699A6BC5ACE270AB9EA1] (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2017-02-01 23:25 - 2016-01-20 18:40 - 000099672 ___AC [8B1E62881D5AC68E673CD94B136B34AC] (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2013-08-22 07:40 - 2013-08-22 08:43 - 000036192 ____A [224C2CB37497472C345CB2A02DF11363] (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000013312 ____A [407B4FC1AEE5C19AC2ED7118CBB271E9] (Microsoft Corporation) C:\Windows\System32\Drivers\Dmpusbstor.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000029696 ____A [EB70A894708D1BC176AFD690FF06085F] (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000089088 ___AC [F00B189ECA74DDF408AD934ADDC72477] (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000014528 ___AC [00C594D5A1DBD22AD8B2902B9F6EFF94] (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2013-08-22 07:39 - 2013-08-22 08:39 - 000033632 ____A [05F5C162881BE293956C60456EDB0092] (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2017-02-01 23:14 - 2016-06-18 16:06 - 000072408 ____A [C5196B53CA2F8FC637D20DEC386CFBE2] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2015-07-22 15:10 - 2015-03-13 00:03 - 000154432 ___AC [95E295FD19F80B3AD33629B5AEFEC9C7] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2017-02-01 23:15 - 2016-04-10 01:37 - 001549144 ____A [F74B839FA0F4E6060CA1DA6B8DA17941] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000389952 ____A [982B9495F70FEEA269C48F18E960EFDE] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-08-22 07:38 - 2013-08-22 08:43 - 000082784 ____A [43531A5993380CC5113242C29D265FD9] (Microsoft Corporation) C:\Windows\System32\Drivers\EhStorClass.sys
2013-08-22 07:37 - 2013-08-22 08:43 - 000114016 ___AC [6F8E738A9505A388B1157FDDE7B3101B] (Microsoft Corporation) C:\Windows\System32\Drivers\EhStorTcgDrv.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000010240 ___AC [DFFFAE1442BA4076E18EED5E406FA0D3] (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 003357024 ____A [114BCFDF367FF37C3F1B0A96AF542E4D] (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000200704 ____A [7729D294A555C7AEB281ED8E4D0E01E4] (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2013-08-22 07:40 - 2013-08-22 08:49 - 000217952 ____A [7C4E0D5900B2A1D11EDD626D6DDB937B] (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000030720 ___AC [5D8402613E778B3BD45E687A8372710B] (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000079192 ____A [BCFD8B149B3ADF92D0DB1E909CAF0265] (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000034816 ____A [A1A66C4FDAFD6B0289523232AFB7D8AF] (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000025088 ___AC [BE743083CF7063C486A4398E3AEFE59A] (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000354112 ____A [C1FB505A73FA2E9019D32444AB33B75A] (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000030048 ____A [09F460AFEDCA03F3BF6E07D1CCC9AC42] (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000061248 ____A [A7C31B168F371E8E6796219F23E354DB] (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2017-02-01 23:14 - 2016-06-18 16:06 - 000590688 ____A [D4AB6EE3D715BC44C00277FD934FAACF] (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2017-02-01 23:15 - 2015-06-11 16:12 - 000428888 ____A [25991A1635AF725E9DC840A6A36824EC] (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-08-22 04:46 - 2013-08-22 04:46 - 000027136 ___AC [9591D0B9351ED489EAFD9D1CE52A8015] (Microsoft Corporation) C:\Windows\System32\Drivers\fxppm.sys
2013-08-22 07:39 - 2013-08-22 08:43 - 000065888 ____A [FC3EF65EE20D39F8749C2218DBA681CA] (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2013-08-22 03:51 - 2013-06-18 10:41 - 003440660 ____A [7F29903CB8F5590D52DB0C9F97049A25] () C:\Windows\System32\Drivers\gm.dls
2013-08-22 03:51 - 2013-06-18 10:41 - 000000646 ____A [7111BFA692A22E4B3C07F1E6C6FF6F72] () C:\Windows\System32\Drivers\gmreadme.txt
2014-11-21 05:15 - 2014-11-21 05:15 - 000076800 ___AC [D4B7ED39C7900384D9E5C1283F1E7926] (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2012-07-18 04:46 - 2012-07-18 04:46 - 000062784 ____A [772A1DEEDFDBC244183B5C805D1B7D85] (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000026624 ___AC [10A70BC1871CD955D85CD88372724906] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2015-07-22 15:13 - 2015-01-29 23:01 - 000097792 ___AC [42F88B57CAE42FC10059C887B3FCFCEA] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2017-02-01 23:14 - 2016-05-13 19:08 - 000111616 ___AC [177D76B32D417537FAADFF90237A508B] (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000041472 ___AC [C241A8BAFBBFC90176EA0F5240EACC17] (Microsoft Corporation) C:\Windows\System32\Drivers\hidi2c.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000045568 ____A [9BDDEE26255421017E161CCB9D5EDA95] (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2017-02-01 23:14 - 2016-05-13 19:08 - 000032512 ___AC [24E6C1F418BACEE4E7D18266F48FF2EA] (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2017-02-01 23:14 - 2016-05-13 19:08 - 000032768 ___AC [49676FEC898AB2A11B157F848269A56E] (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000064352 ____A [A6AACEA4C785789BDA5912AD1FEDA80D] (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2017-02-01 23:24 - 2016-10-10 19:31 - 000990040 ____A [76A6FDA32A21515B67633497D8FDB1E4] (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2016-02-16 22:16 - 2015-05-07 07:40 - 000223232 ____A [CB32F01890953A2FEE8FE01F289DF726] (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\hw_quusbmdm.sys
2016-02-16 22:16 - 2015-05-07 07:40 - 000287232 ____A [FA354F5C71925DD7384858B593D0F274] (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\hw_quusbnet.sys
2016-02-16 22:16 - 2015-05-07 07:40 - 000116864 ____A [7920776AB1C59BD6EC70424952CC5FD4] (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\hw_usbdev.sys
2013-08-22 07:40 - 2013-08-22 08:39 - 000024416 ____A [90656C0B3864804B090434EFC582404F] (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000013824 ____A [6D6F9E3BF0484967E52F7E846BFF1CA1] (Microsoft Corporation) C:\Windows\System32\Drivers\hyperkbd.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000022016 ____A [907C870F8C31F8DDD6F090857B46AB25] (Microsoft Corporation) C:\Windows\System32\Drivers\HyperVideo.sys
2015-07-22 15:13 - 2014-11-04 02:54 - 000108544 ___AC [49EE0AE9E5B64FFBBD06D55C4984B598] (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2013-08-22 02:57 - 2013-07-30 14:47 - 000024568 ____A [5D90E32E36CE5D4C535D17CE08AEAF05] (Intel Corporation) C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys
2013-08-22 02:57 - 2013-07-25 15:05 - 000099320 ____A [DD05E7E80F52ADE9AEB292819920F32C] (Intel Corporation) C:\Windows\System32\Drivers\iaLPSSi_I2C.sys
2013-08-22 03:01 - 2013-08-09 20:39 - 000651248 ____A [08BFE413B0B4AA8DFA4B5684CE06D3DC] (Intel Corporation) C:\Windows\System32\Drivers\iaStorAV.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000412000 ____A [A2200C3033FA4EF249FC096A7A7D02A2] (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2013-10-21 15:53 - 2013-10-21 15:53 - 004187648 ____A [40E022751ECBBAEAB90C199F3B8358FC] (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2013-10-03 17:51 - 2013-10-03 17:44 - 000039320 ____A [4011430BC9DA46ADFAE9915EFEC312FB] (Intel Corporation) C:\Windows\System32\Drivers\intelaud.sys
2016-10-07 02:41 - 2016-09-14 14:14 - 000093176 ____A [D8A1193FD8E1081DE78AE17280B6556B] (Intel Corporation) C:\Windows\System32\Drivers\IntelHaxm.sys
2013-08-22 08:22 - 2013-08-22 08:43 - 000018272 ____A [4E448FCFFD00E8D657CD9E48D3E47157] (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2013-04-19 13:00 - 2012-07-18 04:47 - 000015168 ____A [4FC11063BF0125B4D55D4C50610800C9] (Intel Corporation) C:\Windows\System32\Drivers\IntelMEFWVer.dll
2014-11-21 05:15 - 2014-11-21 05:15 - 000039744 ___AC [A770340FC02B999EF0DE6C2A6BC8437C] (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys
2013-08-22 04:46 - 2013-08-22 04:46 - 000098816 ___AC [47E74A8E53C7C24DCE38311E1451C1D9] (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2013-08-22 07:35 - 2013-08-22 07:35 - 000084992 ____A [9DB76D7F9E4E53EFE5DD8C53DE837514] (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2017-02-01 23:26 - 2016-02-03 11:14 - 000080896 ____A [C800DCD904016B2BF6AB541083770A3A] (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000142848 ____A [B7342B3C58E91107F6E946A93D9D4EFD] (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000118784 ____A [D826F4874A372FAE2F42478E0975EA02] (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000017920 ____A [AE44C526AB5F8A487D941CEB57B10C97] (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2013-08-22 07:40 - 2013-08-22 08:43 - 000021856 ___AC [8AFEEA3955AA43616A60F133B1D25F21] (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2013-10-03 17:51 - 2013-10-03 17:44 - 000027032 ____A [EE03564B7FAFE2E44EDA33D52E83B4A3] (Intel Corporation) C:\Windows\System32\Drivers\iwdbus.sys
2015-07-22 15:13 - 2014-11-04 15:25 - 000059712 ___AC [5917AFE4A3F695A54B99C1849C8207FE] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2015-07-22 15:13 - 2014-11-04 02:54 - 000032256 ___AC [8CD840A062F6BDF41DDE3ACB96164B72] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000019456 ___AC [813871C7D402A05F2E3A7075F9584A05] (Microsoft Corporation) C:\Windows\System32\Drivers\kdnic.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000295424 ____A [1DD05F4857C2188744B9E864658949DD] (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-02-01 23:18 - 2016-08-22 12:06 - 000100184 ____A [304DA394D958BC3B62AF6DF514005B01] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-02-01 23:18 - 2016-05-18 19:16 - 000178016 ____A [3D4AE520CD6F6FFE549DD195C1F515BE] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000021248 ____A [11AFB527AA370B1DAFD5C36F35F6D45F] (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2013-08-22 07:36 - 2013-08-22 07:36 - 000059392 ____A [C09010B3680860131631F53E8FE7BAD8] (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000109408 ____A [C755AE4635457AA2A11F79C0DF857ABC] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000093536 ____A [ADAC09CBE7A2040B7F68B5E5C9A75141] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000081760 ____A [04D1274BB9BBCCF12BD12374002AA191] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas3.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000082784 ____A [327469EEF3833D0C584B7E88A76AEC0C] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sss.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000124416 ____A [DDEE191AB32DFC22C6465002ECDF5EE4] (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2012-02-24 21:04 - 2012-02-24 21:04 - 000201008 ____A [265CCF3E1874B0FCAFE3D857FFB45034] (M-Audio) C:\Windows\System32\Drivers\MAudioMIDISPORT.sys
2017-10-29 02:00 - 2017-10-04 13:15 - 000077440 ____A [11B9D886D7AE2F2F5C6BC03D7C52FD31] () C:\Windows\System32\Drivers\mbae64.sys
2017-10-29 02:02 - 2017-10-30 19:44 - 000045504 ____A [30F7226AC3603A18FC86DFBEA5EBB13D] (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-10-29 02:02 - 2017-10-29 02:02 - 000192952 ____A [CECCE390C61356C615FB21D735EF5E47] (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2017-10-30 01:02 - 2017-10-30 01:02 - 000252232 ____A [EAC1189D80DE42C84066BA51DAC1A3C0] (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000022016 ____A [C895E3FAE8628EAA4ADE0F52862CA575] (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000056672 ____A [EB5C03A070F30D64A6DF80E53B22F53F] (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000575840 ____A [F6F13533196DE7A582D422B0241E4363] (LSI Corporation, Inc.) C:\Windows\System32\Drivers\megasr.sys
2012-08-29 06:50 - 2012-08-29 06:50 - 000057408 ____A [1C12E44F3C1EB5CDA1477088B0CA3D30] (MusicLab, Inc.) C:\Windows\System32\Drivers\mlkumidi.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000040960 ____A [8B38C44F69259987C95135C9627E2378] (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2013-08-22 07:36 - 2013-08-22 07:36 - 000030208 ___AC [601589000CC90F0DF8DA2CC254A3CCC9] (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2015-07-22 15:13 - 2014-11-04 15:25 - 000051008 ___AC [08374E4E5B8914DE6067CBA99F61E930] (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2015-07-22 15:13 - 2014-11-04 02:54 - 000030208 ___AC [5FCBAB60598AE119E02B4C27DE6B99EA] (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2017-02-01 23:19 - 2016-07-08 18:35 - 000101208 ____A [24DABC0A77FAFDC0E379AB3B30F61BB6] (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000074240 ____A [6FC047578785B0435F4E2660946D1ADC] (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2017-02-01 23:24 - 2016-09-08 10:00 - 000140800 ____A [3F818C1518DA702C8F10259095C9BDE0] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2017-02-01 23:24 - 2016-11-19 15:29 - 000401408 ____A [C3B0566DE49265AE98405825938C20A1] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-02-01 23:18 - 2016-08-20 21:01 - 000284672 ____A [15D7AF1A26CCEBA32DF21A8E2098F463] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-02-01 23:18 - 2016-08-20 21:03 - 000201728 ____A [0790EEB1EC199F8BE8259E47B373ED23] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000030208 ____A [D13329FBF8345B28AB30F44CC247DC08] (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2014-06-29 10:17 - 2014-06-29 10:17 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2015-01-19 03:59 - 2015-01-19 03:59 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-02-18 19:34 - 2014-02-18 19:34 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-04 22:40 - 2014-01-04 22:40 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-11-18 17:22 - 2013-11-18 17:22 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-19 03:59 - 2015-01-19 03:59 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-08-22 07:39 - 2013-06-18 10:52 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01013_Inbox_Critical.Wdf
2013-08-22 07:49 - 2013-06-18 11:20 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-11-21 05:15 - 2014-11-21 05:15 - 000146752 ____A [8DF1254093B5C354CE725EB6B9B0DE19] (Microsoft Corporation) C:\Windows\System32\Drivers\msgpioclx.sys
2013-08-22 07:38 - 2013-08-22 08:43 - 000041824 ___AC [C6B474E46F9E543B875981ED3FFE6ADD] (Microsoft Corporation) C:\Windows\System32\Drivers\msgpiowin32.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000008192 ____A [65C92EB9D08DB5C69F28C7FFD4E84E31] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000009728 ____A [52299F086AC2DAFD100DD5DC4A8614BA] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidumdf.sys
2013-08-22 07:39 - 2013-08-22 08:43 - 000017248 ___AC [36D92AF3343C3A3E57FEF11C449AEA4C] (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2017-02-01 23:24 - 2016-09-09 18:14 - 000275800 ___AC [AD3C1F4BD9167420F04052FDA197CF29] (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000010624 ____A [A9BBBD2BAE6142253B9195E949AC2E8D] (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000066560 ____A [51B3AC0560848CD6D65AC2033E293113] (Microsoft Corporation) C:\Windows\System32\Drivers\mslldp.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000007040 ____A [7B2128EB875DCBC006E6A913211006D6] (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000006784 ____A [1E88171579B218115C7A772F8DE04BD8] (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000366432 ____A [BBE2A455053E63BECBF42C2F9B21FAE0] (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2013-08-22 07:39 - 2013-08-22 08:49 - 000037728 ___AC [8D6B7D515C5CBCDB75B928A0B73C3C5E] (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000007936 ____A [115019AE01E0EB9C048530D2928AB4A2] (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000013312 ___AC [96D604A35070360F0DD4A7A8AF410B5E] (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2017-02-01 23:14 - 2016-04-06 17:21 - 000114528 ____A [438EA7A2D8D4F9B8AFB64748ACA70BA8] (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000063840 ____A [B8C35C94DCB2DFEAF03BB42131F2F77F] (Marvell Semiconductor, Inc.) C:\Windows\System32\Drivers\mvumis.sys
2017-10-30 19:40 - 2017-10-30 19:42 - 000094144 ____A [482F6D603BDCC825768D86D8228BD65F] (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-02-01 23:17 - 2015-07-14 17:59 - 001113944 ____A [97DC5967F65503213FD1F1B3E4A6F983] (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000043008 ____A [8CECC8DA55F3274181FD1EA28AD76664] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000126464 ____A [269882812E9A68FFF1AFE1283D428322] (Microsoft Corporation) C:\Windows\System32\Drivers\NdisImPlatform.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000024576 ____A [82821F4EEC776B4CF11695A38F3ABA46] (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000060416 ____A [B832B35055BA2B7B4181861FF94D8E59] (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2013-08-22 07:36 - 2013-08-22 07:36 - 000016384 ____A [1F58E48EF75F34C35D8E93A0DC535CFE] (Microsoft Corporation) C:\Windows\System32\Drivers\NdisVirtualBus.sys
2017-02-01 23:14 - 2016-04-05 18:37 - 000205824 ____A [C3755FCF9A0B5C6FE8ED9E873B85D3CE] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000072192 ____A [DDD7F92A83F74D1476B71FBA9530A8DC] (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000103424 ____A [3083926D1CC5B56EA0786527B557DD1B] (Microsoft Corporation) C:\Windows\System32\Drivers\Ndu.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000048128 ____A [42FF4975D032CAE558AE4BB8448F6E5A] (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2017-02-01 23:13 - 2016-05-13 19:07 - 000281088 ____A [9DC17B7D9D84C37C102D379FCC7D4942] (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2017-02-01 23:19 - 2015-12-30 16:49 - 000470360 ____A [CECD84D511DEF9759D834FA0AF010400] (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000087040 ____A [D4DCE03870314D3354F3501F9DDD4123] (Microsoft Corporation) C:\Windows\System32\Drivers\netvsc63.sys
2014-06-29 10:15 - 2010-02-03 14:21 - 000047632 ____A [C31FA031335EFF434B2D94278E74BCCE] (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000058880 ____A [8F44A2F57C9F1A19AC9C6288C10FB351] (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000023040 ___AC [CBDB4F0871C88DF930FC0E8588CA67FC] (Microsoft Corporation) C:\Windows\System32\Drivers\npsvctrig.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000039424 ____A [0E046FF5823B95326D10CF1B4AF23541] (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2017-02-01 23:31 - 2015-12-30 17:53 - 002017624 ____A [9980B262DBE439AE6BDC91AA985F19EE] (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-03-04 04:32 - 2009-05-05 20:46 - 000018432 ____A [64DDD0DEE976302F4BD93E5EFCC2F013] (NewTech Infosystems, Inc.) C:\Windows\System32\Drivers\NTIDrvr.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000005632 ____A [EF1B290FC9F0E47CC0B537292BEE5904] (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2013-08-22 07:39 - 2013-08-22 08:43 - 000124768 ____A [6934A936A7369DFE37B7DBA93F5E5E49] (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2013-08-22 03:01 - 2013-08-22 08:43 - 000150368 ____A [BC6B5942AFF25EBAF62DE43C3807EDF8] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000168288 ____A [1F43ABFFAC3D6CA356851D517392966E] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000445440 ____A [008F7CED69FD5B30CBDE1E03C6F36A27] (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000151040 ____A [FC0141B4A5AD6D637D883C1A89FC45C5] (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2017-02-01 23:24 - 2016-08-11 14:33 - 000096256 ___AC [57DCE4FB0467986AE78E1C6FC5240D32] (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000088896 ____A [BAFF6122CFC9F95CA175AD8C348179A4] (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000280384 ___AC [91ED124E261EA8FAA1C0FFDF2A71B0C4] (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2013-08-22 08:22 - 2013-08-22 08:43 - 000014688 ___AC [346E38FCC6859A727DD28AFAD1F0AFF4] (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2013-08-22 08:22 - 2013-08-22 08:43 - 000048992 ___AC [5D4D6146346B82EB3CA4EE0C5573193C] (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2013-08-22 07:40 - 2013-08-22 08:49 - 000114528 ___AC [4D3BDCC1C7B40C9D7B6AD990E6DEC397] (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2013-08-22 04:46 - 2013-08-22 08:39 - 000050016 ____A [BF28771D1436C88BE1D297D3098B0F7D] (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000086336 ____A [24A8DFC07E4BAF29AEA26E383D4CC886] (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000663040 ____A [0ECEE590F2E2EF969FB74A6FC583A1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000272384 ___AC [C76097CA941FA7CAFEDB1E557969025C] (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-08-22 04:46 - 2013-08-22 04:46 - 000092160 ___AC [ECD373F9571C745894367CC2635EA44F] (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000047104 ____A [83868EB2924E6BC21A54337C65D614D1] (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000017408 ____A [B337B1F1E82A83E20A1743E008E25C0F] (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2017-02-01 23:30 - 2016-02-02 14:16 - 000112640 ____A [235624C147E3CB4C288D5D3D8E8D64A2] (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2013-08-22 07:36 - 2013-08-22 07:36 - 000084992 ____A [5247F308C4103CDC4FE12AE1D235800A] (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2013-08-22 07:35 - 2013-08-22 07:35 - 000107520 ____A [E075CC071022BD4E9BE7C024717C0E0A] (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000093696 ____A [41F631007A158FEBB67F0E2AD1601BBA] (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2017-02-01 23:14 - 2016-04-06 14:20 - 000402432 ____A [D67ED4AB59D1EF66B05AD1A81AC28B26] (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-08-22 07:39 - 2013-08-22 07:38 - 000022528 ___AC [6B21EBF892CD8CACB71669B35AB5DE32] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2014-11-21 04:25 - 2014-11-21 04:25 - 000195584 ____A [680C1DAE268B6FB67FA21B389A8B79EF] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2014-11-21 05:17 - 2014-11-21 05:17 - 000027456 ____A [BC8A79C625568DDB7DCA49D0C2741A64] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000249688 ____A [A26AEC49F318FEE141DDDB2C5F99B3E6] (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2017-02-01 23:25 - 2016-10-12 17:11 - 000922968 ____A [2D39BCFA4DD1081B8F282B623456B858] (Microsoft Corporation) C:\Windows\System32\Drivers\refs.sys
2017-02-01 23:30 - 2015-11-05 04:59 - 000145408 ____A [A7D51169CA28B0AA9B5DE2B7EFB5C3C9] (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000032256 ____A [4A24C61ED665DB4D13B93FACA06350CA] (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2015-07-22 15:13 - 2015-04-23 13:01 - 000032256 ___AC [5A184F9BD9C41B2E1CF10D9DE4A1409F] (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000011776 ____A [9746BA79DE0CA5EB5104406A9ED62D01] (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2013-08-22 07:36 - 2013-08-22 07:36 - 000080384 ____A [2D05A5508F4685412F2B89E8C2189ABC] (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2013-08-22 02:57 - 2013-06-18 10:46 - 000591360 ____A [19764658C1468C2C0CEF133D28414A6B] (Realtek ) C:\Windows\System32\Drivers\Rt630x64.sys
2013-08-22 04:46 - 2013-08-22 08:39 - 000107872 ___AC [C624A1B32211C3166EDB3F4AB02A30B7] (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000040960 ____A [13BEA6C882D4D877A5A85CA149C86BC1] (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2014-06-29 10:16 - 2007-01-19 21:24 - 000025312 ___RA [6011CDF54BB6F4C69F38FACCDAD73D7E] (Windows ® Codename Longhorn DDK provider) C:\Windows\System32\Drivers\SCMNdisP.sys
2013-08-22 07:39 - 2013-08-22 08:43 - 000170848 ____A [1C4EB3ACEA98CAD8FC7CF50F629FF0C6] (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2015-07-22 15:10 - 2015-03-13 00:03 - 000239424 ___AC [C54B6B2170BF628FD42F799A66956D75] (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000079192 ___AC [0B1E929D11A8E358106955603FAC65E8] (Microsoft Corporation) C:\Windows\System32\Drivers\sdstor.sys
2013-08-22 11:36 - 2013-08-22 11:35 - 000023040 ____A [3EA8A16169C26AFBEB544E0E48421186] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2013-08-22 07:38 - 2013-08-22 08:43 - 000069472 ____A [DB2FF24CE0BDD15FE75870AFE312BA89] (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000146776 ____A [0044B31F93946D5D41982314381FE431] (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx2.sys
2017-02-01 23:24 - 2016-08-11 14:33 - 000023040 ___AC [1F0135949A6AD6025F363F80FE268251] (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2017-02-01 23:24 - 2016-08-11 14:33 - 000083456 ___AC [81633C87B42B63BA484A6177179AC750] (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2015-07-22 15:13 - 2014-11-04 02:55 - 000026112 ___AC [148195AE95D9BC7375A08846439FDAC1] (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000017408 ___AC [472B7A5AC181C050888DB454663DD764] (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000044896 ____A [2F518D13DD6F3053837FE606F1A2EA1F] (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000081760 ____A [1AC9A200A9C49C4508F04AAFFCA34A3F] (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000019968 ____A [8C0773703184485D57975B6C1ED48730] (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2017-02-01 23:25 - 2016-11-05 16:46 - 000422744 ___AC [546B88E6906EE9813EFE314DC95E3488] (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-08-22 07:38 - 2013-08-22 08:43 - 000072032 ____A [F337BE11071818FC3F5DC2940B6BDE34] (Microsoft Corporation) C:\Windows\System32\Drivers\SpbCx.sys
2017-02-01 23:27 - 2016-08-04 10:17 - 000416768 ____A [36B082C7A764A34FB1DC72D975870B61] (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-02-01 23:27 - 2016-08-03 14:06 - 000675328 ____A [F5849909D4B29B4E3D4445F943E5C7E3] (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-02-01 23:27 - 2016-08-03 14:05 - 000243712 ____A [FABC49666708EA562549E78E6FBF3191] (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-08-22 02:57 - 2013-08-22 08:43 - 000031072 ____A [366DEA74BBA65B362BCCFC6FC2ADFD8B] (Promise Technology, Inc.) C:\Windows\System32\Drivers\stexstor.sys
2011-08-24 14:56 - 2011-08-24 14:56 - 000051496 ____A [B9657A0AFF28C1CB114ACC0CB93EE4BB] (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-08-22 07:40 - 2013-08-22 08:43 - 000107872 ____A [0ED2E318ABB68C1A35A8B8038BDB4C90] (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2017-02-01 23:14 - 2016-06-11 15:52 - 000057184 ___AC [0EDD1F4D470C775740625B06A60C9DD5] (Microsoft Corporation) C:\Windows\System32\Drivers\stornvme.sys
2017-02-01 23:24 - 2016-10-12 17:49 - 000379224 ____A [29C251E0D71EF099682AAE641C29184D] (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-08-22 07:37 - 2013-08-22 08:36 - 000045888 ____A [548759755BC73DAD663250239D7E0B9F] (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000067584 ____A [FF184501F8F556147BBBDE571315C137] (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2013-01-30 05:53 - 2013-01-30 05:53 - 000544768 ____A [5C19EDA23A8FDDDE75E84BF1162E2D75] (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000014144 ___AC [65454187E0F8B6C0DCECB0287D06EC43] (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000029696 ____A [B13A57CE2F17B8C789E895E15F115DB0] (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000021824 ____A [A57A897E3F87B8E9F30A627C42779A76] (Microsoft Corporation) C:\Windows\System32\Drivers\tbs.sys
2017-02-01 23:24 - 2016-09-20 18:30 - 002462040 ____A [2F10C145F517419E17203632FCDA0A13] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-11-21 05:53 - 2014-11-21 05:53 - 000049152 ____A [41CF802064F72E55F50CA0A221FD36D4] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000030208 ____A [3C7361E0A5A6966DB957B94ECF924A9E] (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2017-02-01 23:28 - 2015-10-13 13:10 - 000108032 ____A [E0BD2D83875464FEEEB242CBA8B7E073] (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2014-11-21 04:25 - 2014-11-21 04:25 - 000037216 ___AC [232D185D2337F141311D0CF1983E1431] (Microsoft Corporation) C:\Windows\System32\Drivers\terminpt.sys
2017-02-01 23:24 - 2016-09-08 16:41 - 000121176 ____A [BC6CC1188FD294997CFDE1E5A7A301F0] (Microsoft Corporation) C:\Windows\System32\Drivers\tm.sys
2017-02-01 23:30 - 2015-09-29 08:24 - 000155480 ___AC [80A2FC1A089A71F2DBE5D8394FFB009F] (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2015-06-06 09:45 - 2015-06-06 09:45 - 000037624 ____A [531121E7ED50084B493A69F8F8A7A927] () C:\Windows\System32\Drivers\TrueSight.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000056320 ____A [BF8F54CA37E9C9D6582C31C5761F8C93] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000029696 ___AC [20185BEB7512EDE4EFECDFA148AC9F99] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2017-02-01 23:28 - 2015-09-04 15:24 - 000154112 ____A [E85916632CD3B9E9B546968DB950BF42] (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2013-08-22 07:39 - 2013-08-22 08:43 - 000064864 ____A [F6EEAD052943B5A3104C1405BB856C54] (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2013-08-22 07:37 - 2013-08-22 08:43 - 000074080 ___AC [FE6067B1FD4E63650C667B33D080565B] (Microsoft Corporation) C:\Windows\System32\Drivers\uaspstor.sys
2014-03-04 04:32 - 2009-05-05 20:46 - 000016896 ____A [2E22C1FD397A5A9FFEF55E9D1FC96C00] (NewTech Infosystems Corporation) C:\Windows\System32\Drivers\UBHelper.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000189248 ___AC [807F8CF3E973305FC435C61CBBEE2A49] (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2015-07-22 15:13 - 2015-03-12 22:02 - 000316416 ____A [C61EAF8E1E4B2F62BA4FDF457440B2C6] (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2013-08-22 07:40 - 2013-08-22 08:39 - 000026976 ___AC [9578691F297E1B1F519970FE6D47CB21] (Microsoft Corporation) C:\Windows\System32\Drivers\uefi.sys
2013-08-22 07:39 - 2013-08-22 08:43 - 000065888 ____A [5EAB5117DDB24FC4D39E6FFFCF1837B9] (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2013-08-22 07:39 - 2013-08-22 07:38 - 000046080 ___AC [DA34C39A18E60E7C3FA0630566408034] (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2013-08-22 07:39 - 2013-08-22 07:38 - 000011776 ___AC [AE8294875E5446E359B1E8035D40C05E] (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2015-07-22 15:13 - 2015-04-24 22:25 - 000020992 ____A [312BB35275EB15145F4B6D1FFCE56C50] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2015-07-22 15:13 - 2015-04-24 22:25 - 000020992 ___AC [B73B55A194BEAF71985211279585A316] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000121088 ___AC [DF355EB0199198728027962DCFCDE5FB] (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000032512 ____A [5D45329A96B1A417DC7F59FDEABC0DDE] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000143680 ___AC [FF78D053A05E5A394F4E3C1816CC65A8] (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000098304 ___AC [0139248F6B95CF0D837B5B46A2722D40] (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2017-02-01 23:18 - 2015-10-11 02:34 - 000027992 ____A [9A2B3A98D7982372CA36A823F673EFB8] (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-02-01 23:29 - 2016-01-08 21:38 - 000091992 ___AC [C996CBEF922B5653A01E3F50DDCE2F86] (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-02-01 23:18 - 2015-10-11 02:34 - 000462168 ____A [CD81683F4553677B9BF5163A922153EB] (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-02-01 23:18 - 2015-10-11 02:34 - 000468824 ___AC [5C90D5379B53590FBB24BBAD4FA682EE] (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2017-02-01 23:18 - 2015-10-10 14:41 - 000030208 ____A [A0F0484C97D6441ED6A75D7426ECCC9E] (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-02-01 23:18 - 2015-10-11 02:34 - 000443224 ____A [D25F0093A71FFB355160358DD70B0373] (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-08-22 07:36 - 2013-08-22 07:36 - 000026112 ___AC [4D655E3B684BE9B0F7FFD8A2935C348C] (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000030720 ____A [3431FBFAC156EB7FEF9B936EC2A77AF6] (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000044544 ____A [0F030491BA4A27BD46F8B8ACEEE83F1A] (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2016-02-16 22:16 - 2015-05-07 07:40 - 000033280 ____A [B57B4F0BEC4270A281B9F8537EB2FA04] (Microsoft Corporation) C:\Windows\System32\Drivers\usbser.sys
2017-02-01 23:17 - 2016-01-31 15:16 - 000148832 ___AC [9D168BFA334D47BE404367EB58D4E130] (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2017-02-01 23:18 - 2015-10-10 14:41 - 000037376 ____A [FC974B03C8B87455F44F734C8F31A3C8] (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000212736 ___AC [5C8F604F6DC74177CDD8372D7B1ADFF0] (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2015-07-22 15:10 - 2015-04-16 02:17 - 000325464 ___AC [44603DA5A87FB491EF59C889EBBB4DDB] (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2017-10-09 22:34 - 2017-09-13 11:04 - 000965984 ____A [E0323496872FDCED10E64A49312BA448] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2017-09-13 11:04 - 2017-09-13 11:04 - 000196040 ____A [E330CAD54160934D1FB0CC35A49C9CD1] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp6.sys
2017-09-13 11:04 - 2017-09-13 11:04 - 000206976 ____A [B74B2FDA5BF4731515E564B71BBB0C15] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetLwf.sys
2017-09-13 11:04 - 2017-09-13 11:04 - 000138432 ____A [7A173FA634C6D858A7CD403C4B44D8FF] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSB.sys
2017-10-09 22:34 - 2017-09-13 11:04 - 000149816 ____A [B6D30F19832E3695B107BBA0F78DD3CB] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2013-08-22 07:38 - 2013-08-22 08:37 - 000037728 ___AC [FEB26E3B8345A7E8D62F945C4AE86562] (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000175960 ____A [A026EDEAA5EECAE0B08E2748B616D4BD] (Microsoft Corporation) C:\Windows\System32\Drivers\VerifierExt.sys
2017-02-01 23:24 - 2016-10-09 18:59 - 000551256 ___AC [8ABB4BABF59F092DF0B43778D8FD1884] (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2013-08-22 08:22 - 2013-08-22 08:43 - 000019808 ____A [06D38968028E9AB19DE9B618C7B6D199] (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000049152 ____A [608BD5400EFD2307A5F8DDDC87775734] (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000089368 ____A [A53E798C06D729CCF8459968B4372F6E] (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmcl.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000097048 ____A [511AD3FF957A0127E6BD336FF6F89C38] (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2013-08-22 07:37 - 2013-08-22 07:37 - 000021760 ____A [DA40BEA0A863CE768C940CA9723BF81F] (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000011264 ____A [0BF5CAD281E25F1418E5B8875DC5ADD1] (Microsoft Corporation) C:\Windows\System32\Drivers\vmgencounter.sys
2013-08-22 07:38 - 2013-08-22 07:38 - 000007168 ____A [1A063730F221B2746FF00457AE17E4F0] (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000049944 ____A [8B9486B64E5FC17FB9CC04CA10B77A34] (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys
2017-02-01 23:15 - 2016-04-11 02:21 - 000074584 ___AC [436E1A724E7E683F6B612D3D58F04241] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2013-08-22 07:40 - 2013-08-22 08:39 - 000377696 ____A [CCB9E901F7254BF96D28EB1B0E5329B7] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2017-02-01 23:17 - 2016-03-14 12:50 - 000316760 ___AC [17F7B0F2298D97F4B6C7A69511033D3D] (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2017-02-01 23:23 - 2016-01-26 15:15 - 000072024 ____A [DAC438FB5FF85A9E72806E2341D5D732] (Microsoft Corporation) C:\Windows\System32\Drivers\vpci.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000168800 ____A [4539F45F9F4C9757A86A56C949421E07] (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2013-08-22 03:01 - 2013-08-22 08:43 - 000305504 ____A [0849B7260F26FE05EA56DED0672E2F4B] (VIA Corporation) C:\Windows\System32\Drivers\VSTXRAID.SYS
2017-02-01 23:24 - 2016-08-12 20:03 - 000024576 ____A [71066FF95C487327E44C8AF1B72EBE8B] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2017-02-01 23:24 - 2016-08-12 20:02 - 000071680 ____A [29AB43937FFDA0B0FB56984226E698C6] (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2017-02-01 23:24 - 2016-08-12 20:01 - 000038912 ____A [8B8624A93E3F88CB923AEB05B6313227] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2013-08-22 07:39 - 2013-08-22 07:39 - 000026752 ___AC [0910AB9ED404C1434E2D0376C2AD5D8B] (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2014-11-21 05:16 - 2014-11-21 05:16 - 000080896 ____A [6505C9E72910F91D4C317EECF22D1DE6] (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2014-11-21 04:52 - 2014-11-21 04:52 - 000054272 ____A [9CC0003FB8ED3763B977B43F1012FF63] (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2017-02-01 23:23 - 2015-07-07 05:40 - 000044560 ____A [81285DDC994F03379DB46419300B2DCB] (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000839488 ____A [CB6C63FF8342B467E2EF76E98D5B934D] (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2016-02-16 22:16 - 2015-05-07 07:40 - 001721576 ____A [4DA5DA193E0E4F86F6F8FD43EF25329A] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01009.dll
2017-02-01 23:23 - 2015-07-07 05:40 - 000270168 ____A [26B8FED3F3B85F5F0C4BD03FD00B9941] (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000060224 ____A [42C23552FC0BF2BAB9053BE6E4DC3D13] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2017-02-01 23:23 - 2015-07-07 05:40 - 000114520 ____A [CE67080F00E0AF32755096CEA6430ABA] (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2013-08-22 07:40 - 2013-08-22 08:39 - 000038240 ____A [2E0AF5B354ED1BB10314353B6A625B68] (Microsoft Corporation) C:\Windows\System32\Drivers\werkernel.sys
2017-02-01 23:14 - 2014-11-10 14:06 - 000136512 ____A [715ABA3DD164D06457A2A3C92F6EA9D5] (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000033600 ____A [5F66B7BB330AA80067FC66149A692620] (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000061208 ____A [10A78656BF6126245631705E45F9B9CF] (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys
2017-02-01 23:18 - 2015-10-10 14:40 - 000078848 ___AC [3AF1FA17F1C4ACBDB660D8F98B1A9C13] (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2016-02-16 22:16 - 2015-05-07 07:40 - 001002728 ____A [246900CE6474718730ECD4F873234CF5] (Microsoft Corporation) C:\Windows\System32\Drivers\winusbcoinstaller2.dll
2013-08-22 07:40 - 2013-08-22 07:40 - 000016384 ___AC [2834D9D3B4F554A39C72F00EA3F0E128] (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000018272 ____A [1FE5DDC32243469E6FA4440C02775A34] (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2014-11-21 05:17 - 2014-11-21 05:17 - 000157016 ____A [7FC5667DF73D4B04AA457CC3A4180E09] (Microsoft Corporation) C:\Windows\System32\Drivers\wof.sys
2014-11-21 05:17 - 2014-11-21 05:17 - 000054784 ____A [A2468CC3509394A33C4C32F99563D845] (Microsoft Corporation) C:\Windows\System32\Drivers\wpcfltr.sys
2013-08-22 07:38 - 2013-08-22 08:36 - 000026976 ____A [9F2904B55F6CECCD1A8D986B5CE2609A] (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUpFltr.sys
2013-08-22 09:25 - 2013-08-22 09:25 - 000023392 ____A [38CAE0D33091C6F3B542F230E70ED44B] (Microsoft Corporation) C:\Windows\System32\Drivers\WppRecorder.sys
2013-08-22 07:40 - 2013-08-22 07:40 - 000021504 ____A [AE072B0339D0A18E455DC21666CAD572] (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000113664 ____A [481286719402E4BAEFEA0604AB1B5113] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2014-11-21 05:15 - 2014-11-21 05:15 - 000226304 ____A [D7B4859227B02BCC1055B279A63C937F] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2016-02-16 22:16 - 2015-05-07 07:40 - 002152176 ____A [EBF9EE8A7671F3B260ED9B08FCEE0CC5] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFUpdate_01009.dll
2014-11-21 04:00 - 2017-02-02 03:34 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\en-US
2014-11-21 04:00 - 2014-11-21 04:00 - 000011776 ____A [CCA2D0FF42F019AA8D85BF2FB6E15F41] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\1394ohci.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000010240 ____A [B5DA56EFD818F1C893E2107EC968CE05] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000021504 ____A [3606D04BC7E6E305737BEC91CC8A6D0D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [A6B3942C1A97C929F4670B7B63370FF8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\AGP440.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000014336 ____A [3B950A7C26EC075CC10D42826A2A4DF8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000014336 ____A [BBF7FD5AB839E2AA43D3B0ED9E39A0D0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdppm.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000007168 ____A [CD43E5E2C950394ECD31F48E679FD97B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ataport.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000007680 ____A [5FEAB7F5FF9E12200DA263C7C868FDFC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003584 ____A [2EA0F0337ABE762EB176210C5A0E683C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthA2DP.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [40FE2A1CCF317A94B5FD56D497E79A13] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthAvrcpTg.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [9E9A08BA6542B63C0231DD321F0030C1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthenum.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [4B3767CBC898F2B2888AB20C3235D106] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthhfenum.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [0C6D47DDFA425E40ADC00DD502195310] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthhfHid.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000012800 ____A [5DC5D6A51716CA7F90CFB74E7C599C8B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthLEEnum.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [02F4FEF291855F17E1B1E659D8BC221B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthMini.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004608 ____A [5433113535C5AAE479DA3A154D9A861C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000032768 ____A [5FB5B412D00636CC62BC3066AF8B1229] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [D755E6687A0EE30DE68DB7A3318C7534] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BTHUSB.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [DB12C55AE25DEA570948972948084FD0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\cdrom.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005632 ____A [1F619FB6D31D68F205AE220C3BF206E2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\disk.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005632 ____A [D783AC74060F59166C0637C0DB2DCEA0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\dumpsd.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000008192 ____A [51DF0DF6DB0D673B9C02D54FCAC2CC50] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\EhStorTcgDrv.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005120 ____A [102577751A4F9B0A571B17404447A38B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2014-11-21 04:53 - 2014-11-21 04:53 - 000021504 ____A [926EEDC62C2FCD647BC0D04675EE853E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fvevol.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000007680 ____A [71E571A0593B9904BBC95A09C7E5B7A1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fwpkclnt.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [FAC96A2530D79BBE22C2905A6FEDCF46] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\GAGP30KX.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004096 ____A [99CD0F950160DEC012C3E557392DD925] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hdaudbus.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [747F9203A6DF183606D1CBA3924012FD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\HdAudio.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [14AE860A5AEAFC68EB6CF3B16DF98376] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000006144 ____A [6BDAE5E18E43D55D879A38C17246B11B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidclass.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003584 ____A [ED627E47A085C7D7046904681C5EDC64] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidi2c.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000038400 ____A [2AE5E1E320C912D7ADA1141A791E6B0E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000010240 ____A [E4ABFFE744B447B16D7E404DD370EDEF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000014336 ____A [92471F1B99E986EAED0A5A1E39B707A5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000006144 ____A [CE20CC9255F7A42651AA98EFB37017DB] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004096 ____A [B535EE71D2A9E7F372C6EDA3CC08E5D9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003584 ____A [89F45D27D843BB126CE75506EECAB27E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004608 ____A [A13626BF0E5BE4EC425110ED6398289D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [70F8E3861137B366290C76CC87DCC7A6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2014-11-21 04:52 - 2014-11-21 04:52 - 000002048 ____A [89044CB6A2E99FCD6892CC6F95FA052E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ks.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000006656 ____A [589F4B32669697DCC86C87796AB9002A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003584 ____A [14C735491D0B03CD54D429DD35BED47A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004096 ____A [2BDE3CAEF7E91D3EDE75004A70015488] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [A375D5A8086D30B50CDBED853D2DDA33] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2017-02-01 23:27 - 2015-07-15 13:15 - 000002560 ____A [4AF392CEEDBEBEB4276A4B846690EDA7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mountmgr.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000055296 ____A [D0CE1060C18401B68D3B83C68FB5A4B5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mrxsmb.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [867F15AFDDF027A72DACF055AFA74BB5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mshidkmdf.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [CAE33B50C378B0E89A2F0FA1501B20CC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mshidumdf.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000008704 ____A [A1F415FFCBC26FA88C3644AC094F5DB7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mslldp.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [2CFB49C6E6E1EB57545A83D4655C6056] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [C4634B62A436D99F46284D14188D7AB1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\MTConfig.sys.mui
2017-02-01 23:14 - 2015-01-10 05:07 - 000012800 ____A [78BAA3F54ED5AC8082D1AA985E0109EF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mup.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000057856 ____A [F450E013F78D0A5F1F17A96CB1233A27] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndis.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005632 ____A [35B1981AFD2DAC97DBE60ED3060CA3B0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndiscap.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000011264 ____A [8C4A2BA8EB99FD7CDF936EB9E696EAE0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NdisImPlatform.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [8105B2BCB7472FE152999DBC1BBC1293] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndisuio.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [9CDF5709BBAAB7058D7E25116962B91E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NdisVirtualBus.sys.mui
2014-11-21 05:47 - 2014-11-21 05:47 - 000084992 ____A [0A132F1DD6167033D8942BDE1A9CA978] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [9A288DB3E2E4DFF9D50848F918A0D205] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NV_AGP.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000014336 ____A [8408E3E07817356E554343A1858C046C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\nwifi.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000017408 ____A [AAE0D51E60BA789F37E6F10CCDDA3B98] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003584 ____A [46E64135EC40C997D0A1505F5D25F617] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [5F4FDF4706FB6E2A59DA1FD2273F01F2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\partmgr.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000008192 ____A [6CDB4C7AE4EA0337A3072F14817C67F4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004096 ____A [78E7F147FA21050EE167BF2F6F402250] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [A7AC203417A1933936DC1CF897FCEBBB] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pdc.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [EAD2F339CE0D4167A7A6310364FCBD39] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004096 ____A [7C2DB6B9CD440A339FE0702F35B377C1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\portcls.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000014336 ____A [2E16897A12A9CB0B49CA832C290F11A4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [F3B786F1518B985EB2DF6154D460D6F3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005632 ____A [555F9097CDC4EBFAB371523CC6569A5A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdbss.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [51D107C9434AAB4C7FF006881AA3D684] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdpdr.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000008192 ____A [CD7D055498F2CBA489DE234AF2859994] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\refs.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [CE456D3022A8963259DC2E247DAB4C1F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [D05D2E5DAC0E94A098F7C83CA9F0D9FF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismp6.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [CE456D3022A8963259DC2E247DAB4C1F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [E740847276E386D2DB79F83EABFBAB2E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scfilter.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [4B5307E8DF2F798C72E80FD1F77CCCCD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005632 ____A [8BFA30900E037CBE612A30824304AED4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sdbus.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [ABF5E3081386BB6328A0A2609EB05842] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sdstor.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003584 ____A [6646B085AFD4E8A457D8D1BA27167C48] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sercx.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000008704 ____A [9F79EA2950BCF1BFD87EFFB333DDD928] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sercx2.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000010240 ____A [F5BEC30FE6093C89C0380B617F1D9D7E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005120 ____A [6E7CBABB993BC0E1ACBEDD2769F133FF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [8FC0CC5F7BF27FB1A293D7EE66FC3C2F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2017-02-01 23:25 - 2016-01-24 10:35 - 000040960 ____A [9144FCF3AD8DAB06127F7AF7D2969AFD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\spaceport.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004096 ____A [55DD1A8228C09A259606001D1C60C009] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\spbcx.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [B19FFEAD517844AAC7DCFF652D900469] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000061440 ____A [7EA48C53FEDAD1DF9EA69140E95C5C60] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv2.sys.mui
2017-02-01 23:15 - 2016-03-11 11:12 - 000086528 ____A [6FD95912A5A219D79F376A2839567EBC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tcpip.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000008192 ____A [38FD7DF71EF1938646FE6BE00A5C51B7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [5A9FA86928CC75DD03C0923AD2C39BAF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbflt.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000007680 ____A [7A444882987D5D96C18BB5CFBCD2B386] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tunnel.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [F038F9F62D356510CEB7EC7453643599] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\UAGP35.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000012288 ____A [5504447B7B5F3ADD660F51C7CAD2C195] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\UCX01000.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [667AF0980B238CE5BE2E8552C7DBCCF4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ULIAGPKX.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [21B25F46EC3B0D49BB2041333C5B39B0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [F1298FD692F5E9C9EAFBE917E0DC500B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBAUDIO.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000003072 ____A [17FA2B0B3DDF42A80EBAB4F44C07D26F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbehci.sys.mui
2014-11-21 05:15 - 2014-11-21 05:15 - 000014336 ____A [1F85505E3AD14BBF433FFF8A1514757D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbhub.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000020480 ____A [F911CF1E512B09123ED2D8634A4E66FA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBHUB3.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000026112 ____A [D23E6B1CAD00F60CCA8F12E49D3E91C0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbport.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [B2A62B9ACA3A68AB872EB5638D7E8FCA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbrpm.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [8532FAE8E484F5B08318013F1532738D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBSTOR.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [9925DB33B91939166DAEE12CA7C412A4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbvideo.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000014848 ____A [09A5B9D1965B98C60E01DAF6FED40BFA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBXHCI.SYS.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005120 ____A [02BD6A9AD41077AA823B399A304EEE44] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vdrvroot.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000013312 ____A [2028053C56B3A17EEBF75BB96834DAA7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhdmp.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [427A9E28038A6C0E80646621C6D02BA2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgrx.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000023552 ____A [7F4A513CB90D51EB39CA955CF0FE23DB] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volsnap.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [26E9F6CFBF2DC479ADBC7319D7369296] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vwifibus.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000004096 ____A [79BFC84AEDA75F27E398394B398EB477] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [CA1844B4098F1D6C2520699A7242C5C4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [BFEE4840A672728A70ABDC452654B37C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wfplwfs.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000013824 ____A [096724B4585F818F3E879F579C8AA13C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wmbclass.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [2B0B166692208DDA856662C490ABF0B3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\WpdUpFltr.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [7C0AE658C7BE463B68BEC51E9AEFE203] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ws2ifsl.sys.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [61F2D3C5CAB218B914825B23B3E68AAF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wudfpf.sys.mui
2013-08-22 09:36 - 2017-10-31 14:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\etc
2012-07-26 01:26 - 2017-10-31 14:52 - 000000035 ____A [90C8F3BA7DB5CB3562298C2E11C97C52] () C:\Windows\System32\Drivers\etc\hosts
2012-07-26 01:26 - 2015-06-06 09:58 - 000000768 ____A [B3DBF8EC3CA880E1BB169EA3C2134ABA] () C:\Windows\System32\Drivers\etc\hosts_bak_981
2013-08-22 11:36 - 2013-08-22 11:35 - 000003683 ____A [18413B90E1B291EC3E777A845C37CFEE] () C:\Windows\System32\Drivers\etc\lmhosts.sam
2013-08-22 09:25 - 2013-08-22 09:25 - 000000407 ____A [B65A1232FB4B35827CE7C5E2F8EC8947] () C:\Windows\System32\Drivers\etc\networks
2013-08-22 09:25 - 2013-08-22 09:25 - 000001358 ____A [7700D22FA108234E623D65FA72D9E29C] () C:\Windows\System32\Drivers\etc\protocol
2013-08-22 09:25 - 2013-08-22 09:25 - 000017463 ____A [D9E1A01B480D961B7CF0509D597A92D6] () C:\Windows\System32\Drivers\etc\services
2013-08-22 11:33 - 2016-01-03 07:35 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF
2014-11-21 05:15 - 2014-11-21 05:15 - 000088576 ___AC [6C2117ABA0F9C6B9238DA92A4179EF1F] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\EhStorPwdDrv.dll
2014-11-21 05:15 - 2014-11-21 05:15 - 000054272 ___AC [9E5A866A051CA31C84156A6803606E51] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\HidBthLE.dll
2014-11-21 05:15 - 2014-11-21 05:15 - 000231424 ____A [CA39EFD31F43A5BF85011D13C7BC72B9] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\LocationProvider.dll
2014-11-21 05:15 - 2014-11-21 05:15 - 000297984 ___AC [B751B25DD96BEDEEF32A075544A10803] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2014-11-21 05:15 - 2014-11-21 05:15 - 000970240 ___AC [35F42821BAD4E305072B36C0720B85D5] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdMtpDr.dll
2011-07-22 20:47 - 2011-07-22 20:47 - 001093632 ____A [58F622E17C8E37215742B820BF191D6C] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\ZuneDriver.dll
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\cs-CZ
2011-08-05 17:02 - 2011-08-05 17:02 - 000005632 ____A [39CD738C882C1675B6DFE8DCFC332813] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\cs-CZ\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\da-DK
2011-08-05 17:02 - 2011-08-05 17:02 - 000006144 ____A [67343CE3D7E0086FBD78B0C291543D3F] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\da-DK\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\de-DE
2011-08-05 17:02 - 2011-08-05 17:02 - 000006144 ____A [0A145CF70D0C9C063F8DEC8DF0B2EE72] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\de-DE\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\el-GR
2011-08-05 17:02 - 2011-08-05 17:02 - 000006656 ____A [301A6F07A24FCA1EA19A3B6DB71880DF] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\el-GR\ZuneDriver.dll.mui
2014-11-21 04:00 - 2015-01-19 04:09 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\en-US
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [BE37860FC26885A492DE883F3938F639] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\HidBthLE.dll.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002048 ____A [E5A318E3FAD0729EB0934117322E5594] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\hidscanner.dll.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [EF3547EAF8B3AC95BCF36CB84B3C32DC] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\idtsec.dll.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000005632 ____A [7FFEA04D96C5961BBAC8253890661D4D] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\LocationProvider.dll.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [AD4D7D1BF668CC7BACE7CAABF4344D4B] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\mgtdyn.dll.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000009728 ____A [EE3C4AFD2A446B676A9A3FFA92294F04] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\SensorsHIDClassDriver.dll.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000002560 ____A [7B6E6AE3E171D15C17B16A63810AEDEC] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
2014-11-21 04:00 - 2014-11-21 04:00 - 000006144 ____A [4D56FE5E7334CD9C1D956F207D18E4EE] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
2011-08-05 16:45 - 2011-08-05 16:45 - 000006144 ____A [9F4A1860650C895CCD475E3D9696A14D] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\es-ES
2011-08-05 17:02 - 2011-08-05 17:02 - 000006656 ____A [B29D902E56206EA39546D84E8D77A0B8] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\es-ES\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\fi-FI
2011-08-05 17:02 - 2011-08-05 17:02 - 000006144 ____A [81E332748DA61C0160DD76B289ADABD0] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\fi-FI\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\fr-FR
2011-08-05 17:02 - 2011-08-05 17:02 - 000006144 ____A [6190623707A342B968EC850E48BA7AA3] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\hu-HU
2011-08-05 17:02 - 2011-08-05 17:02 - 000006656 ____A [533FD47393E6A26E2263D0EDF10DB357] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\hu-HU\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\id-ID
2011-08-05 17:02 - 2011-08-05 17:02 - 000006144 ____A [B1405FA174699D4C592E345168DCB6DB] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\id-ID\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\it-IT
2011-08-05 17:02 - 2011-08-05 17:02 - 000006656 ____A [DE6B8EF04149979EDA1DB35236123127] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\it-IT\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\ja-JP
2011-08-05 17:03 - 2011-08-05 17:03 - 000004608 ____A [F4388727985C5F84D5A554F181A6FB25] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\ja-JP\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\ko-KR
2011-08-05 17:03 - 2011-08-05 17:03 - 000004096 ____A [4CFF7BB7734D18738ED80C6661A98A86] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\ko-KR\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\ms-MY
2011-08-05 17:03 - 2011-08-05 17:03 - 000006144 ____A [DCB71C585CAF5CDE944E9153A3EBB847] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\ms-MY\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\nb-NO
2011-08-05 17:03 - 2011-08-05 17:03 - 000005632 ____A [51DB803658491CD2384384C66DF4018F] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\nb-NO\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\nl-NL
2011-08-05 17:03 - 2011-08-05 17:03 - 000006656 ____A [F03F3125F0AEC6BBB864DF6C5089569B] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\pl-PL
2011-08-05 17:03 - 2011-08-05 17:03 - 000006144 ____A [A39EF733D78B6BCD180B53A73CF78861] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\pl-PL\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\pt-BR
2011-08-05 17:03 - 2011-08-05 17:03 - 000006144 ____A [B83ED39BA3DAFFFFDBCA7A606572A6F0] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\pt-PT
2011-08-05 17:03 - 2011-08-05 17:03 - 000006144 ____A [64A9DF8BC5CBBA500D4021A4238D0F6C] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\ru-RU
2011-08-05 17:03 - 2011-08-05 17:03 - 000006144 ____A [A8D2D03979BB88B8C65019CB546A2FEE] (Корпорация Майкрософт) C:\Windows\System32\Drivers\UMDF\ru-RU\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\sv-SE
2011-08-05 17:03 - 2011-08-05 17:03 - 000006144 ____A [407E4148015043A5155F93F033277059] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\sv-SE\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\zh-CN
2011-08-05 17:03 - 2011-08-05 17:03 - 000003584 ____A [6B70C1A7FDB344580F6EE5B045BF9949] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\zh-CN\ZuneDriver.dll.mui
2015-01-19 04:11 - 2015-01-19 04:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\zh-TW
2011-08-05 17:04 - 2011-08-05 17:04 - 000003584 ____A [B736A313BA98F8FAC8DC524253823326] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\zh-TW\ZuneDriver.dll.mui
 
====== End of Folder: ======
 
 
========= Reg query "HKEY_LOCAL_MACHINE\SYSTEM\Select" =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0x1
 
 
 
========= End of Reg: =========
 
 
========= Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" /s /v Start =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1394ohci
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3ware
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a2AntiMalware
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpiex
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpipagr
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AcpiPmi
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpitime
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdAppMgrSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeARMservice
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeUpdateService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADP80XX
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AeLookupSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\agp440
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AGSService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ahcache
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmdK8
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmdPPM
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdsata
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdsbs
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdxata
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppHostSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppID
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppIDSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Appinfo
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppReadiness
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppXSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arcsas
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\athr
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Audiosrv
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Autodesk Content Service
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG Antivirus
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbdisk
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbIDSAgent
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbidsdriver
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbidsh
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgblog
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbuniv
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgHwid
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgMonFlt
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgRdr
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgRvrt
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgSnx
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgSP
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgStm
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgsvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgVmm
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AxInstSV
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b06bdrv
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BasicDisplay
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BasicRender
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bcmfn2
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDESVC
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bowser
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BthAvrcpTg
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BthHFEnum
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bthhfhid
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BthHFSrv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHMODEM
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bthserv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdfs
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\circlass
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cleanhlp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLFS
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClickToRunSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLVirtualDrive
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmBatt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CNG
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CompositeBus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\condrv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cphs
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dam
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defragsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DeviceAssociationService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DeviceInstall
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfsc
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DigitalWave.Update.Service
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\disk
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmvsc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dot3svc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkaud
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Droid4XService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DsmSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DXGKrnl
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ebdrv
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EhStorClass
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EhStorTcgDrv
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epp
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EPSTNT01
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ErrDev
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exfat
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastfat
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fhsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileInfo
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Filetrace
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FlexNet Licensing Service 64
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\flpydisk
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FsDepends
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fs_Rec
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fvevol
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FxPPM
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gagp30kx
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GamesAppIntegrationService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GamesAppService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gencounter
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GPIOClx0101
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdate
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdatem
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidBatt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidBth
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidi2c
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidIr
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HiSuiteOuc64.exe
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupProvider
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpqwmiex
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HpSAMD
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPSupportSolutionsFrameworkService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HuaweiHiSuiteService64.exe
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwpolicy
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hyperkbd
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HyperVideo
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaLPSSi_GPIO
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaLPSSi_I2C
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorAV
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorV
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICCS
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\igfx
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IKEEXT
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intaud_WaveExtensible
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Intel® Capability Licensing Service Interface
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Intel® ME Service
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelHaxm
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelide
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelpep
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPMIDRV
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNAT
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iScsiPrt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iwdbus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jhi_service
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdclass
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdnic
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyIso
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecDD
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecPkg
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksthunk
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KtmRm
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lfsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lltdio
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lltdsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmhosts
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMS
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS2
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS3
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SSS
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSM
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MAUSBMIDISPORT
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MaxthonUpdateSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMFarflt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtection
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMWebProtection
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\megasas
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\megasr
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MEIx64
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MIDISPORTAudioDevMon
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mlkumidi
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MMCSS
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Modem
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\monitor
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouclass
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mountmgr
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MozillaMaintenance
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb10
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb20
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsBridge
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msfs
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msgpiowin32
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mshidkmdf
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mshidumdf
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msisadrv
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSiSCSI
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSKSSRV
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsLldp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPCLOCK
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsRPC
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTEE
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTConfig
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mvumis
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MxService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NativeWifiP
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NcaSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NcbService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NcdAutoSetup
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisCap
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisImPlatform
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisVirtualBus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWanLegacy
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndu
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nero BackItUp Scheduler 4.0
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netprofm
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netvsc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npsvctrig
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsi
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsiproxy
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfs
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTI BackupNowEZSvr
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTIDrvr
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvraid
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvstor
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nv_agp
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Origin Client Service
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2pimsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2psvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partmgr
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PcaSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pci
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pciide
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcmcia
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcw
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdc
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PEAUTH
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfHost
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pla
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PMBDeviceInfoProvider
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPAutoReg
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Power
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PrintNotify
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Processor
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Psched
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVE
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVEdrv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAgileVpn
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasPppoe
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasSstp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdbss
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpbus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDR
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RdpVideoMiniport
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdyboost
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReFS
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcEptMapper
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rspndr
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTL8168
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s3cap
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbp2port
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScDeviceEnum
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scfilter
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCMNdisP
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCPolicySvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdbus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdstor
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensrSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SerCx
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SerCx2
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serenum
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serial
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sermouse
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SessionEnv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfloppy
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiSRaid2
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiSRaid4
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SkypeUpdate
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smphost
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMPTRAP
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SOHDms
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SOHDs
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spaceport
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpbCx
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\speedfan
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpfService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppsvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srv
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srv2
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvnet
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STacSV
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Start Menu Logon Manager
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Steam Client Service
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stexstor
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STHDA
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storflt
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stornvme
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StorSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storvsc
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swenum
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swprv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemEventsBroker
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletInputService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipreg
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TechSmith Uploader Service
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\terminpt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\THREADORDER
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbFlt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbGD
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tunnel
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uagp35
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UASPStor
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UBHelper
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UCX01000
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\udfs
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UEFI
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UI0Detect
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uliagpkx
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\umbus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmPass
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmRdpService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UNS
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbaudio
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbcir
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBHUB3
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbohci
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbuhci
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbvideo
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBXHCI
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb_rndisx
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VaultSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxDrv
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxNetAdp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxNetLwf
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxUSB
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxUSBMon
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrvroot
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vds
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VerifierExt
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhdmp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\viaide
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmbus
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMBusHID
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicguestinterface
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicheartbeat
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmickvpexchange
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicrdv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicshutdown
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmictimesync
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicvss
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volmgr
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volmgrx
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volsnap
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpci
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsmraid
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSTXRAID
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater40.3.8
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwifibus
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwififlt
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwifimp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w3logsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WacomPen
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarpv6
    Start    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WAS
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WbioSrvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wcmsvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcncsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WcsPlugInService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wdf01000
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiServiceHost
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiSystemHost
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wercplsupport
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WFPLWFS
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WiaRpc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WIMMount
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinUSB
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WlanSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wlidsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiAcpi
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmiApSrv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMZuneComm
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wof
    Start    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\workfolderssvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wpcfltr
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPCSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPDBusEnum
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpdUpFltr
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2ifsl
    Start    REG_DWORD    0x4
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSService
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSWNDA3100v2
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport
    Start    REG_DWORD    0x2
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WudfPf
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WUDFRd
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WUDFSensorLP
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wudfsvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WUDFWpdFs
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WUDFWpdMtp
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WwanSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZuneNetworkSvc
    Start    REG_DWORD    0x3
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZuneWlanCfgSvc
    Start    REG_DWORD    0x3
 
End of search: 531 match(es) found.
 
 
========= End of Reg: =========
 
 
========= Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations" =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1878577048-805392268-2015328708-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-DxpTaskRingtone/Analytic. The system cannot find the file specified.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64237215 B
Java, Flash, Steam htmlcache => 163530789 B
Windows/system/drivers => 3963196733 B
Edge => 0 B
Chrome => 657173662 B
Firefox => 481921470 B
Opera => 1182056562 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 598324 B
NetworkService => 6894 B
Justan => 502925556 B
Natalie => 0 B
Games => 0 B
Kids => 80111108 B
 
RecycleBin => 712939910 B
EmptyTemp: => 7.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:55:24 ====


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:29 PM

Posted 31 October 2017 - 05:26 PM

There are no rootkits. Are you able to boot in Normal Mode? If you don't, whats the error message?

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Edited by JSntgRvr, 31 October 2017 - 05:28 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 31 October 2017 - 07:02 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64 
Ran by Justan (Administrator) on Tue 10/31/2017 at 19:50:12.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 21 
 
Failed to delete: C:\Program Files (x86)\Common Files\avg secure search\vtoolbarupdater (Folder) 
Failed to delete: C:\Program Files\reviversoft (Folder) 
Successfully deleted: C:\ProgramData\alawarwrapper (Folder) 
Successfully deleted: C:\ProgramData\avg security toolbar (Folder) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\ProgramData\reviversoft (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\desktopplay (Folder) 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\Users\Justan\AppData\Local\alawarwrapper (Folder) 
Successfully deleted: C:\Users\Justan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fjpdnoojnohifgekbkmnfbiobhcbedka (Folder) 
Successfully deleted: C:\Users\Justan\AppData\Roaming\alawarentertainment (Folder) 
Successfully deleted: C:\Users\Justan\Desktop\free games.lnk (Shortcut) 
Successfully deleted: C:\Users\Justan\Documents\add-in express (Folder) 
Successfully deleted: C:\users\Public\Documents\alawarwrapper (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Google Update (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\alawar (Folder) 
Successfully deleted: C:\Program Files (x86)\opensoftwareupdater (Folder) 
Successfully deleted: C:\Users\Justan\desktop\Continue installation .lnk (File) 
 
Deleted the following from C:\Users\Justan\AppData\Roaming\Mozilla\Firefox\Profiles\0l6btq3y.default\prefs.js
user_pref(extensions.VS1ha9XmkK4yZ2Db.scode, (function(){try{if(window.location.href.indexOf(\rjCErTa6rHU9qjaFqdn5qTw4qdk\)>-1){return;}}catch(e){}try{var d=[[\investkin
user_pref(extensions.Ydk4T1WAo6HIo9LC.scode, (function(){try{if(window.location.href.indexOf(\rjCErTa6rHU9qjaFqdn5qTw4qdk\)>-1){return;}}catch(e){}try{var d=[[\investkin
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\vToolbarUpdater40.3.8 (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/31/2017 at 19:56:12.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 31 October 2017 - 07:21 PM

And finally....

 

 

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 01 00:13:48 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 8.1 (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: WtuSystemSupport
 
 
***** [ Folders ] *****
 
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Deleted: C:\ProgramData\AVG Secure Search
Deleted: C:\ProgramData\Application Data\AVG Secure Search
Deleted: C:\Program Files\Common Files\AVG Secure Search
Deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted: C:\Users\All Users\AVG Secure Search
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yahoo!\Companion
Deleted: C:\ProgramData\avg web tuneup
Deleted: C:\ProgramData\Application Data\avg web tuneup
Deleted: C:\Program Files\avg web tuneup
Deleted: C:\Program Files (x86)\avg web tuneup
Deleted: C:\Users\All Users\avg web tuneup
Deleted: C:\Users\Justan\AppData\Local\avg web tuneup
Deleted: C:\Users\Kids\AppData\Local\avg web tuneup
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Program Files (x86)\Auslogics
Deleted: C:\Users\All Users\Auslogics
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\WebBar
Deleted: [Key] - HKLM\SOFTWARE\AVG Secure Search
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\.DEFAULT\Software\Yahoo\Companion
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-18\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\.DEFAULT\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-18\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Tinstalls
Deleted: [Key] - HKCU\Software\Microsoft\Tinstalls
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajaNetEn
Deleted: [Key] - HKLM\SOFTWARE\AVG Tuneup
Deleted: [Key] - HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\TrustedStart
Deleted: [Key] - HKCU\Software\TrustedStart
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{79F768ED-0B12-42EF-8257-36751A0ECF3A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{82025773-B1B0-497B-B942-0171A2E42C3C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E98F6ADA-0655-45F4-9141-9F7A18C5B46B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Value] - HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Itibiti.exe
Deleted: [Value] - HKU\S-1-5-21-1878577048-805392268-2015328708-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Optimizer Pro
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConsumerInputUpdate.exe
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C015D269-0F4E-4B52-A91F-721F6DAC9437}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{3601b5c5-5255-4dc9-ad46-2951e225f22e}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{a6da7c31-adfa-4531-a681-ff2c75c340f1}
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{6EB4A4C0-6036-4D2E-B010-20707C4B62E8}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [7241 B] - [2017/11/1 0:10:23]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:29 PM

Posted 01 November 2017 - 09:34 AM

Did you run these applications in normal mode?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 01 November 2017 - 10:10 AM

Yes, I sure did. Sorry, I forgot to mention that.

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:29 PM

Posted 01 November 2017 - 02:15 PM

C:\User\Downloads\[software].exe

The extended attributes are inconsistent.

 


How about instances of this error?

 

  • Highlight the entire content of the quote box below.

Start::  
S2 Start Menu Logon Manager; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [764672 2016-07-25] (ReviverSoft)
C:\Program Files\ReviverSoft
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 01 November 2017 - 02:59 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017
Ran by Justan (01-11-2017 15:49:45) Run:4
Running from G:\
Loaded Profiles: Justan (Available Profiles: Justan & Natalie & Games & Kids)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S2 Start Menu Logon Manager; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [764672 2016-07-25] (ReviverSoft)
C:\Program Files\ReviverSoft
 
*****************
 
Start Menu Logon Manager => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Start Menu Logon Manager => key removed successfully
Start Menu Logon Manager => service removed successfully
C:\Program Files\ReviverSoft => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 15:49:51 ====


#13 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 01 November 2017 - 03:00 PM

I posted my FRST log above. 

 

So far, I haven't run into that error message anymore. I've been able to run several of my usual programs (including my usual browser) without any error messages or hesitations.

 

 

I'm curious, is Start Menu Reviver the culprit in all this? Or is it a very vulnerable program? I never would have guessed, as I've been using it since 2013 (when I first got this computer, and discovered that Win 8 didn't have the start menu). 


Edited by TheRealJustan, 01 November 2017 - 03:01 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:29 PM

Posted 01 November 2017 - 04:29 PM

I will contact the developer as it is targeted by JRT. Will get back to you on that.

 

Please run a scan with Malwarebytes Antimalware and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 01 November 2017 - 04:56 PM

Alrighty. I'm running a scan now. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users