Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware is blocking antivirus programs, windows update, and system restore


  • This topic is locked This topic is locked
8 replies to this topic

#1 bantadant

bantadant

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 14 November 2017 - 06:39 PM

So I managed to get my PC infected by a virus/malware, and I'm having a lot of trouble removing it. I'm running Windows 10 (build 14393), and the malware has blocked the majority of anti-virus programs from opening at all, including Avast, Panda Antivirus, and Combofix. Hitman pro and Spybot found and removed some things, but not everything. Additionally it won't allow System Restore or Windows Update to open at all (nothing happens when I try to open them). The "startup" tab of task manager lists the following suspicious entries: Bedding (5 times), Spawning, and Program. I've disabled all of them manually and have been able to get windows defender to run. After running a scan with it it found some items and removed them, but the suspicious items still appear in the startup tab, and I still cannot open system restore or many antivirus programs.

 

 

I've also tried the following troubleshooting steps:

1. The sfc /scannow command - says it found corrupt files, but was unable to fix some.

2. The dism.exe /restorehealth command - runs completely, then gives an error message "the source files could not be found."

3. Restoring Windows 10 from windows ISO- installation completed and then gives a "the installation has failed" error

4. Restoring Windows 10 from a bootable USB drive - gives an error saying the "drive is locked." I tried using the various bootrec commands to fix this, but /fixmbr and /fixboot returned errors and /rebuildbcd looks like it completed successfully, but didnt' seem to solve the issues at all.

 

 

I can use my computer for most of the other functions, but until I'm not too comfortable using it until I can be sure that I've cleaned everything out.

I'm open to suggestions at this point, and would prefer to not have to format the entire hard drive if I don't have to, but at this point I'm beginning to face the fact that I might have to.

Any help at all would be appreciated.

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Admin (administrator) on NEWBOX (14-11-2017 18:25:48)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Eddo & Admin & Ali Lee & DefaultAppPool (Available Profiles: Eddo & Admin & Ali Lee & DefaultAppPool)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\sndmtbisvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [deciphered] => "C:\Program Files (x86)\Lik\bedding.exe"
HKLM\...\Run: [deciphereddeciphered] => "C:\Program Files (x86)\Biome\bedding.exe"
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1009632 2016-08-08] (DivX, LLC)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-08-11] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-18] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-08-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sublimate] => "C:\Program Files (x86)\Lik\bedding.exe"
HKLM-x32\...\Run: [sublimatesublimate] => "C:\Program Files (x86)\Biome\bedding.exe"
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [ConnectionCenter] => C:\Users\Eddo\AppData\Local\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [Google Update] => C:\Users\Eddo\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [Spotify Web Helper] => C:\Users\Eddo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-09-20] (Spotify Ltd)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [MusicManager] => C:\Users\Eddo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [hola] => C:\Users\Eddo\AppData\Local\Hola\local\app\hola.exe [2032256 2015-09-11] (Hola Networks Ltd.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [f.lux] => C:\Users\Eddo\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [Spotify] => C:\Users\Eddo\AppData\Roaming\Spotify\Spotify.exe [6987376 2017-09-20] (Spotify Ltd)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-08-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [Power2GoExpress9] => C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe [2397448 2014-08-11] (CyberLink Corp.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [edifying] => "C:\Program Files (x86)\Lik\bedding.exe"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [spawning] => "C:\Program Files (x86)\tale\spawning.exe"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3272754585-3740627633-2259465754-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{03a1cdfd-ec20-4cfb-8524-88bdf8f9b549}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{a8afc462-1796-4c3c-920e-c893bd6cc6d1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a9cca449-382a-4abf-bd01-9cb0a2e5fff0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c2309898-9089-4e28-bca1-a40e9ba078f9}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3272754585-3740627633-2259465754-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001 -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D07B22BD-C41B-4319-9D53-D698BCE9CFB8}&mid=340025ac192847d2a1e3dd1de3fc6123-686c2d0449b7781943b819dec29e820457781fb9&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-11 09:56:35&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3272754585-3740627633-2259465754-1002 -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3272754585-3740627633-2259465754-1003 -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3272754585-3740627633-2259465754-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-07] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-11-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\52ilfs6f.default [2017-11-14]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\52ilfs6f.default ->
FF Homepage: Mozilla\Firefox\Profiles\52ilfs6f.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\52ilfs6f.default -> type", 0
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\52ilfs6f.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-10-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-08-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-08-08] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-09-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3272754585-3740627633-2259465754-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Eddo\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3272754585-3740627633-2259465754-1001: @hola.org/FlashPlayer -> C:\Users\Eddo\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-12-19] ()
FF Plugin HKU\S-1-5-21-3272754585-3740627633-2259465754-1001: @hola.org/vlc -> C:\Users\Eddo\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-12-19] (Hola)
FF Plugin HKU\S-1-5-21-3272754585-3740627633-2259465754-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Eddo\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-3272754585-3740627633-2259465754-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Eddo\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-12]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-12]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-12]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-25] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2013-08-19] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Creative Technology Ltd.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] () [File not signed]
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
S3 CpqDfw; C:\WINDOWS\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [33792 2017-02-13] (Creative Technology Ltd)
S3 CXCVBS; C:\WINDOWS\system32\drivers\cxCVBS.sys [252544 2015-11-26] (Conexant Systems, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-08-23] (Disc Soft Ltd)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-11-13] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
S3 MFE_RR; C:\Users\Admin\AppData\Local\Temp\mfe_rr.sys [24120 2017-11-13] (McAfee, Inc.) <==== ATTENTION
R1 MpKslcc42f25b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73F3804E-7ECD-48A3-A90F-DBEAD494AC96}\MpKslcc42f25b.sys [58120 2017-11-14] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103824 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-16] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120208 2015-07-16] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112536 2015-07-16] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-16] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309648 2015-07-16] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179608 2015-07-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-16] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-16] (Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-18] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [173464 2015-07-21] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130968 2015-07-21] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207256 2015-07-21] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133528 2015-07-21] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [143768 2015-07-21] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117144 2015-07-21] (Panda Security, S.L.)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-10-29] ()
S1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-10-29] ()
S1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700680 2014-10-29] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-13] (Zemana Ltd.)
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
R3 udiskMgr; system32\drivers\xbehko.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-14 18:25 - 2017-11-14 18:25 - 002392576 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2017-11-14 18:25 - 2017-11-14 18:25 - 000034967 _____ C:\Users\Admin\Downloads\FRST.txt
2017-11-14 18:23 - 2017-11-14 18:23 - 000000000 ____D C:\Users\Admin\SecurityScans
2017-11-14 18:22 - 2017-11-14 18:22 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2017-11-14 18:22 - 2017-11-14 18:22 - 000001153 _____ C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2017-11-14 18:22 - 2017-11-14 18:22 - 000000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2017-11-14 18:21 - 2017-11-14 18:21 - 001818624 _____ C:\Users\Admin\Downloads\MBSASetup-x64-EN.msi
2017-11-14 18:07 - 2017-11-14 18:07 - 001048576 _____ C:\deftlbase.sdb
2017-11-14 18:07 - 2017-11-14 18:07 - 000016384 _____ C:\deftlbase.jfm
2017-11-14 17:59 - 2017-11-14 17:59 - 000000475 _____ C:\reset.cmd
2017-11-14 17:58 - 2017-11-14 17:58 - 000379392 _____ C:\Users\Admin\Downloads\subinacl.msi
2017-11-14 17:53 - 2017-11-14 17:53 - 000002952 _____ C:\WINDOWS\system32\exportedreg.reg
2017-11-14 17:51 - 2017-11-14 17:52 - 000156663 _____ C:\Users\Admin\Downloads\Regdelnull.zip
2017-11-14 17:03 - 2017-11-14 16:59 - 085420032 _____ C:\Users\Admin\Desktop\en_Windows_10_1607_build_14393_x64_dvd.iso
2017-11-14 16:20 - 2017-11-14 18:13 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-14 16:16 - 2017-11-14 16:16 - 000140624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iakhknru.sys
2017-11-14 14:29 - 2017-11-14 14:29 - 000000000 ____D C:\EFI
2017-11-13 22:50 - 2017-11-13 22:50 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw514669efde8bcf1a.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6ddf18a70edd122f.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3de362ad6bb95713.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswdbfa87a2b3d71120.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw1413cd5effda0c50.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9b30b7b378bb06e7.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswa8e6b5ebf6de968f.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9f1669824a0dd934.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1776d3ed1688aa36.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe7cd4eb913b36fd5.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5dba4157fb8464e2.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-13 22:50 - 2017-11-13 22:50 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw9aff3e91973400b5.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw151e6fc1dafce570.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software
2017-11-13 22:49 - 2017-11-13 22:50 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-13 22:49 - 2017-11-13 22:49 - 007176464 _____ (AVAST Software) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
2017-11-13 22:49 - 2017-11-13 22:49 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-13 21:33 - 2017-11-13 21:34 - 000000000 _____ C:\Recovery.txt
2017-11-13 19:09 - 2017-11-13 19:09 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-11-13 19:07 - 2017-11-14 16:22 - 000000000 ____D C:\Program Files (x86)\Avira
2017-11-13 18:59 - 2017-11-13 18:59 - 000000000 ___HD C:\$Windows.~WS
2017-11-13 18:58 - 2017-11-13 22:53 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-13 18:58 - 2017-11-13 18:58 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\Documents\hp.system.package.metadata
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\Documents\hp.applications.package.appdata
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2017-11-13 18:54 - 2017-11-13 18:54 - 000002952 _____ C:\WINDOWS\system32\mmc.reg
2017-11-13 18:52 - 2017-11-13 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-11-13 18:52 - 2017-11-13 18:52 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-11-13 18:50 - 2017-11-13 18:50 - 000000388 _____ C:\Users\Admin\Downloads\List.txt
2017-11-13 18:50 - 2017-11-13 18:50 - 000000379 _____ C:\Users\Admin\Downloads\gpedit-enabler.bat
2017-11-13 18:49 - 2017-11-13 18:49 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-13 18:48 - 2017-11-14 16:16 - 123469824 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-11-13 18:44 - 2017-11-13 18:48 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-11-13 18:44 - 2017-11-13 18:44 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-11-13 18:40 - 2017-11-13 18:43 - 000000734 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-11-13 18:40 - 2017-11-13 18:40 - 000000000 ____D C:\Windows10Upgrade
2017-11-13 18:30 - 2017-11-13 18:30 - 000000000 ____D C:\Users\Eddo\AppData\Local\rarctbd
2017-11-13 17:38 - 2017-11-13 17:38 - 005908597 _____ C:\Users\Admin\Downloads\PCHunter_free.zip
2017-11-13 17:37 - 2017-11-13 17:37 - 001020640 _____ C:\Users\Admin\Downloads\antirootkit.exe
2017-11-13 17:37 - 2017-11-13 17:37 - 000784152 _____ (McAfee, Inc.) C:\Users\Admin\Downloads\rootkitremover.exe
2017-11-13 17:37 - 2017-11-13 17:37 - 000000000 ____D C:\Users\Admin\Pavark
2017-11-13 17:30 - 2017-11-13 17:30 - 010211512 _____ (Simply Super Software ) C:\Users\Admin\Downloads\trjsetup695.exe
2017-11-13 17:30 - 2017-11-13 17:30 - 000000000 ____D C:\ProgramData\Simply Super Software
2017-11-13 17:27 - 2017-11-13 17:27 - 000313366 _____ C:\Users\Admin\Downloads\WindowsUpdate.diagcab
2017-11-13 16:48 - 2017-11-14 17:19 - 000061831 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-13 16:48 - 2017-11-13 16:48 - 000002900 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-13 16:47 - 2017-11-13 16:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-11-13 16:47 - 2017-11-13 16:47 - 000000000 ____D C:\Users\Admin\AppData\Local\Zemana
2017-11-13 16:46 - 2017-11-14 18:25 - 000000000 ____D C:\FRST
2017-11-13 16:44 - 2017-11-13 16:44 - 000005690 _____ C:\WINDOWS\system32\.crusader
2017-11-13 16:41 - 2017-11-13 16:41 - 000000000 ____D C:\Windows.old
2017-11-13 16:40 - 2017-11-13 16:45 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-11-13 16:39 - 2017-11-13 16:44 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-13 16:38 - 2017-11-13 16:39 - 011584088 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2017-11-13 16:35 - 2017-11-13 16:35 - 000388608 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HijackThis.exe
2017-11-13 16:32 - 2017-11-13 16:32 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\55546216.sys
2017-11-13 16:30 - 2017-11-13 16:30 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5F743713.sys
2017-11-13 16:28 - 2017-11-13 16:31 - 000000335 _____ C:\local.conf
2017-11-13 16:27 - 2017-11-13 16:32 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-13 16:27 - 2017-11-13 16:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-13 16:27 - 2017-11-13 16:27 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\45271761.sys
2017-11-13 16:26 - 2017-11-13 16:26 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.10.3.1001.exe
2017-11-13 15:15 - 2017-11-13 19:10 - 000000000 ____D C:\ESD
2017-11-13 05:04 - 2017-11-13 05:04 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-11-13 05:04 - 2017-11-13 05:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-12 21:56 - 2017-11-13 17:20 - 000000000 ____D C:\WINDOWS\pss
2017-11-12 21:56 - 2017-11-13 17:19 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-12 21:50 - 2017-11-13 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2017-11-12 21:34 - 2017-11-12 21:35 - 110507280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\msert.exe
2017-11-12 21:32 - 2017-11-12 21:32 - 007787776 _____ C:\Users\Admin\Downloads\spybotsd_includes.exe
2017-11-12 21:30 - 2017-11-13 05:04 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-12 21:11 - 2017-11-12 21:11 - 000000000 ____D C:\WINDOWS\XSxS
2017-11-12 20:47 - 2017-11-12 20:47 - 000000000 ____D C:\SUPERDelete
2017-11-12 20:31 - 2017-11-12 20:31 - 000000000 ____D C:\Users\Admin\AppData\Local\spcmonz
2017-11-12 20:30 - 2017-11-12 20:30 - 000000000 ____D C:\Users\Admin\AppData\Local\UNP
2017-11-12 20:27 - 2017-11-14 18:23 - 000003292 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{714003FF-337E-401A-9E17-6A2001B78F13}
2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-12 20:22 - 2017-11-12 20:22 - 000003236 _____ C:\WINDOWS\System32\Tasks\{9EC98E1E-D577-4063-A101-7F2CD421FDBF}
2017-11-12 20:20 - 2017-11-12 20:20 - 000000004 _____ C:\ProgramData\rwi.aead
2017-11-12 20:15 - 2017-11-14 16:19 - 002883072 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sndmtbisvc.exe
2017-11-12 20:15 - 2017-11-13 22:47 - 000000000 ____D C:\ProgramData\daeaService
2017-11-12 20:15 - 2017-11-13 22:45 - 000000000 ____D C:\WINDOWS\newbox
2017-11-12 20:15 - 2017-11-13 16:44 - 000000000 ____D C:\Users\Eddo\AppData\Local\atdbixh
2017-11-12 20:15 - 2017-11-13 05:01 - 000000000 ____D C:\Users\Admin\AppData\Local\gxvr
2017-11-12 20:15 - 2017-11-12 20:15 - 000187904 _____ C:\WINDOWS\rsrcs.dll
2017-11-12 20:15 - 2017-11-12 20:15 - 000000020 _____ C:\WINDOWS\b30569534
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\WINDOWS\SysWOW64\updzbmr
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\WINDOWS\system32\updzbmr
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\Users\Admin\AppData\Roaming\et
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\Program Files (x86)\illustration
2017-11-12 09:26 - 2017-11-12 09:26 - 000000000 ____D C:\Users\Eddo\AppData\LocalLow\BabaYaga
2017-11-12 08:13 - 2017-11-12 08:13 - 000000000 ____D C:\Users\Eddo\AppData\Roaming\RenPy
2017-11-09 20:19 - 2017-11-09 20:19 - 000051645 _____ C:\WINDOWS\uninstaller.dat
2017-11-09 20:19 - 2017-11-09 20:19 - 000014040 _____ C:\WINDOWS\system32\Drivers\47aea898991419bbf3677c6a085c459b.sys
2017-11-04 15:40 - 2017-11-04 15:40 - 000000000 ____D C:\Users\Public\Documents\uPlay
2017-10-24 18:16 - 2017-10-24 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-10-24 16:51 - 2017-10-24 16:51 - 000000789 _____ C:\Users\Public\Desktop\A Hat in Time.lnk
2017-10-21 17:48 - 2017-10-21 17:48 - 000000000 ____D C:\Users\Eddo\AppData\Roaming\Camera Bits, Inc
2017-10-20 18:27 - 2017-10-20 18:27 - 000000000 ____D C:\Users\Admin\AppData\Roaming\LucasArts
2017-10-20 18:27 - 2017-10-20 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-18 12:10 - 2017-10-18 12:10 - 000002195 _____ C:\Users\Eddo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-10-17 16:58 - 2017-10-17 16:58 - 000000000 ____D C:\Users\Eddo\Documents\Garmin
2017-10-17 16:57 - 2017-10-17 17:21 - 000000000 ____D C:\ProgramData\Garmin
2017-10-17 16:57 - 2017-10-17 16:57 - 000000000 ____D C:\Users\Eddo\AppData\Local\Garmin_Ltd._or_its_subsid
2017-10-17 16:57 - 2017-10-17 16:57 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Garmin
2017-10-17 16:57 - 2017-10-17 16:57 - 000000000 ____D C:\Users\Admin\AppData\Local\Garmin_Ltd._or_its_subsid

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-14 18:23 - 2016-08-11 02:47 - 000000000 ____D C:\Users\Admin
2017-11-14 18:18 - 2016-04-02 13:15 - 000000000 ____D C:\Users\Admin\AppData\Local\ClassicShell
2017-11-14 18:13 - 2016-08-11 06:45 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-14 18:13 - 2016-08-11 02:54 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-11-14 18:13 - 2016-08-11 02:54 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-11-14 17:32 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 17:20 - 2016-08-11 02:47 - 004586134 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-14 17:11 - 2016-08-11 02:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-14 17:04 - 2014-08-23 11:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-11-14 16:30 - 2017-04-14 18:55 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-11-14 16:22 - 2017-05-26 15:58 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-14 16:22 - 2013-08-24 16:59 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-14 16:19 - 2016-08-11 02:46 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-14 16:16 - 2016-07-16 01:04 - 023855104 _____ C:\WINDOWS\system32\config\HARDWARE
2017-11-14 16:15 - 2016-07-16 01:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-14 15:28 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\Registration
2017-11-14 15:26 - 2016-08-11 02:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-14 14:30 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-14 14:29 - 2016-07-16 06:47 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-13 22:53 - 2017-04-14 18:54 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-13 22:53 - 2014-07-15 10:39 - 000397324 _____ C:\WINDOWS\Minidump\111317-7656-01.dmp
2017-11-13 19:24 - 2014-12-20 13:49 - 000000000 ____D C:\Users\Admin\AppData\Local\Adobe
2017-11-13 18:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-13 18:52 - 2016-08-11 06:42 - 000000000 ____D C:\inetpub
2017-11-13 18:52 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-11-13 18:52 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-11-13 18:49 - 2016-02-03 17:51 - 000000000 ____D C:\Users\Eddo\AppData\Local\ClassicShell
2017-11-13 18:45 - 2017-04-15 03:44 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F0CE2ED7-6686-4167-BCF5-1757C04DDD0F}
2017-11-13 18:45 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\security
2017-11-13 18:45 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-13 18:45 - 2016-07-16 06:44 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2017-11-13 18:45 - 2016-07-16 06:44 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2017-11-13 18:45 - 2016-07-16 06:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2017-11-13 18:45 - 2016-07-16 06:44 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2017-11-13 18:45 - 2016-07-16 06:43 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000147439 _____ C:\WINDOWS\system32\gpedit.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000120458 _____ C:\WINDOWS\system32\secpol.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2017-11-13 18:45 - 2016-07-16 06:43 - 000043566 _____ C:\WINDOWS\SysWOW64\rsop.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000043566 _____ C:\WINDOWS\system32\rsop.msc
2017-11-13 18:44 - 2014-08-18 15:46 - 000000000 ____D C:\Users\Eddo\AppData\Local\Adobe
2017-11-13 18:16 - 2017-04-27 17:10 - 000003678 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001UA
2017-11-13 18:16 - 2017-04-27 17:10 - 000003410 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001Core
2017-11-13 17:31 - 2014-03-26 14:27 - 000000000 ____D C:\ProgramData\Temp
2017-11-13 17:28 - 2015-06-01 17:52 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2017-11-13 16:32 - 2014-07-15 10:39 - 000403500 _____ C:\WINDOWS\Minidump\111317-7015-01.dmp
2017-11-13 16:30 - 2014-08-18 15:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-13 16:27 - 2014-07-15 10:39 - 000396204 _____ C:\WINDOWS\Minidump\111317-6828-01.dmp
2017-11-13 16:11 - 2016-07-16 01:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-12 22:10 - 2017-07-29 11:51 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-11-12 21:56 - 2016-09-02 21:52 - 000000000 ____D C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform
2017-11-12 21:51 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-12 21:51 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-12 21:23 - 2014-07-15 10:39 - 000398900 _____ C:\WINDOWS\Minidump\111217-7515-01.dmp
2017-11-12 21:13 - 2017-09-06 17:38 - 000000000 ____D C:\Program Files\KMSpico
2017-11-12 20:59 - 2014-03-26 14:23 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-11-12 20:58 - 2016-08-11 18:16 - 000544424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-12 20:43 - 2017-10-11 09:37 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-12 20:43 - 2014-08-18 16:49 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-12 20:37 - 2014-08-18 15:47 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-12 20:30 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-12 20:30 - 2014-08-18 15:45 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-12 20:30 - 2014-08-18 15:44 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-12 20:30 - 2014-08-18 15:44 - 000001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-12 20:29 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\Comms
2017-11-12 20:29 - 2014-08-18 15:45 - 000002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-12 20:27 - 2015-12-27 22:58 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft Toolkit
2017-11-12 20:24 - 2014-08-18 15:52 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-12 20:21 - 2014-12-25 15:31 - 000000000 ____D C:\Program Files (x86)\Logitech
2017-11-12 20:21 - 2014-12-25 15:25 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-11-12 20:20 - 2017-07-29 11:51 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3272754585-3740627633-2259465754-1002
2017-11-12 20:20 - 2017-07-29 11:51 - 000000000 ____D C:\Users\Admin\AppData\Local\NVIDIA Corporation
2017-11-12 20:20 - 2015-09-19 19:28 - 000002407 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-12 20:20 - 2015-09-19 19:28 - 000000000 ___RD C:\Users\Admin\OneDrive
2017-11-12 20:19 - 2016-08-11 02:47 - 000000000 ____D C:\Users\Eddo
2017-11-12 20:19 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-12 20:19 - 2014-08-18 14:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-12 19:13 - 2014-09-08 19:33 - 000001700 _____ C:\Users\Eddo\Info.txt
2017-11-12 06:59 - 2017-06-30 13:34 - 000000000 ____D C:\Users\Eddo\AppData\Local\CrashDumps
2017-11-08 17:47 - 2014-08-18 15:24 - 000000000 ____D C:\Users\Eddo\AppData\Local\Packages
2017-11-07 21:33 - 2017-04-06 20:19 - 000000638 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job
2017-11-07 21:33 - 2017-04-06 20:19 - 000000542 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job
2017-11-07 06:06 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-07 06:05 - 2017-09-06 17:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-04 21:26 - 2017-07-08 20:05 - 000000000 ____D C:\Users\Eddo\AppData\Local\GoToMeeting
2017-11-04 21:23 - 2017-04-21 22:57 - 000003788 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001
2017-11-04 21:23 - 2017-04-21 22:57 - 000003692 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001
2017-11-04 19:47 - 2016-07-16 06:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 19:47 - 2016-07-16 06:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 15:39 - 2014-12-31 21:43 - 000000000 ____D C:\Users\Eddo\Documents\My Games
2017-11-03 09:38 - 2017-09-29 09:50 - 000000000 ____D C:\Program Files\rempl
2017-11-02 22:56 - 2017-08-06 10:51 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3272754585-3740627633-2259465754-1001
2017-11-02 22:56 - 2016-08-11 02:56 - 000002404 _____ C:\Users\Eddo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-02 22:56 - 2015-07-30 04:56 - 000000000 ___RD C:\Users\Eddo\OneDrive
2017-10-30 16:20 - 2016-11-15 19:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-30 16:20 - 2014-08-18 15:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-26 01:32 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 01:32 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 08:29 - 2014-08-23 09:59 - 000000000 ____D C:\Users\Eddo\AppData\Roaming\Skype
2017-10-24 18:16 - 2016-02-20 09:17 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-10-24 18:16 - 2014-08-18 15:48 - 000000000 ____D C:\ProgramData\Skype
2017-10-24 16:54 - 2017-04-15 14:13 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-10-21 20:25 - 2017-02-12 13:45 - 000000000 ____D C:\Users\Eddo\Documents\Square Enix
2017-10-21 17:59 - 2014-03-26 14:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-18 18:16 - 2014-08-18 15:50 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-10-17 16:57 - 2016-02-08 16:17 - 000000000 ____D C:\Program Files\DIFX

==================== Files in the root of some directories =======

2015-09-19 18:12 - 2015-09-19 18:12 - 000000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2017-02-23 19:30 - 2017-02-23 19:30 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-11-12 20:20 - 2017-11-12 20:20 - 000000004 _____ () C:\ProgramData\rwi.aead

Files to move or delete:
====================
C:\Users\Eddo\caffeine.exe


Some files in TEMP:
====================
2017-08-21 20:54 - 2017-08-21 20:54 - 052961424 _____ (WeMod) C:\Users\Eddo\AppData\Local\Temp\Infinity-Setup.exe
2017-10-24 18:15 - 2017-10-24 18:15 - 058881488 _____ (Skype Technologies S.A.) C:\Users\Eddo\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-05 08:17

==================== End of FRST.txt ============================

 

 

 

 

Addition.txt Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Admin (14-11-2017 18:26:12)
Running from C:\Users\Admin\Downloads
Windows 10 Home Version 1607 14393.1770 (X64) (2016-08-11 07:55:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3272754585-3740627633-2259465754-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3272754585-3740627633-2259465754-500 - Administrator - Disabled)
Ali Lee (S-1-5-21-3272754585-3740627633-2259465754-1003 - Limited - Enabled) => C:\Users\Ali Lee
DefaultAccount (S-1-5-21-3272754585-3740627633-2259465754-503 - Limited - Disabled)
Eddo (S-1-5-21-3272754585-3740627633-2259465754-1001 - Limited - Enabled) => C:\Users\Eddo
Guest (S-1-5-21-3272754585-3740627633-2259465754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3272754585-3740627633-2259465754-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Hat in Time (HKLM-x32\...\A Hat in Time_is1) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.12 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.63 - NVIDIA Corporation) Hidden
AOMEI Partition Assistant Pro Edition 5.8 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Citrix online plug-in - web (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse Of Monkey Island (HKLM-x32\...\bgbennyboyCMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1827.0 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4502.0 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.83 - DivX, LLC)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dropbox (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EaseUS Data Recovery Wizard 9.0 (HKLM\...\EaseUS Data Recovery Wizard 9.0_is1) (Version:  - EaseUS)
Escape From Monkey Island (HKLM-x32\...\bgbennyboyEMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
EzGrabber version 3.0.1 (HKLM-x32\...\{59D21F0E-EA54-4438-A5B7-7EAD262FD873}_is1) (Version: 3.0.1 - Geniatech)
f.lux (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Flux) (Version:  - f.lux Software LLC)
FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\{E2FA067B-11BC-318B-B325-31127E6243F5}) (Version: 61.0.3163.100 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.16.0.7881 (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\GoToMeeting) (Version: 8.16.0.7881 - LogMeIn, Inc.)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
H&R Block Connecticut 2014 (HKLM-x32\...\{D429DFEE-49DF-4DFD-BE88-7B9D7A147632}) (Version: 1.14.3201 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block New York 2014 (HKLM-x32\...\{28BD4A92-3071-4FF3-8014-05CE6738780D}) (Version: 1.14.9101 - HRB Technology, LLC.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hola™ 1.9.567 - Better Internet (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Hola) (Version: 1.9.567 - Hola Networks Ltd.) <==== ATTENTION
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{A8F5C6B2-203C-4600-89DC-131A4E238A0D}_is1) (Version: 3.0.0.2 - )
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 10.9.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kodi (HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Legacy of Kain (HKLM-x32\...\KainUninstallKey) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Monkey Island 2 - Special Edition (HKLM-x32\...\1425039730_is1) (Version: 2.0.0.10 - GOG.com)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
Mp3tag v2.80 (HKLM-x32\...\Mp3tag) (Version: v2.80 - Florian Heidenreich)
Music Manager (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\MusicManager) (Version:  - Google, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.07 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\{293AA48A-DFC2-4F7D-9ED7-1A0F25CB5368}) (Version: 8.04.00.0000 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Pandora (HKLM-x32\...\{CF73D1C4-4D78-890A-BF35-E275B96E678E}) (Version: 2.0.10 - Pandora Media, Inc) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1) (Version: 2.0.10 - Pandora Media, Inc)
Plex Media Server (HKLM-x32\...\{8DAEC081-781E-42B6-AF13-366D8CEF94A5}) (Version: 0.9.914 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Realterm 2.0.0.70_SignedWrapper (HKLM-x32\...\Realterm) (Version: 2.0.0.70_SignedWrapper - Broadcast Equipment)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
ScummVM (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3815 - SoftMaker Software GmbH)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Spotify (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
techTab_Assistant_v2.5.55.08-beta (HKLM-x32\...\{87B656A6-BB38-49DD-9188-00CB69CE5D82}_is1) (Version:  - Kids Station company)
TigerGame XBOX+PS2+GC Game Controller Adapter (HKLM-x32\...\TigerGame XBOX+PS2+GC Game Controller Adapter) (Version:  - TigerGame.,Ltd)
TigerGame XBOX+PS2+GC Game Controller Adapter 2.0.1.0 (HKLM-x32\...\TigerGame XBOX+PS2+GC Game Controller Adapter_is1) (Version:  - )
Tony Hawk's Pro Skater 2 (HKLM-x32\...\Activision_THPS2UninstallKey) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
USB GamePad (HKLM-x32\...\{B8CDAD75-96FB-48A5-A2AE-6515DDEB7BFA}) (Version: 3.85 - My Company Name)
USB2.0 Audio Capture (HKLM\...\VID_1F4D&PID_0102&MI_00) (Version: 1.0.0.0 - Conexant Systems)
USB2.0 Video Capture (HKLM\...\VID_1F4D&PID_0102&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3272754585-3740627633-2259465754-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt9] -> {4E20B104-5D9F-4E01-A01E-100F08E345C9} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt9.dll [2014-08-11] (Cyberlink)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt9] -> {4E20B104-5D9F-4E01-A01E-100F08E345C9} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt9.dll [2014-08-11] (Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-25] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2017-01-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D03E21-A7DE-4A20-A9B8-2AF8FD90CAEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {064CE729-319E-40D0-952C-4306D5554533} - \AutoKMS -> No File <==== ATTENTION
Task: {06864373-B6BF-400C-9375-A59369DBF66B} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1003 -> No File <==== ATTENTION
Task: {07C63F30-CC61-4DA8-89B4-A32314D4DC2B} - System32\Tasks\AdobeAAMUpdater-1.0-NewBox-Eddo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {0BC6617A-159D-437A-963E-E6D561D5C996} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0E2B8FFB-7E77-49F1-B60F-1A648A255777} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0F28E823-FE89-465F-BB48-C1A380603654} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-11-03] ()
Task: {10D61DAE-0CF7-4C20-97C4-7DB8207F8BD0} - System32\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001 => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupload.exe [2017-11-04] (LogMeIn, Inc.)
Task: {136113AC-4BA9-47D6-929D-B5BAF03B17E0} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {18F12C5E-E31C-4EB8-867B-054FA16A8366} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-12] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D51DE77-DBDA-4768-82FA-892C02CA8F25} - System32\Tasks\{9EC98E1E-D577-4063-A101-7F2CD421FDBF} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\d1adb9266e39469034e2f89762f1b8f3.exe
Task: {3E204E7D-2182-4C66-A53F-5C5869DDF455} - System32\Tasks\Optimize Desktop Icon Cache => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\agent.ini" <==== ATTENTION
Task: {4C1C88A2-DDA6-443D-B9ED-1855F5F1AC5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-16] (Hewlett-Packard)
Task: {51E595E5-E67A-4229-9067-4923488A4019} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-18] (NVIDIA Corporation)
Task: {592F7247-C910-40F8-8682-A55BDD0DED3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {5F796300-5F4C-46EE-9F49-65A0E627725C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {660EC41E-3854-4516-AE33-DF9D0A646C0E} - System32\Tasks\Flexera® Software Manager => C:\Program Files (x86)\Common Files\InstallShield\Update\Agent.exe [2017-04-08] (Flexera Software LLC)
Task: {7C1EE98A-824C-4E88-A1CB-9A1D9AE3A36C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)
Task: {7F30C706-C153-464F-BC3A-552B920C3964} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1001 -> No File <==== ATTENTION
Task: {7FA477BA-A7E9-491A-939E-62E43D2679E5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {81497F1E-196D-435F-9D5C-4B9C75627BCA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {877D634A-1E27-483C-9296-CF4E7A7581DC} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {87C3D208-D26C-4C85-B113-BD0256204B87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {92AB854F-31A0-4985-8B1E-615BF28D6C35} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {94510185-753C-4645-BA79-4286DD81D90A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9716069D-70E7-4E73-BCCC-59BE2C54B132} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9D1DDACC-0270-45CC-A930-7214A72AE3ED} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9EE53C14-9B4A-4075-B784-0A598F7B7284} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A926C06F-073B-40E5-9A48-051918FA19B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AAE18D11-5CB3-46DA-82B9-F8EB31B04B07} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {B3574F1A-D1B6-414F-A8E9-AC48A324F57D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {BB521FCE-9382-4145-BA3C-DDF43FB4F99E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001 => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupdate.exe [2017-11-04] (LogMeIn, Inc.)
Task: {BFCA3808-85D2-450C-A23B-52F9386A721F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C039DBB7-AB4A-4AB3-A28E-3C9F1CEB6ECD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {C2042E4A-3697-4D83-A22C-72A8309E581E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {D0D65A77-E9FF-4AB2-8FB0-1EFE509B7E02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001UA => C:\Users\Eddo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D94F0EB5-2E3F-4294-8E4B-F432D668CE2F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)
Task: {DAACBF0E-C97C-4213-A287-7757FD6FA500} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-500 -> No File <==== ATTENTION
Task: {DDF8CA6E-3D79-4551-8D2C-4E114D9A936A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-18] (NVIDIA Corporation)
Task: {DE4BB2C2-C96E-4EAF-859B-3193F3DF11D5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-18] (NVIDIA Corporation)
Task: {DEC5719F-B261-487F-AE42-88C81592C9FC} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1002 -> No File <==== ATTENTION
Task: {E221193D-DB99-42F7-879D-E11DAC1E8346} - \DivXUpdate -> No File <==== ATTENTION
Task: {E3A65D34-D604-4AD4-A110-B0D56CBD34AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E44025DF-C969-4AE9-B2EE-E95912932F38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {E841D9AD-62AA-4E20-83AE-F6B803B55484} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001Core => C:\Users\Eddo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {ED49DDF9-FF55-4EFB-B909-17F6A371A474} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE5E41DB-91D9-436A-9A07-A548EC040C98} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {F2BE4F06-759C-43C6-B89F-5BD10AF785C8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F3B2CA4C-78B2-40AB-B487-6A2F6A991A70} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-11-03] ()
Task: {F455D802-12AB-49D7-A462-BC26F6A7D545} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {F47C6EA2-66EE-498F-86AA-396C72322CCA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {F6483FEC-E6AE-4830-B236-629613071195} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F87EA494-2CC2-42DE-BD43-E103EA7D6F76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {F978E5B7-EE1F-4365-BA3E-8C1F0FD3DB34} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-18] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-12 20:36 - 2017-09-07 01:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-26 15:58 - 2016-12-29 07:44 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-18 15:47 - 2013-10-23 13:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-26 14:30 - 2013-08-19 19:07 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-05-28 20:45 - 2017-05-18 02:35 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-26 01:52 - 2017-09-26 01:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-09-06 17:12 - 2017-11-07 06:05 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-15 16:46 - 2016-09-06 23:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 12:45 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 12:46 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 12:46 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 12:46 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-11 09:35 - 2017-09-17 21:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-11 09:35 - 2017-09-17 21:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-11 09:35 - 2017-09-17 21:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-18 15:40 - 2016-07-18 15:10 - 000075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-03-26 14:30 - 2013-08-19 19:07 - 000037352 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2017-05-28 20:45 - 2017-05-18 02:35 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-10-18 10:18 - 2013-05-19 22:01 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMediaLibrary.dll
2013-05-20 10:02 - 2013-05-20 10:02 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvcPS.dll
2014-03-26 14:25 - 2013-08-12 04:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-11-13 17:23 - 000000841 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eddo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
HKU\S-1-5-21-3272754585-3740627633-2259465754-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Ali Lee\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "deciphereddeciphered"
HKLM\...\StartupApproved\Run: => "deciphered"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "sublimatesublimate"
HKLM\...\StartupApproved\Run32: => "sublimate"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "ConnectionCenter"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "hola"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\StartupFolder: => "mcreynolds.lnk"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Power2GoExpress9"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "edifying"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Tweakerbit Antimalware"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "spawning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FDF89190-CA68-41A1-8318-8F943FEC0E04}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A7C780A4-3670-47B2-A19E-EE089E1C7504}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{8D0C5515-C04E-4BE8-B0A1-E9D400C87ABF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{A3D67AB2-BA67-4A56-8495-266285BB99A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{81C3FBBD-0B6D-4F89-B08C-27235DAE9038}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{BCCA3EA7-F0B4-43F5-B80D-C4F49B08FBA9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Volgarr\Volgarr.exe
FirewallRules: [{1324F2A2-7331-4191-B818-A7CFB404F45F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Volgarr\Volgarr.exe
FirewallRules: [{380E1544-7737-4E8C-93D2-2E6D05D00214}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA2733CE-7AA7-4ADD-862C-C05EB02197E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4BB72FDF-AAC8-42E8-8BFC-49DF97019DED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFD7A8C5-7821-4DA4-B931-B73562DF3FE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2753BF5C-DD40-4638-B7E4-2C3B394DBC20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{0B26B9EA-D068-482B-B3F9-95A58F72CD87}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{F2A77743-0BC1-4F21-B4D8-E0B5E6D86926}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD3057E7-795B-4D29-96C4-8EF81CC9C04F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9E56579E-33E5-46CC-B37C-763CA8C98220}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4AE585F7-1783-4E67-8F2C-1935920FE5B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{F5BDCDD8-9F7B-4F49-B1B4-63D7F3215C01}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{F619D47C-4AFE-4EAD-999E-75B541E8D27A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{D958C619-BB01-488A-8817-E0757EB82879}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C641A514-C086-4CF1-9475-E5615FD9E023}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{759AA4CB-51EE-402C-BD2A-07346EC4D7E1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{01A89B95-2BAC-4F90-A58B-CBD97F983B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F58C62EE-B2B8-4375-8172-AB40F707D819}] => (Allow) LPort=5556
FirewallRules: [{8B22C45C-9F09-42E3-832E-298D05368DEF}] => (Allow) LPort=5558
FirewallRules: [{9EC92BD9-F4DA-4F18-9C97-020AE8C7CE0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14C5E660-F729-45F4-A6AB-AF5FAF0185D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CD696F9-181A-4421-A25A-6C24F2C279BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DRAGON A Game About a Dragon\AGameAboutADragon.exe
FirewallRules: [{FA7407B0-F3B9-4118-8BE3-5F6D65962A9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DRAGON A Game About a Dragon\AGameAboutADragon.exe
FirewallRules: [{0958A7BC-0087-428A-9460-0F75E6E29446}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Guardian of Light\lcgol.exe
FirewallRules: [{722F0492-2382-4339-8FBA-8310550AD664}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Guardian of Light\lcgol.exe
FirewallRules: [TCP Query User{CCCA4FC1-54E5-4872-8474-03FDB05556B7}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [UDP Query User{BFAA2595-F440-4773-9D3A-0D79527BD7F4}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [TCP Query User{554623E3-87F1-4E22-81A7-AAF5436E6187}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [UDP Query User{8A8C92D4-741E-4D20-B126-A1A1CF770F13}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [TCP Query User{B43F88AB-23BC-4165-9DA8-15C8024ED388}C:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Block) C:\program files (x86)\plex\plex media server\plexdlnaserver.exe
FirewallRules: [UDP Query User{4B8724CB-9112-4DC0-A82A-77915A62579D}C:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Block) C:\program files (x86)\plex\plex media server\plexdlnaserver.exe
FirewallRules: [TCP Query User{CBB76B22-7F97-43E2-B9A5-B0AF989F49E7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{D04AFA2C-6840-4525-BA20-45DB3F37833E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{9A2CC934-EAC4-474E-9CD1-B3E9FAE2103A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Costume Quest\Cq.exe
FirewallRules: [{A20C5AA6-FC89-4816-9F2B-9E40C4B9FD72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Costume Quest\Cq.exe
FirewallRules: [{8C6F00B3-AEC3-4B2D-837F-7829C5041D33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2.exe
FirewallRules: [{B2CD4414-6BDE-47DC-8747-9851DFCE0613}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2.exe
FirewallRules: [{CE13744C-CEB5-496C-A7F8-FD91B6CE9631}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2_DX9.exe
FirewallRules: [{378E3805-2B18-4214-8B1A-6A4C3A75EDCB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2_DX9.exe
FirewallRules: [{803B3738-1CCD-4D4F-BBF6-2797EF8CC3E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{9C21E43D-6592-4A07-A271-67F33AFF107C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{B9EF4594-4F4F-4674-AF36-C45E5BB6C4EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{AF4F690A-B54F-4B4A-9475-39AE434F0E59}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{20DD59B4-3336-4BD7-9788-46C0E21B2102}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DuckTales Remastered\executable\DuckTales.exe
FirewallRules: [{067450CB-BD28-4278-A3E3-47A0D62BF111}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DuckTales Remastered\executable\DuckTales.exe
FirewallRules: [{22BEEECC-1D4C-4EB3-B12F-A0E8C3B01C64}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4105D685-C0C3-4204-82AD-D99C147BE0E4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0358C674-40B8-400E-BD42-E8F682BB05C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{11C29988-07B3-435B-B11D-7837EB796D15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{8300F7E9-9C0E-4BF8-B87D-06412470DC20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{AD0C72DF-66A0-4C09-A5DC-33C302D037D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{1AFB4225-017A-4709-B9D2-5D7B2349CED1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{54D16092-5D5E-4801-A637-B8048843B694}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{5C2405F6-8BC1-464F-AB85-255A1BEEC91D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{46537295-08AE-4D37-9A76-ACEEAF4EF67A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{81367DB2-07A5-4855-8731-04E3FB8A78CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wild_Animals_Animated_Jigsaws\Wild_Animals_Animated_Jigsaws.exe
FirewallRules: [{6738000D-7BE6-46C3-9251-EB01A913B827}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wild_Animals_Animated_Jigsaws\Wild_Animals_Animated_Jigsaws.exe
FirewallRules: [TCP Query User{950CE9AE-03CC-43CC-9B32-4E83311828B4}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{6EB044C8-092F-44D1-873A-3A23BB4F8223}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{61CFBB39-033E-450C-BA8C-0E0C8ECF371E}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{BD7AFB10-7275-41B6-BF71-780D6204BEEA}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{6D4E1213-05AC-4C00-8AFF-136C5973ECB3}F:\yooka-laylee\yookalaylee64.exe] => (Allow) F:\yooka-laylee\yookalaylee64.exe
FirewallRules: [UDP Query User{BC9F4183-8B08-4552-A14F-08845B699D8D}F:\yooka-laylee\yookalaylee64.exe] => (Allow) F:\yooka-laylee\yookalaylee64.exe
FirewallRules: [{28C0849E-F20B-4F1C-AE0E-D26395096890}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EE6729E1-B400-4144-AFEF-C65EC9AAAF34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C1511B0F-5B3D-401F-B673-4E37053B8DC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5A6BD130-9B8B-41EC-BA95-E0C4A86599AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA6DDE95-B810-46CA-9656-D31D28B214C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{931736E7-0146-4E34-8DC7-AEFC6D12E2EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{5E4159C0-E961-43D3-AC27-C5CD53B031E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶停杩潮慲整敢䙬湥停杩潮慲整敢䙬湥攮數
FirewallRules: [{570BC207-8259-41EE-94F4-74A081860CD9}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶停杩潮慲整敢䙬湥停杩潮慲整敢䙬湥⹟硥e
FirewallRules: [{7840C514-A613-4578-8331-7F7BB79EA424}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Mountain Adventure\Teddy Floppy Ear - Mountain Adventure.exe
FirewallRules: [{1626A2FD-3781-442B-AA23-E00C2005F8E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Mountain Adventure\Teddy Floppy Ear - Mountain Adventure.exe
FirewallRules: [{B5D08411-B2E1-4457-AA7B-3481862B1BD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Kayaking\Teddy Floppy Ear - Kayaking.exe
FirewallRules: [{AB15F145-E457-4495-8049-27C132C51719}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Kayaking\Teddy Floppy Ear - Kayaking.exe
FirewallRules: [TCP Query User{59F47727-758F-4660-9D5B-5D7936CEBC59}C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe] => (Allow) C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe
FirewallRules: [UDP Query User{0DA85E95-73FA-46D1-A745-15A08F1C50F0}C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe] => (Allow) C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe
FirewallRules: [{3A51B062-A062-4B7D-A80D-B5B1DBE2D05B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FB1734BB-5F40-498A-8258-D2E8BF82B109}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{583DFB69-8C23-45B1-8C0F-9FFE1B53FAAA}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{78E21377-0F15-4862-BD77-D8BB81FE4396}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{83006CCC-0E27-409C-8A56-A1ED42FEA2FD}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{766F282C-5645-4CED-828C-B5F1860E2C39}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{F0C1CD90-4C59-424B-AE4D-67850EBA1A47}C:\users\eddo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eddo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{00D86792-944F-41F5-916D-E4477F489CB7}C:\users\eddo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eddo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{77686D71-CF84-4FCD-B25D-840C27F31853}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{65B831FC-AB49-46F9-B387-36672F6B5CDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{8F30B456-4768-4F07-B1FE-36B1CFAD09B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Water Worries\ScummVM_Windows\scummvm.exe
FirewallRules: [{D488B8A0-E94D-4B18-8815-B4C16A5A4058}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Water Worries\ScummVM_Windows\scummvm.exe
FirewallRules: [{B28ADFD0-6EAF-4C29-8104-866067538340}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Maze Madness\ScummVM_Windows\scummvm.exe
FirewallRules: [{5748EA0B-E7AE-46E7-A0E9-5432D8CA1E9E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Maze Madness\ScummVM_Windows\scummvm.exe
FirewallRules: [{EE56C6EF-77D8-44B9-833A-F5B69CA527B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 5\ScummVM_Windows\scummvm.exe
FirewallRules: [{1AF80441-3A7F-4E6E-BCA0-3F9FDE2776B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 5\ScummVM_Windows\scummvm.exe
FirewallRules: [{9E7AD6A9-2288-447E-8CAB-EBA6A2A7EF1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 4\ScummVM_Windows\scummvm.exe
FirewallRules: [{8DEC04D7-18FA-47C8-AB09-7B9DBEC786FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 4\ScummVM_Windows\scummvm.exe
FirewallRules: [{7D75E125-6D70-4150-8CEB-00027B5D7218}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 3\ScummVM_Windows\scummvm.exe
FirewallRules: [{4544553E-E11F-4DD7-99B2-47E16F2508B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 3\ScummVM_Windows\scummvm.exe
FirewallRules: [{CB8AB971-615F-4F16-B57F-9231EA1EADB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{3E413850-897F-4641-890B-E34967892BE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{027C713D-2CAA-426D-8C20-53454481A96C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E7C3BDD5-C0E1-43C6-8192-FF7D7BABE712}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{5F0C0895-F1F6-4694-95FF-5BB63ED1F028}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{EA9A9AD4-3A99-4CE4-ACBB-78A59EFD4931}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{2E54E754-8225-462C-AA91-66648FFAF79F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{6FE2C493-1022-47A2-A1C0-7A87CEEEEA0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{1022C863-5B33-48CD-91D2-D649BC264E60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{E0A85ACF-DD13-4499-A3FC-80C9928442BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [{3E8CBC50-F65D-4C3F-910D-74A7D45BFC4E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [{6E9D770B-B9E5-4E4A-9E6E-79D48D8E1543}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CAYNE\cayne.exe
FirewallRules: [{2DEE1210-BDBE-4911-ADCD-E1DCED85C7EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CAYNE\cayne.exe
FirewallRules: [TCP Query User{5F848F19-49CE-4268-992A-D52632459801}C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe
FirewallRules: [UDP Query User{FBCFC609-2EFA-4D50-9B9E-55BB24B8590C}C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe
FirewallRules: [{09491FAF-02BD-41C6-920B-5412C5428E18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8DAYS_Demo\8DAYS.exe
FirewallRules: [{56165FD7-E897-4435-A4A1-BE07647F4A0B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8DAYS_Demo\8DAYS.exe
FirewallRules: [TCP Query User{E4E374FC-6AE6-41B4-A70F-654B7BB95484}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9F6DEC7-C131-4104-A52D-2DD060C8C054}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{36C4894E-EC54-49F1-84B8-CDA5B3C72C7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zwuggels - Beach Holidays\zwuggels_beach_holidays.exe
FirewallRules: [{1F981726-43B2-4061-9902-375C629B204D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zwuggels - Beach Holidays\zwuggels_beach_holidays.exe
FirewallRules: [{54897423-FC69-44A3-A998-CCD038823BD0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{BFCE82A4-6AC8-425A-958F-57EBE5F998B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC7B4564-79A0-418B-9966-E8E8EE1DE7AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{24ABF677-B4A3-464C-BBF2-2E251245DFF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kitten adventures in city park\cat-game.exe
FirewallRules: [{EAAE9242-35A6-4DFC-A230-2F8B389A149E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kitten adventures in city park\cat-game.exe
FirewallRules: [{ACBDCF31-2149-488E-BE73-BF29D313489D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\It's Spring Again\Spring.exe
FirewallRules: [{A4A7C6B7-9BD3-42A4-B6D5-42A326205E90}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\It's Spring Again\Spring.exe

==================== Restore Points =========================

14-11-2017 17:02:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2017 06:26:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1252) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2017 06:26:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T01:20:22Z. Error Code: 0x80070005.

Error: (11/14/2017 06:26:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1252) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2017 06:26:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1252) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2017 06:26:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1252) SRUJet: Database recovery/restore failed with unexpected error -1032.

Error: (11/14/2017 06:26:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1252) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2017 06:25:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T01:19:52Z. Error Code: 0x80070005.

Error: (11/14/2017 06:25:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1252) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2017 06:25:40 PM) (Source: ESENT) (EventID: 439) (User: )
Description: svchost (1252) SRUJet: Unable to write a shadowed header for file C:\WINDOWS\system32\SRU\SRU.chk. Error -1032.

Error: (11/14/2017 06:25:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1252) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/14/2017 06:19:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================
  Date: 2017-11-14 16:22:08.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 16:48:48.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 15:50:47.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 15:26:33.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 15:26:26.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 22:09:40.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 22:08:11.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 22:06:38.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 21:49:44.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 21:19:04.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 16323.07 MB
Available physical RAM: 11847.92 MB
Total Virtual: 16723.07 MB
Available Virtual: 11598.45 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:222.54 GB) (Free:76.9 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:9.57 GB) (Free:1.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:4.08 GB) (Free:0 GB) UDF
Drive f: (Secondary) (Fixed) (Total:920.02 GB) (Free:513.81 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1AE24ED8)

Partition: GPT.

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 87C52754)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 14 November 2017 - 06:49 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 bantadant

bantadant
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 14 November 2017 - 07:09 PM

SALog.txt:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 12th Novemeber, 2017
Running from:C:\Users\Admin\Desktop (18:53:09 - 11/14/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***

 

Adwcleaner.txt:

 

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 14 23:57:49 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-14-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Eddo\AppData\Local\Hola
PUP.Optional.Legacy, C:\Users\Eddo\AppData\Roaming\Hola
PUP.Optional.Legacy, C:\Program Files (x86)\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Users\Ali Lee\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Users\Eddo\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\Eddo\AppData\LocalLow\avg web tuneup
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\freemake shared
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_1214tb


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\rsrcs.dll
PUP.Optional.Reimage, C:\Windows\Temp\reimage.log
PUP.Optional.Reimage, C:\Users\Admin\AppData\Local\Temp\reimage.log


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Secure Search
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Hola
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Software\CoinisRevShare
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\CoinisRevShare
PUP.Optional.Legacy, [Key] - HKCU\Software\CoinisRevShare
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\xs
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | hola
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | hola
PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ProductUpdater
PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | ProductUpdater
PUP.Optional.PowerHandler, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Software\Microsoft\Etsy
PUP.Optional.PowerHandler, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Etsy
PUP.Optional.PowerHandler, [Key] - HKCU\Software\Microsoft\Etsy


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

Panda Free Antivirus (Disabled - up to Date)
Windows Defender (Enabled - up to Date)
Panda Free Antivirus (Disabled - up to Date)
Windows Defender (Enabled - up to Date)
Panda Firewall466960
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.183)
Adobe Reader XI (11.0.22)
Google Chrome (61.0.3163.100)
Java (8.0.450)
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (56.0.2)
Windows Live Essentials (16.4.3528.0331) ==> is no longer supported

***----------------Analysis Complete-------------------------***

 

 

MBAR Log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.1770.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17115979776, free: 12808540160

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.1770.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17115979776, free: 12791603200

Downloaded database version: v2017.11.14.09
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/14/2017 18:54:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\system32\drivers\iakhknru.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\pwdrvio.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\ehkoru.sys
\SystemRoot\system32\drivers\xbehko.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\dtsoftbus01.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\NNSNAHSL.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\SystemRoot\System32\drivers\UimFIO.SYS
\SystemRoot\system32\DRIVERS\PSINKNC.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\NNSTLSC.sys
\SystemRoot\system32\DRIVERS\NNSSTRM.sys
\SystemRoot\system32\DRIVERS\NNSSMTP.sys
\SystemRoot\system32\DRIVERS\NNSPRV.sys
\SystemRoot\system32\DRIVERS\NNSPROT.sys
\SystemRoot\system32\DRIVERS\NNSPOP3.sys
\SystemRoot\system32\DRIVERS\NNSPIHSW.sys
\SystemRoot\system32\DRIVERS\NNSPICC.sys
\SystemRoot\system32\DRIVERS\NNSIDS.sys
\SystemRoot\system32\DRIVERS\NNSHTTPS.sys
\SystemRoot\system32\DRIVERS\NNSHTTP.sys
\SystemRoot\system32\DRIVERS\NNSALPC.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\cthdb.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\CLVirtualBus01.sys
\SystemRoot\System32\drivers\circlass.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\PSINReg.sys
\SystemRoot\system32\DRIVERS\PSINFile.sys
\SystemRoot\system32\DRIVERS\PSINProc.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\PSINProt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\PSINAflt.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\umpass.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73F3804E-7ECD-48A3-A90F-DBEAD494AC96}\MpKslcc42f25b.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\691471F3.sys
----------- End -----------
Done!
IRP handler 15 of \Driver\iaStorA is hooked
Unhooking enabled.

Scan started
Database versions:
  main:    v2017.11.14.09
  rootkit: v2017.10.14.01

<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffa98a0a18a060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xffffa98a07bfd060
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffa98a0a18b060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xffffa98a079ec060
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffa98a0a18a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa98a0a0bbae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa98a0a18a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffa98a07bf8640, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa98a07bf8c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa98a07bfd060, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffdc08b49d4890, 0xffffa98a0a18a060, 0xffffa98a2fcde090
Lower DeviceData: 0xffffdc08b6db07a0, 0xffffa98a07bfd060, 0xffffa98a23166090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffa98a0a18a060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xffffa98a07bfd060
Lower Device Driver Name: \Driver\iaStorA\
Device already Exists: 0xffffa98a23166090
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffa98a0a18b060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xffffa98a079ec060
Lower Device Driver Name: \Driver\iaStorA\
Device already Exists: 0xffffa98a0f36ecc0
File C:\WINDOWS\SYSTEM32\drivers\iakhknru.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\iakhknru.sys --> [Rootkit.Agent.PUA]
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffa98a0a18b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa98a0a0bcae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa98a0a18b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffa98a07bf8840, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa98a07bf8040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa98a079ec060, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffdc08b3850a30, 0xffffa98a0a18b060, 0xffffa98a2f832330
Lower DeviceData: 0xffffdc08da6a8590, 0xffffa98a079ec060, 0xffffa98a0f36ecc0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1AE24ED8

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 1953525167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2168606700
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 17ad4e20-3d4f-469d-a12-b0be261f3b76
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2168606700
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 17ad4e20-3d4f-469d-a12-b0be261f3b76
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3d77c67c-90c6-46a5-bb81-b822cedce4a8
    FirstLBA 2048  Last LBA 2097151
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a912af34-10b9-42dc-b592-79f1753ffe1a
    FirstLBA 2097152  Last LBA 2834431
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 579a4096-9ade-43f1-a830-29de323af14
    FirstLBA 2834432  Last LBA 3096575
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 84ce5412-4537-4372-938b-12b17f169a1e
    FirstLBA 3096576  Last LBA 1932511231
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 8f4ee6b7-3807-4211-9180-b11686dd707e
    FirstLBA 1932511232  Last LBA 1933432831
    Attributes 1
    Partition Name                                     

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 12ffdacc-1bf6-4795-942c-1be7b87fc6f9
    FirstLBA 1933432832  Last LBA 1953509375
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 87C52754

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2673789114
    GPT Header CurrentLba = 1 BackupLba 468862127
    GPT Header FirstUsableLba 34  LastUsableLba 468862094
    GPT Header Guid f7e0585-5858-9090-8081-828310111213
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2673789114
    Backup GPT header CurrentLba = 468862127 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 468862094
    Backup GPT header Guid f7e0585-5858-9090-8081-828310111213
    Backup GPT header Contains 128 partition entries starting at LBA 468862095
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 9ec27a5c-a070-11e5-82c8-806e6f6e6963
    FirstLBA 2048  Last LBA 1230846
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 9ec27a4a-a070-11e5-82c8-806e6f6e6963
    FirstLBA 1230848  Last LBA 467935424
    Attributes 0
    Partition Name                 Basic data partition

    Partition 2 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 35a866cf-6128-4ea2-a6d3-813596cbfdc
    FirstLBA 467937280  Last LBA 468858879
    Attributes 1
    Partition Name                                     

Disk Size: 240057409536 bytes
Sector size: 512 bytes

Done!
=======================================


File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3A2F901D2038677ABBB505A0F85BF2F56E83B099.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3A2F901D2038677ABBB505A0F85BF2F56E83B099.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3A2F901D2038677ABBB505A0F85BF2F56E83B099.bin.83" is compressed (flags = 1)
Scan finished
 

 

I'll also show you the log file from Windows Defender that I ran a few days ago:

 

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          11/13/2017 12:39:08 AM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NewBox
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bitrep.A&threatid=2147723097&enterprise=0
     Name: Trojan:Win32/Bitrep.A
     ID: 2147723097
     Severity: Severe
     Category: Trojan
     Path: containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e;file:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e->bgOTjFRzra.class;file:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e->UvTA.class
     Detection Origin: Local machine
     Detection Type: FastPath
     Detection Source: System
     User: NT AUTHORITY\SYSTEM
     Process Name: Unknown
     Signature Version: AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0
     Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-13T05:39:08.504082500Z" />
    <EventRecordID>497</EventRecordID>
    <Correlation ActivityID="{6F398EAC-C188-4733-88E7-153078382F02}" />
    <Execution ProcessID="2308" ThreadID="7332" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>NewBox</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.10.14393.1613</Data>
    <Data Name="Detection ID">{957B4034-2A04-49D0-BE35-DAB1833C478F}</Data>
    <Data Name="Detection Time">2017-11-13T05:38:42.813Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147723097</Data>
    <Data Name="Threat Name">Trojan:Win32/Bitrep.A</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category ID">8</Data>
    <Data Name="Category Name">Trojan</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Trojan:Win32/Bitrep.A&amp;threatid=2147723097&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">2</Data>
    <Data Name="Source Name">%%820</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">NT AUTHORITY\SYSTEM</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e;file:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e-&gt;bgOTjFRzra.class;file:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e-&gt;UvTA.class</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">8</Data>
    <Data Name="Type Name">%%862</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.14306.0, NIS: 2.1.14202.0</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          11/13/2017 12:39:08 AM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NewBox
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tilken.B!cl&threatid=2147722740&enterprise=0
     Name: Trojan:Win32/Tilken.B!cl
     ID: 2147722740
     Severity: Severe
     Category: Trojan
     Path: containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\59745e3-6ecf4d78;file:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\59745e3-6ecf4d78->OwUE.class
     Detection Origin: Local machine
     Detection Type: FastPath
     Detection Source: System
     User: NT AUTHORITY\SYSTEM
     Process Name: Unknown
     Signature Version: AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0
     Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-13T05:39:08.474208900Z" />
    <EventRecordID>496</EventRecordID>
    <Correlation ActivityID="{6F398EAC-C188-4733-88E7-153078382F02}" />
    <Execution ProcessID="2308" ThreadID="7332" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>NewBox</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.10.14393.1613</Data>
    <Data Name="Detection ID">{F9F7205E-B969-4260-9C86-CC42A77E505B}</Data>
    <Data Name="Detection Time">2017-11-13T05:38:42.813Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147722740</Data>
    <Data Name="Threat Name">Trojan:Win32/Tilken.B!cl</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category ID">8</Data>
    <Data Name="Category Name">Trojan</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Trojan:Win32/Tilken.B!cl&amp;threatid=2147722740&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">2</Data>
    <Data Name="Source Name">%%820</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">NT AUTHORITY\SYSTEM</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\59745e3-6ecf4d78;file:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\59745e3-6ecf4d78-&gt;OwUE.class</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">8</Data>
    <Data Name="Type Name">%%862</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.14306.0, NIS: 2.1.14202.0</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          11/12/2017 11:42:07 PM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NewBox
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
     Name: HackTool:Win32/Keygen
     ID: 2147593794
     Severity: Medium
     Category: Tool
     Path: containerfile:_F:\Eddo's Stuff\MediaMonkey.rar;file:_F:\Eddo's Stuff\MediaMonkey.rar->CORE.rar->CORE\keygen.exe
     Detection Origin: Local machine
     Detection Type: Concrete
     Detection Source: User
     User: NewBox\Admin
     Process Name: Unknown
     Signature Version: AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0
     Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-13T04:42:07.328940400Z" />
    <EventRecordID>492</EventRecordID>
    <Correlation ActivityID="{1F623DAF-8C59-4041-8C9D-DE69818FE943}" />
    <Execution ProcessID="2308" ThreadID="6096" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>NewBox</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.10.14393.1613</Data>
    <Data Name="Detection ID">{2D590669-67E6-432F-8714-86D9B8F84FBE}</Data>
    <Data Name="Detection Time">2017-11-13T04:42:01.142Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147593794</Data>
    <Data Name="Threat Name">HackTool:Win32/Keygen</Data>
    <Data Name="Severity ID">2</Data>
    <Data Name="Severity Name">Medium</Data>
    <Data Name="Category ID">34</Data>
    <Data Name="Category Name">Tool</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=HackTool:Win32/Keygen&amp;threatid=2147593794&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">1</Data>
    <Data Name="Source Name">%%815</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">NewBox\Admin</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">containerfile:_F:\Eddo's Stuff\MediaMonkey.rar;file:_F:\Eddo's Stuff\MediaMonkey.rar-&gt;CORE.rar-&gt;CORE\keygen.exe</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">0</Data>
    <Data Name="Type Name">%%822</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.14306.0, NIS: 2.1.14202.0</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          11/12/2017 11:42:07 PM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NewBox
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
     Name: Trojan:Win32/Fuerboos.C!cl
     ID: 2147723654
     Severity: Severe
     Category: Trojan
     Path: file:_C:\Users\Admin\AppData\Local\Temp\weatherinspect.exe
     Detection Origin: Local machine
     Detection Type: FastPath
     Detection Source: User
     User: NewBox\Admin
     Process Name: Unknown
     Signature Version: AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0
     Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-13T04:42:07.327533400Z" />
    <EventRecordID>491</EventRecordID>
    <Correlation ActivityID="{1F623DAF-8C59-4041-8C9D-DE69818FE943}" />
    <Execution ProcessID="2308" ThreadID="6096" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>NewBox</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.10.14393.1613</Data>
    <Data Name="Detection ID">{0E630DF9-A43A-4412-A7A5-A87AFB2DC045}</Data>
    <Data Name="Detection Time">2017-11-13T04:42:07.299Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147723654</Data>
    <Data Name="Threat Name">Trojan:Win32/Fuerboos.C!cl</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category ID">8</Data>
    <Data Name="Category Name">Trojan</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Trojan:Win32/Fuerboos.C!cl&amp;threatid=2147723654&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">1</Data>
    <Data Name="Source Name">%%815</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">NewBox\Admin</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">file:_C:\Users\Admin\AppData\Local\Temp\weatherinspect.exe</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">8</Data>
    <Data Name="Type Name">%%862</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.14306.0, NIS: 2.1.14202.0</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          11/12/2017 11:42:07 PM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NewBox
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Wonknod.A&threatid=2147688719&enterprise=0
     Name: TrojanProxy:Win32/Wonknod.A
     ID: 2147688719
     Severity: Severe
     Category: Trojan Proxy Server
     Path: containerfile:_C:\Users\Admin\AppData\Local\gxvr\apexpsvc.exe;file:_C:\Users\Admin\AppData\Local\gxvr\apexpsvc.exe;file:_C:\Users\Admin\AppData\Local\gxvr\apexpsvc.exe->[lowcase_mzpe]
     Detection Origin: Local machine
     Detection Type: FastPath
     Detection Source: User
     User: NewBox\Admin
     Process Name: Unknown
     Signature Version: AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0
     Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-13T04:42:07.326625100Z" />
    <EventRecordID>490</EventRecordID>
    <Correlation ActivityID="{1F623DAF-8C59-4041-8C9D-DE69818FE943}" />
    <Execution ProcessID="2308" ThreadID="6096" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>NewBox</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.10.14393.1613</Data>
    <Data Name="Detection ID">{2C116CC2-FEC2-4320-B3DB-365966CAA99E}</Data>
    <Data Name="Detection Time">2017-11-13T04:42:01.142Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147688719</Data>
    <Data Name="Threat Name">TrojanProxy:Win32/Wonknod.A</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category ID">40</Data>
    <Data Name="Category Name">Trojan Proxy Server</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=TrojanProxy:Win32/Wonknod.A&amp;threatid=2147688719&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">1</Data>
    <Data Name="Source Name">%%815</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">NewBox\Admin</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">containerfile:_C:\Users\Admin\AppData\Local\gxvr\apexpsvc.exe;file:_C:\Users\Admin\AppData\Local\gxvr\apexpsvc.exe;file:_C:\Users\Admin\AppData\Local\gxvr\apexpsvc.exe-&gt;[lowcase_mzpe]</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">8</Data>
    <Data Name="Type Name">%%862</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.14306.0, NIS: 2.1.14202.0</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          11/12/2017 11:42:07 PM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NewBox
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
     Name: Trojan:Win32/Tiggre!plock
     ID: 2147723626
     Severity: Severe
     Category: Trojan
     Path: file:_C:\Users\Admin\AppData\Local\Temp\TIB28DC.tmp
     Detection Origin: Local machine
     Detection Type: FastPath
     Detection Source: User
     User: NewBox\Admin
     Process Name: Unknown
     Signature Version: AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0
     Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-13T04:42:07.325462300Z" />
    <EventRecordID>489</EventRecordID>
    <Correlation ActivityID="{1F623DAF-8C59-4041-8C9D-DE69818FE943}" />
    <Execution ProcessID="2308" ThreadID="6096" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>NewBox</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.10.14393.1613</Data>
    <Data Name="Detection ID">{F5DF3ECD-CEA4-4B92-B220-31002C8082ED}</Data>
    <Data Name="Detection Time">2017-11-13T04:42:01.142Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147723626</Data>
    <Data Name="Threat Name">Trojan:Win32/Tiggre!plock</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category ID">8</Data>
    <Data Name="Category Name">Trojan</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Trojan:Win32/Tiggre!plock&amp;threatid=2147723626&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">1</Data>
    <Data Name="Source Name">%%815</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">NewBox\Admin</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">file:_C:\Users\Admin\AppData\Local\Temp\TIB28DC.tmp</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">8</Data>
    <Data Name="Type Name">%%862</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.14306.0, NIS: 2.1.14202.0</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          11/12/2017 11:42:07 PM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NewBox
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Obfuscator.W&threatid=2147688468&enterprise=0
     Name: Exploit:Java/Obfuscator.W
     ID: 2147688468
     Severity: Severe
     Category: Exploit
     Path: containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\391e7c0f-407da3c2;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\67f1f90f-4525acbf;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\55e014d0-2cfe34ba;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6c8c281-5ce3873b;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\255b10d6-25470ccd;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\483e865a-7dd1fb02;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\59745e3-6ecf4d78;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ea5ebe4-259ea621;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\3b69b16e-3539b63e;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\D
     Detection Origin: Local machine
     Detection Type: Heuristics
     Detection Source: User
     User: NewBox\Admin
     Process Name: Unknown
     Signature Version: AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0
     Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-13T04:42:07.323775400Z" />
    <EventRecordID>488</EventRecordID>
    <Correlation ActivityID="{1F623DAF-8C59-4041-8C9D-DE69818FE943}" />
    <Execution ProcessID="2308" ThreadID="6096" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>NewBox</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.10.14393.1613</Data>
    <Data Name="Detection ID">{B4273DC4-10E1-49C5-8649-548A520DA74D}</Data>
    <Data Name="Detection Time">2017-11-13T04:42:01.157Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147688468</Data>
    <Data Name="Threat Name">Exploit:Java/Obfuscator.W</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category ID">30</Data>
    <Data Name="Category Name">Exploit</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Exploit:Java/Obfuscator.W&amp;threatid=2147688468&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">1</Data>
    <Data Name="Source Name">%%815</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">NewBox\Admin</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\391e7c0f-407da3c2;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\67f1f90f-4525acbf;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\55e014d0-2cfe34ba;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6c8c281-5ce3873b;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\255b10d6-25470ccd;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\483e865a-7dd1fb02;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\59745e3-6ecf4d78;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ea5ebe4-259ea621;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7b9b6ba6-5d28446e;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\3b69b16e-3539b63e;containerfile:_C:\Users\Eddo\AppData\LocalLow\Sun\Java\D</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">1</Data>
    <Data Name="Type Name">%%821</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.257.401.0, AS: 1.257.401.0, NIS: 118.1.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.14306.0, NIS: 2.1.14202.0</Data>
  </EventData>
</Event>



#4 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 14 November 2017 - 07:16 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: How the computer is running now?



***


:step4: Please download Zemana AntiMalware and save it to your Desktop.
- Start it...
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 bantadant

bantadant
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 14 November 2017 - 07:57 PM

MBAR log:

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.11.14.09
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.1770.14393.0
Admin :: NEWBOX [administrator]

11/14/2017 6:54:39 PM
mbar-log-2017-11-14 (18-54-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 425556
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\iakhknru.sys (Rootkit.Agent.PUA) -> Delete on reboot. [dd4f64f47c8a8246865ca3cd8e339296]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

AdwCleaner Log:

 

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 15 00:38:20 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-14-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Eddo\AppData\Local\Hola
PUP.Optional.Legacy, C:\Users\Eddo\AppData\Roaming\Hola
PUP.Optional.Legacy, C:\Program Files (x86)\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Users\Ali Lee\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Users\Eddo\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\Eddo\AppData\LocalLow\avg web tuneup
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\freemake shared
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_1214tb


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\rsrcs.dll
PUP.Optional.Reimage, C:\Windows\Temp\reimage.log


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Secure Search
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Software\CoinisRevShare
PUP.Optional.Legacy, [Key] - HKCU\Software\CoinisRevShare
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\xs
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ProductUpdater
PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | ProductUpdater
PUP.Optional.PowerHandler, [Key] - HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Software\Microsoft\Etsy
PUP.Optional.PowerHandler, [Key] - HKCU\Software\Microsoft\Etsy


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4698 B] - [2017/11/14 23:57:49]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

 

3. I am now able to open Panda Antivirus and System Restore. The suspicious entries in the startup tab of msconfig are still present, however they are disabled and "open file location" is greyed out, so it seems like they have been removed. 

 

 

 

Zemana log:

 

Zemana AntiMalware 2.74.2.150 (Portable)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/11/14
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-4770 CPU @ 3.40GHz
BIOS Mode              : UEFI
CUID                   : 121F19E69DE64AC362289C
Scan Type              : System Scan
Duration               : 3m 6s
Scanned Objects        : 261114
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Firefox Search
Status             : Scanned
Object             : Search Module - http://www-searching.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

Firefox Search
Status             : Scanned
Object             : Search Module - http://api.searchpredict.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : D17235A21E02A3A8AE98A05FC1378323
Publisher          : -
Size               : 841
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Too many empty lines in Hosts file
                File - %systemroot%\system32\drivers\etc\hosts


Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 

 

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Admin (administrator) on NEWBOX (14-11-2017 19:47:23)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Eddo & Admin & Ali Lee & DefaultAppPool)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Copyright 2017.) C:\Users\Admin\Desktop\Zemana.AntiMalware.Portable.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [deciphered] => "C:\Program Files (x86)\Lik\bedding.exe"
HKLM\...\Run: [deciphereddeciphered] => "C:\Program Files (x86)\Biome\bedding.exe"
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1009632 2016-08-08] (DivX, LLC)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-08-11] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-08-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sublimate] => "C:\Program Files (x86)\Lik\bedding.exe"
HKLM-x32\...\Run: [sublimatesublimate] => "C:\Program Files (x86)\Biome\bedding.exe"
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [Power2GoExpress9] => C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe [2397448 2014-08-11] (CyberLink Corp.)
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [edifying] => "C:\Program Files (x86)\Lik\bedding.exe"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Run: [spawning] => "C:\Program Files (x86)\tale\spawning.exe"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Policies\Explorer: [NoViewContextMenu] 0
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{03a1cdfd-ec20-4cfb-8524-88bdf8f9b549}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{a8afc462-1796-4c3c-920e-c893bd6cc6d1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a9cca449-382a-4abf-bd01-9cb0a2e5fff0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c2309898-9089-4e28-bca1-a40e9ba078f9}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3272754585-3740627633-2259465754-1002 -> {51695FD1-0173-4DBC-803E-AEE2C595DBF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-07] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-11-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-08-24] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\52ilfs6f.default [2017-11-14]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\52ilfs6f.default ->
FF Homepage: Mozilla\Firefox\Profiles\52ilfs6f.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\52ilfs6f.default -> type", 0
FF NewTabOverride: Mozilla\Firefox\Profiles\52ilfs6f.default -> Enabled: newtaboverride@agenedia.com
FF Extension: (New Tab Override) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\52ilfs6f.default\Extensions\newtaboverride@agenedia.com.xpi [2017-11-14]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\52ilfs6f.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-10-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-08-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-08-08] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-09-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-11-14]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-12]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-12]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-12]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-25] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2013-08-19] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Creative Technology Ltd.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] () [File not signed]
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
S3 CpqDfw; C:\WINDOWS\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [33792 2017-02-13] (Creative Technology Ltd)
S3 CXCVBS; C:\WINDOWS\system32\drivers\cxCVBS.sys [252544 2015-11-26] (Conexant Systems, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-08-23] (Disc Soft Ltd)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-11-13] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103824 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-16] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120208 2015-07-16] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112536 2015-07-16] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-16] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309648 2015-07-16] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179608 2015-07-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-16] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-16] (Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-18] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [173464 2015-07-21] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130968 2015-07-21] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207256 2015-07-21] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133528 2015-07-21] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [143768 2015-07-21] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117144 2015-07-21] (Panda Security, S.L.)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-10-29] ()
S1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-10-29] ()
S1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700680 2014-10-29] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-11-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-13] (Zemana Ltd.)
S3 MFE_RR; \??\C:\Users\Admin\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S3 MSPCLOCK; \SystemRoot\system32\DRIVERS\MSPCLOCK.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
S3 udiskMgr; system32\drivers\ybehlo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-14 19:47 - 2017-11-14 19:47 - 000030180 _____ C:\Users\Admin\Desktop\FRST.txt
2017-11-14 19:40 - 2017-11-14 19:40 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-11-14 19:31 - 2017-11-14 19:31 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-11-14 19:26 - 2017-11-14 19:40 - 015808656 _____ (Copyright 2017.) C:\Users\Admin\Desktop\Zemana.AntiMalware.Portable.exe
2017-11-14 19:26 - 2017-11-14 19:26 - 002392576 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2017-11-14 19:23 - 2017-11-14 19:23 - 000311176 _____ (Mozilla) C:\Users\Admin\Downloads\Firefox Installer.exe
2017-11-14 18:54 - 2017-11-14 19:25 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\691471F3.sys
2017-11-14 18:53 - 2017-11-14 18:53 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.10.3.1001(1).exe
2017-11-14 18:51 - 2017-11-14 18:53 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-14 18:25 - 2017-11-14 18:25 - 002392576 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2017-11-14 18:23 - 2017-11-14 18:27 - 000000000 ____D C:\Users\Admin\SecurityScans
2017-11-14 18:21 - 2017-11-14 18:21 - 001818624 _____ C:\Users\Admin\Downloads\MBSASetup-x64-EN.msi
2017-11-14 18:07 - 2017-11-14 18:07 - 001048576 _____ C:\deftlbase.sdb
2017-11-14 18:07 - 2017-11-14 18:07 - 000016384 _____ C:\deftlbase.jfm
2017-11-14 17:59 - 2017-11-14 17:59 - 000000475 _____ C:\reset.cmd
2017-11-14 17:58 - 2017-11-14 17:58 - 000379392 _____ C:\Users\Admin\Downloads\subinacl.msi
2017-11-14 17:53 - 2017-11-14 17:53 - 000002952 _____ C:\WINDOWS\system32\exportedreg.reg
2017-11-14 17:51 - 2017-11-14 17:52 - 000156663 _____ C:\Users\Admin\Downloads\Regdelnull.zip
2017-11-14 14:29 - 2017-11-14 14:29 - 000000000 ____D C:\EFI
2017-11-13 22:50 - 2017-11-13 22:50 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw514669efde8bcf1a.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6ddf18a70edd122f.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3de362ad6bb95713.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswdbfa87a2b3d71120.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw1413cd5effda0c50.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9b30b7b378bb06e7.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswa8e6b5ebf6de968f.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9f1669824a0dd934.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1776d3ed1688aa36.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe7cd4eb913b36fd5.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5dba4157fb8464e2.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-13 22:50 - 2017-11-13 22:50 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw9aff3e91973400b5.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw151e6fc1dafce570.tmp
2017-11-13 22:50 - 2017-11-13 22:50 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software
2017-11-13 22:49 - 2017-11-13 22:50 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-13 22:49 - 2017-11-13 22:49 - 007176464 _____ (AVAST Software) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
2017-11-13 22:49 - 2017-11-13 22:49 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-13 21:33 - 2017-11-13 21:34 - 000000000 _____ C:\Recovery.txt
2017-11-13 19:09 - 2017-11-13 19:09 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-11-13 19:07 - 2017-11-14 16:22 - 000000000 ____D C:\Program Files (x86)\Avira
2017-11-13 18:59 - 2017-11-13 18:59 - 000000000 ___HD C:\$Windows.~WS
2017-11-13 18:58 - 2017-11-13 22:53 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-13 18:58 - 2017-11-13 18:58 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\Documents\hp.system.package.metadata
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\Documents\hp.applications.package.appdata
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2017-11-13 18:54 - 2017-11-13 18:54 - 000002952 _____ C:\WINDOWS\system32\mmc.reg
2017-11-13 18:52 - 2017-11-13 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-11-13 18:52 - 2017-11-13 18:52 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-11-13 18:50 - 2017-11-13 18:50 - 000000388 _____ C:\Users\Admin\Downloads\List.txt
2017-11-13 18:50 - 2017-11-13 18:50 - 000000379 _____ C:\Users\Admin\Downloads\gpedit-enabler.bat
2017-11-13 18:49 - 2017-11-13 18:49 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-13 18:48 - 2017-11-14 19:42 - 123469824 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-11-13 18:44 - 2017-11-13 18:48 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-11-13 18:44 - 2017-11-13 18:44 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-11-13 18:40 - 2017-11-13 18:43 - 000000734 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-11-13 18:40 - 2017-11-13 18:40 - 000000000 ____D C:\Windows10Upgrade
2017-11-13 18:30 - 2017-11-13 18:30 - 000000000 ____D C:\Users\Eddo\AppData\Local\rarctbd
2017-11-13 17:38 - 2017-11-13 17:38 - 005908597 _____ C:\Users\Admin\Downloads\PCHunter_free.zip
2017-11-13 17:37 - 2017-11-13 17:37 - 001020640 _____ C:\Users\Admin\Downloads\antirootkit.exe
2017-11-13 17:37 - 2017-11-13 17:37 - 000784152 _____ (McAfee, Inc.) C:\Users\Admin\Downloads\rootkitremover.exe
2017-11-13 17:37 - 2017-11-13 17:37 - 000000000 ____D C:\Users\Admin\Pavark
2017-11-13 17:30 - 2017-11-13 17:30 - 010211512 _____ (Simply Super Software ) C:\Users\Admin\Downloads\trjsetup695.exe
2017-11-13 17:30 - 2017-11-13 17:30 - 000000000 ____D C:\ProgramData\Simply Super Software
2017-11-13 17:27 - 2017-11-13 17:27 - 000313366 _____ C:\Users\Admin\Downloads\WindowsUpdate.diagcab
2017-11-13 16:48 - 2017-11-14 19:47 - 000065890 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-13 16:48 - 2017-11-14 19:47 - 000026261 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-13 16:47 - 2017-11-13 16:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-11-13 16:47 - 2017-11-13 16:47 - 000000000 ____D C:\Users\Admin\AppData\Local\Zemana
2017-11-13 16:46 - 2017-11-14 19:47 - 000000000 ____D C:\FRST
2017-11-13 16:44 - 2017-11-13 16:44 - 000005690 _____ C:\WINDOWS\system32\.crusader
2017-11-13 16:41 - 2017-11-13 16:41 - 000000000 ____D C:\Windows.old
2017-11-13 16:40 - 2017-11-13 16:45 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-11-13 16:39 - 2017-11-13 16:44 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-13 16:38 - 2017-11-13 16:39 - 011584088 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2017-11-13 16:35 - 2017-11-13 16:35 - 000388608 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HijackThis.exe
2017-11-13 16:32 - 2017-11-13 16:32 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\55546216.sys
2017-11-13 16:30 - 2017-11-13 16:30 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5F743713.sys
2017-11-13 16:28 - 2017-11-13 16:31 - 000000335 _____ C:\local.conf
2017-11-13 16:27 - 2017-11-14 19:42 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-13 16:27 - 2017-11-14 19:25 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-13 16:27 - 2017-11-13 16:27 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\45271761.sys
2017-11-13 16:26 - 2017-11-13 16:26 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.10.3.1001.exe
2017-11-13 15:15 - 2017-11-13 19:10 - 000000000 ____D C:\ESD
2017-11-13 05:04 - 2017-11-14 19:22 - 000000168 _____ C:\WINDOWS\wininit.ini
2017-11-13 05:04 - 2017-11-13 05:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-12 21:56 - 2017-11-13 17:20 - 000000000 ____D C:\WINDOWS\pss
2017-11-12 21:56 - 2017-11-13 17:19 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-12 21:50 - 2017-11-13 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2017-11-12 21:34 - 2017-11-12 21:35 - 110507280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\msert.exe
2017-11-12 21:32 - 2017-11-12 21:32 - 007787776 _____ C:\Users\Admin\Downloads\spybotsd_includes.exe
2017-11-12 21:30 - 2017-11-13 05:04 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-12 21:11 - 2017-11-12 21:11 - 000000000 ____D C:\WINDOWS\XSxS
2017-11-12 20:47 - 2017-11-12 20:47 - 000000000 ____D C:\SUPERDelete
2017-11-12 20:31 - 2017-11-12 20:31 - 000000000 ____D C:\Users\Admin\AppData\Local\spcmonz
2017-11-12 20:30 - 2017-11-12 20:30 - 000000000 ____D C:\Users\Admin\AppData\Local\UNP
2017-11-12 20:27 - 2017-11-14 18:23 - 000003292 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{714003FF-337E-401A-9E17-6A2001B78F13}
2017-11-12 20:24 - 2017-11-12 20:24 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-12 20:22 - 2017-11-12 20:22 - 000003236 _____ C:\WINDOWS\System32\Tasks\{9EC98E1E-D577-4063-A101-7F2CD421FDBF}
2017-11-12 20:20 - 2017-11-12 20:20 - 000000004 _____ C:\ProgramData\rwi.aead
2017-11-12 20:15 - 2017-11-14 16:19 - 002883072 _____ C:\WINDOWS\system32\sndmtbisvc.exe
2017-11-12 20:15 - 2017-11-13 22:47 - 000000000 ____D C:\ProgramData\daeaService
2017-11-12 20:15 - 2017-11-13 22:45 - 000000000 ____D C:\WINDOWS\newbox
2017-11-12 20:15 - 2017-11-13 16:44 - 000000000 ____D C:\Users\Eddo\AppData\Local\atdbixh
2017-11-12 20:15 - 2017-11-13 05:01 - 000000000 ____D C:\Users\Admin\AppData\Local\gxvr
2017-11-12 20:15 - 2017-11-12 20:15 - 000000020 _____ C:\WINDOWS\b30569534
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\WINDOWS\SysWOW64\updzbmr
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\WINDOWS\system32\updzbmr
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\Users\Admin\AppData\Roaming\et
2017-11-12 20:15 - 2017-11-12 20:15 - 000000000 ____D C:\Program Files (x86)\illustration
2017-11-12 09:26 - 2017-11-12 09:26 - 000000000 ____D C:\Users\Eddo\AppData\LocalLow\BabaYaga
2017-11-12 08:13 - 2017-11-12 08:13 - 000000000 ____D C:\Users\Eddo\AppData\Roaming\RenPy
2017-11-09 20:19 - 2017-11-09 20:19 - 000051645 _____ C:\WINDOWS\uninstaller.dat
2017-11-09 20:19 - 2017-11-09 20:19 - 000014040 _____ C:\WINDOWS\system32\Drivers\47aea898991419bbf3677c6a085c459b.sys
2017-11-04 15:40 - 2017-11-04 15:40 - 000000000 ____D C:\Users\Public\Documents\uPlay
2017-10-24 18:16 - 2017-10-24 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-10-24 16:51 - 2017-10-24 16:51 - 000000789 _____ C:\Users\Public\Desktop\A Hat in Time.lnk
2017-10-21 17:48 - 2017-10-21 17:48 - 000000000 ____D C:\Users\Eddo\AppData\Roaming\Camera Bits, Inc
2017-10-20 18:27 - 2017-10-20 18:27 - 000000000 ____D C:\Users\Admin\AppData\Roaming\LucasArts
2017-10-20 18:27 - 2017-10-20 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-18 12:10 - 2017-10-18 12:10 - 000002195 _____ C:\Users\Eddo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-10-17 16:58 - 2017-10-17 16:58 - 000000000 ____D C:\Users\Eddo\Documents\Garmin
2017-10-17 16:57 - 2017-10-17 17:21 - 000000000 ____D C:\ProgramData\Garmin
2017-10-17 16:57 - 2017-10-17 16:57 - 000000000 ____D C:\Users\Eddo\AppData\Local\Garmin_Ltd._or_its_subsid
2017-10-17 16:57 - 2017-10-17 16:57 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Garmin
2017-10-17 16:57 - 2017-10-17 16:57 - 000000000 ____D C:\Users\Admin\AppData\Local\Garmin_Ltd._or_its_subsid

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-14 19:45 - 2017-05-26 15:58 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-14 19:45 - 2016-08-11 02:47 - 000000000 ____D C:\Users\Admin
2017-11-14 19:44 - 2016-04-02 13:15 - 000000000 ____D C:\Users\Admin\AppData\Local\ClassicShell
2017-11-14 19:43 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 19:42 - 2017-04-14 18:55 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-11-14 19:42 - 2016-11-15 19:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-14 19:42 - 2016-08-11 02:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-14 19:42 - 2016-07-16 01:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-14 19:42 - 2014-08-18 15:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-14 19:30 - 2016-08-11 02:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-14 19:27 - 2016-08-11 02:47 - 004604184 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-14 19:22 - 2014-08-24 18:37 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2017-11-14 19:22 - 2014-08-18 15:44 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-14 19:21 - 2016-08-11 02:47 - 000000000 ____D C:\Users\Ali Lee
2017-11-14 19:20 - 2016-08-11 02:46 - 000431792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 18:53 - 2016-08-11 06:45 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-14 18:53 - 2016-08-11 02:54 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-11-14 18:53 - 2016-08-11 02:54 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-11-14 18:27 - 2016-08-11 02:46 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-14 17:04 - 2014-08-23 11:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-11-14 16:22 - 2013-08-24 16:59 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-14 16:16 - 2016-07-16 01:04 - 023855104 _____ C:\WINDOWS\system32\config\HARDWARE
2017-11-14 15:28 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\Registration
2017-11-14 14:30 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-14 14:29 - 2016-07-16 06:47 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-13 22:53 - 2017-04-14 18:54 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-13 22:53 - 2014-07-15 10:39 - 000397324 _____ C:\WINDOWS\Minidump\111317-7656-01.dmp
2017-11-13 19:24 - 2014-12-20 13:49 - 000000000 ____D C:\Users\Admin\AppData\Local\Adobe
2017-11-13 18:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-13 18:52 - 2016-08-11 06:42 - 000000000 ____D C:\inetpub
2017-11-13 18:52 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-11-13 18:52 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-11-13 18:49 - 2016-02-03 17:51 - 000000000 ____D C:\Users\Eddo\AppData\Local\ClassicShell
2017-11-13 18:45 - 2017-04-15 03:44 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F0CE2ED7-6686-4167-BCF5-1757C04DDD0F}
2017-11-13 18:45 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\security
2017-11-13 18:45 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-13 18:45 - 2016-07-16 06:44 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2017-11-13 18:45 - 2016-07-16 06:44 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2017-11-13 18:45 - 2016-07-16 06:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2017-11-13 18:45 - 2016-07-16 06:44 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2017-11-13 18:45 - 2016-07-16 06:43 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000147439 _____ C:\WINDOWS\system32\gpedit.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000120458 _____ C:\WINDOWS\system32\secpol.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2017-11-13 18:45 - 2016-07-16 06:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2017-11-13 18:45 - 2016-07-16 06:43 - 000043566 _____ C:\WINDOWS\SysWOW64\rsop.msc
2017-11-13 18:45 - 2016-07-16 06:43 - 000043566 _____ C:\WINDOWS\system32\rsop.msc
2017-11-13 18:44 - 2014-08-18 15:46 - 000000000 ____D C:\Users\Eddo\AppData\Local\Adobe
2017-11-13 18:16 - 2017-04-27 17:10 - 000003678 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001UA
2017-11-13 18:16 - 2017-04-27 17:10 - 000003410 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001Core
2017-11-13 17:31 - 2014-03-26 14:27 - 000000000 ____D C:\ProgramData\Temp
2017-11-13 17:28 - 2015-06-01 17:52 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2017-11-13 16:32 - 2014-07-15 10:39 - 000403500 _____ C:\WINDOWS\Minidump\111317-7015-01.dmp
2017-11-13 16:30 - 2014-08-18 15:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-13 16:27 - 2014-07-15 10:39 - 000396204 _____ C:\WINDOWS\Minidump\111317-6828-01.dmp
2017-11-13 16:11 - 2016-07-16 01:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-12 22:10 - 2017-07-29 11:51 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-11-12 21:56 - 2016-09-02 21:52 - 000000000 ____D C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform
2017-11-12 21:51 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-12 21:51 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-12 21:23 - 2014-07-15 10:39 - 000398900 _____ C:\WINDOWS\Minidump\111217-7515-01.dmp
2017-11-12 21:13 - 2017-09-06 17:38 - 000000000 ____D C:\Program Files\KMSpico
2017-11-12 20:59 - 2014-03-26 14:23 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-11-12 20:58 - 2016-08-11 18:16 - 000544424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-12 20:43 - 2017-10-11 09:37 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-12 20:43 - 2014-08-18 16:49 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-12 20:37 - 2014-08-18 15:47 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-12 20:30 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-12 20:30 - 2014-08-18 15:45 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-12 20:30 - 2014-08-18 15:44 - 000001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-12 20:29 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\Comms
2017-11-12 20:29 - 2014-08-18 15:45 - 000002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-12 20:27 - 2015-12-27 22:58 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft Toolkit
2017-11-12 20:24 - 2014-08-18 15:52 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-12 20:21 - 2014-12-25 15:31 - 000000000 ____D C:\Program Files (x86)\Logitech
2017-11-12 20:21 - 2014-12-25 15:25 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-11-12 20:20 - 2017-07-29 11:51 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3272754585-3740627633-2259465754-1002
2017-11-12 20:20 - 2017-07-29 11:51 - 000000000 ____D C:\Users\Admin\AppData\Local\NVIDIA Corporation
2017-11-12 20:20 - 2015-09-19 19:28 - 000002407 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-12 20:20 - 2015-09-19 19:28 - 000000000 ___RD C:\Users\Admin\OneDrive
2017-11-12 20:19 - 2016-08-11 02:47 - 000000000 ____D C:\Users\Eddo
2017-11-12 20:19 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-12 20:19 - 2014-08-18 14:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-12 19:13 - 2014-09-08 19:33 - 000001700 _____ C:\Users\Eddo\Info.txt
2017-11-12 06:59 - 2017-06-30 13:34 - 000000000 ____D C:\Users\Eddo\AppData\Local\CrashDumps
2017-11-08 17:47 - 2014-08-18 15:24 - 000000000 ____D C:\Users\Eddo\AppData\Local\Packages
2017-11-07 21:33 - 2017-04-06 20:19 - 000000638 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job
2017-11-07 21:33 - 2017-04-06 20:19 - 000000542 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job
2017-11-07 06:06 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-07 06:05 - 2017-09-06 17:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-04 21:26 - 2017-07-08 20:05 - 000000000 ____D C:\Users\Eddo\AppData\Local\GoToMeeting
2017-11-04 21:23 - 2017-04-21 22:57 - 000003788 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001
2017-11-04 21:23 - 2017-04-21 22:57 - 000003692 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001
2017-11-04 19:47 - 2016-07-16 06:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 19:47 - 2016-07-16 06:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 15:39 - 2014-12-31 21:43 - 000000000 ____D C:\Users\Eddo\Documents\My Games
2017-11-03 09:38 - 2017-09-29 09:50 - 000000000 ____D C:\Program Files\rempl
2017-11-02 22:56 - 2017-08-06 10:51 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3272754585-3740627633-2259465754-1001
2017-11-02 22:56 - 2016-08-11 02:56 - 000002404 _____ C:\Users\Eddo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-02 22:56 - 2015-07-30 04:56 - 000000000 ___RD C:\Users\Eddo\OneDrive
2017-10-26 01:32 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 01:32 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 08:29 - 2014-08-23 09:59 - 000000000 ____D C:\Users\Eddo\AppData\Roaming\Skype
2017-10-24 18:16 - 2016-02-20 09:17 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-10-24 18:16 - 2014-08-18 15:48 - 000000000 ____D C:\ProgramData\Skype
2017-10-24 16:54 - 2017-04-15 14:13 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-10-21 20:25 - 2017-02-12 13:45 - 000000000 ____D C:\Users\Eddo\Documents\Square Enix
2017-10-21 17:59 - 2014-03-26 14:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-18 18:16 - 2014-08-18 15:50 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-10-17 16:57 - 2016-02-08 16:17 - 000000000 ____D C:\Program Files\DIFX

==================== Files in the root of some directories =======

2015-09-19 18:12 - 2015-09-19 18:12 - 000000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2017-02-23 19:30 - 2017-02-23 19:30 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-11-12 20:20 - 2017-11-12 20:20 - 000000004 _____ () C:\ProgramData\rwi.aead

Files to move or delete:
====================
C:\Users\Eddo\caffeine.exe


Some files in TEMP:
====================
2017-08-21 20:54 - 2017-08-21 20:54 - 052961424 _____ (WeMod) C:\Users\Eddo\AppData\Local\Temp\Infinity-Setup.exe
2017-10-24 18:15 - 2017-10-24 18:15 - 058881488 _____ (Skype Technologies S.A.) C:\Users\Eddo\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-05 08:17

==================== End of FRST.txt ============================

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Admin (14-11-2017 19:48:00)
Running from C:\Users\Admin\Desktop
Windows 10 Home Version 1607 14393.1770 (X64) (2016-08-11 07:55:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3272754585-3740627633-2259465754-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3272754585-3740627633-2259465754-500 - Administrator - Disabled)
Ali Lee (S-1-5-21-3272754585-3740627633-2259465754-1003 - Limited - Enabled) => C:\Users\Ali Lee
DefaultAccount (S-1-5-21-3272754585-3740627633-2259465754-503 - Limited - Disabled)
Eddo (S-1-5-21-3272754585-3740627633-2259465754-1001 - Limited - Enabled) => C:\Users\Eddo
Guest (S-1-5-21-3272754585-3740627633-2259465754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3272754585-3740627633-2259465754-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Hat in Time (HKLM-x32\...\A Hat in Time_is1) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.12 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.63 - NVIDIA Corporation) Hidden
AOMEI Partition Assistant Pro Edition 5.8 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse Of Monkey Island (HKLM-x32\...\bgbennyboyCMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1827.0 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4502.0 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.83 - DivX, LLC)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EaseUS Data Recovery Wizard 9.0 (HKLM\...\EaseUS Data Recovery Wizard 9.0_is1) (Version:  - EaseUS)
Escape From Monkey Island (HKLM-x32\...\bgbennyboyEMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
EzGrabber version 3.0.1 (HKLM-x32\...\{59D21F0E-EA54-4438-A5B7-7EAD262FD873}_is1) (Version: 3.0.1 - Geniatech)
FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\{E2FA067B-11BC-318B-B325-31127E6243F5}) (Version: 61.0.3163.100 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
H&R Block Connecticut 2014 (HKLM-x32\...\{D429DFEE-49DF-4DFD-BE88-7B9D7A147632}) (Version: 1.14.3201 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block New York 2014 (HKLM-x32\...\{28BD4A92-3071-4FF3-8014-05CE6738780D}) (Version: 1.14.9101 - HRB Technology, LLC.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{A8F5C6B2-203C-4600-89DC-131A4E238A0D}_is1) (Version: 3.0.0.2 - )
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 10.9.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kodi (HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Legacy of Kain (HKLM-x32\...\KainUninstallKey) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Monkey Island 2 - Special Edition (HKLM-x32\...\1425039730_is1) (Version: 2.0.0.10 - GOG.com)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Mp3tag v2.80 (HKLM-x32\...\Mp3tag) (Version: v2.80 - Florian Heidenreich)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Panda Devices Agent (HKLM-x32\...\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}) (Version: 1.06.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.07 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\{293AA48A-DFC2-4F7D-9ED7-1A0F25CB5368}) (Version: 8.04.00.0000 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Pandora (HKLM-x32\...\{CF73D1C4-4D78-890A-BF35-E275B96E678E}) (Version: 2.0.10 - Pandora Media, Inc) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1) (Version: 2.0.10 - Pandora Media, Inc)
Plex Media Server (HKLM-x32\...\{8DAEC081-781E-42B6-AF13-366D8CEF94A5}) (Version: 0.9.914 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Realterm 2.0.0.70_SignedWrapper (HKLM-x32\...\Realterm) (Version: 2.0.0.70_SignedWrapper - Broadcast Equipment)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
ScummVM (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3815 - SoftMaker Software GmbH)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
techTab_Assistant_v2.5.55.08-beta (HKLM-x32\...\{87B656A6-BB38-49DD-9188-00CB69CE5D82}_is1) (Version:  - Kids Station company)
TigerGame XBOX+PS2+GC Game Controller Adapter (HKLM-x32\...\TigerGame XBOX+PS2+GC Game Controller Adapter) (Version:  - TigerGame.,Ltd)
TigerGame XBOX+PS2+GC Game Controller Adapter 2.0.1.0 (HKLM-x32\...\TigerGame XBOX+PS2+GC Game Controller Adapter_is1) (Version:  - )
Tony Hawk's Pro Skater 2 (HKLM-x32\...\Activision_THPS2UninstallKey) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
USB GamePad (HKLM-x32\...\{B8CDAD75-96FB-48A5-A2AE-6515DDEB7BFA}) (Version: 3.85 - My Company Name)
USB2.0 Audio Capture (HKLM\...\VID_1F4D&PID_0102&MI_00) (Version: 1.0.0.0 - Conexant Systems)
USB2.0 Video Capture (HKLM\...\VID_1F4D&PID_0102&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3272754585-3740627633-2259465754-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt9] -> {4E20B104-5D9F-4E01-A01E-100F08E345C9} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt9.dll [2014-08-11] (Cyberlink)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt9] -> {4E20B104-5D9F-4E01-A01E-100F08E345C9} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt9.dll [2014-08-11] (Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-25] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2017-01-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2015-10-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D03E21-A7DE-4A20-A9B8-2AF8FD90CAEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {064CE729-319E-40D0-952C-4306D5554533} - \AutoKMS -> No File <==== ATTENTION
Task: {06864373-B6BF-400C-9375-A59369DBF66B} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1003 -> No File <==== ATTENTION
Task: {07C63F30-CC61-4DA8-89B4-A32314D4DC2B} - System32\Tasks\AdobeAAMUpdater-1.0-NewBox-Eddo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {0BC6617A-159D-437A-963E-E6D561D5C996} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0E2B8FFB-7E77-49F1-B60F-1A648A255777} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0F28E823-FE89-465F-BB48-C1A380603654} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-11-03] ()
Task: {10D61DAE-0CF7-4C20-97C4-7DB8207F8BD0} - System32\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001 => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupload.exe [2017-11-04] (LogMeIn, Inc.)
Task: {136113AC-4BA9-47D6-929D-B5BAF03B17E0} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {18F12C5E-E31C-4EB8-867B-054FA16A8366} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-12] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D51DE77-DBDA-4768-82FA-892C02CA8F25} - System32\Tasks\{9EC98E1E-D577-4063-A101-7F2CD421FDBF} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\d1adb9266e39469034e2f89762f1b8f3.exe
Task: {3E204E7D-2182-4C66-A53F-5C5869DDF455} - System32\Tasks\Optimize Desktop Icon Cache => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\agent.ini" <==== ATTENTION
Task: {4C1C88A2-DDA6-443D-B9ED-1855F5F1AC5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-16] (Hewlett-Packard)
Task: {51E595E5-E67A-4229-9067-4923488A4019} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-18] (NVIDIA Corporation)
Task: {592F7247-C910-40F8-8682-A55BDD0DED3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {5F796300-5F4C-46EE-9F49-65A0E627725C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {660EC41E-3854-4516-AE33-DF9D0A646C0E} - System32\Tasks\Flexera® Software Manager => C:\Program Files (x86)\Common Files\InstallShield\Update\Agent.exe [2017-04-08] (Flexera Software LLC)
Task: {7C1EE98A-824C-4E88-A1CB-9A1D9AE3A36C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)
Task: {7F30C706-C153-464F-BC3A-552B920C3964} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1001 -> No File <==== ATTENTION
Task: {7FA477BA-A7E9-491A-939E-62E43D2679E5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {81497F1E-196D-435F-9D5C-4B9C75627BCA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {877D634A-1E27-483C-9296-CF4E7A7581DC} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {87C3D208-D26C-4C85-B113-BD0256204B87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {92AB854F-31A0-4985-8B1E-615BF28D6C35} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {94510185-753C-4645-BA79-4286DD81D90A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9716069D-70E7-4E73-BCCC-59BE2C54B132} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9D1DDACC-0270-45CC-A930-7214A72AE3ED} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9EE53C14-9B4A-4075-B784-0A598F7B7284} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A926C06F-073B-40E5-9A48-051918FA19B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AAE18D11-5CB3-46DA-82B9-F8EB31B04B07} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {B3574F1A-D1B6-414F-A8E9-AC48A324F57D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {BB521FCE-9382-4145-BA3C-DDF43FB4F99E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001 => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupdate.exe [2017-11-04] (LogMeIn, Inc.)
Task: {BFCA3808-85D2-450C-A23B-52F9386A721F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C039DBB7-AB4A-4AB3-A28E-3C9F1CEB6ECD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {C2042E4A-3697-4D83-A22C-72A8309E581E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {D0D65A77-E9FF-4AB2-8FB0-1EFE509B7E02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001UA => C:\Users\Eddo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D94F0EB5-2E3F-4294-8E4B-F432D668CE2F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)
Task: {DAACBF0E-C97C-4213-A287-7757FD6FA500} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-500 -> No File <==== ATTENTION
Task: {DDF8CA6E-3D79-4551-8D2C-4E114D9A936A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-18] (NVIDIA Corporation)
Task: {DE4BB2C2-C96E-4EAF-859B-3193F3DF11D5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-18] (NVIDIA Corporation)
Task: {DEC5719F-B261-487F-AE42-88C81592C9FC} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1002 -> No File <==== ATTENTION
Task: {E221193D-DB99-42F7-879D-E11DAC1E8346} - \DivXUpdate -> No File <==== ATTENTION
Task: {E3A65D34-D604-4AD4-A110-B0D56CBD34AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E44025DF-C969-4AE9-B2EE-E95912932F38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {E841D9AD-62AA-4E20-83AE-F6B803B55484} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272754585-3740627633-2259465754-1001Core => C:\Users\Eddo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {ED49DDF9-FF55-4EFB-B909-17F6A371A474} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE5E41DB-91D9-436A-9A07-A548EC040C98} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {F2BE4F06-759C-43C6-B89F-5BD10AF785C8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F3B2CA4C-78B2-40AB-B487-6A2F6A991A70} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-11-03] ()
Task: {F455D802-12AB-49D7-A462-BC26F6A7D545} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {F47C6EA2-66EE-498F-86AA-396C72322CCA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {F6483FEC-E6AE-4830-B236-629613071195} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F87EA494-2CC2-42DE-BD43-E103EA7D6F76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {F978E5B7-EE1F-4365-BA3E-8C1F0FD3DB34} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-18] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3272754585-3740627633-2259465754-1001.job => C:\Users\Eddo\AppData\Local\GoToMeeting\7881\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-12 20:36 - 2017-09-07 01:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-08-18 15:47 - 2013-10-23 13:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-26 15:58 - 2016-12-29 07:44 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-26 14:30 - 2013-08-19 19:07 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-05-28 20:45 - 2017-05-18 02:35 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-26 01:52 - 2017-09-26 01:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-09-06 17:12 - 2017-11-07 06:05 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-15 16:46 - 2016-09-06 23:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 12:45 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 12:46 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 12:46 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 12:46 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-11 09:35 - 2017-09-17 21:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-11 09:35 - 2017-09-17 21:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-11 09:35 - 2017-09-17 21:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 000612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2017-05-28 20:45 - 2017-05-18 02:35 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-10-18 10:18 - 2013-05-19 22:01 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMediaLibrary.dll
2013-05-20 10:02 - 2013-05-20 10:02 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvcPS.dll
2014-03-26 14:25 - 2013-08-12 04:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-11-13 17:23 - 000000841 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "deciphereddeciphered"
HKLM\...\StartupApproved\Run: => "deciphered"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "sublimatesublimate"
HKLM\...\StartupApproved\Run32: => "sublimate"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\StartupFolder: => "mcreynolds.lnk"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Power2GoExpress9"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "edifying"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "Tweakerbit Antimalware"
HKU\S-1-5-21-3272754585-3740627633-2259465754-1002\...\StartupApproved\Run: => "spawning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FDF89190-CA68-41A1-8318-8F943FEC0E04}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A7C780A4-3670-47B2-A19E-EE089E1C7504}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{8D0C5515-C04E-4BE8-B0A1-E9D400C87ABF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{A3D67AB2-BA67-4A56-8495-266285BB99A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{81C3FBBD-0B6D-4F89-B08C-27235DAE9038}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{BCCA3EA7-F0B4-43F5-B80D-C4F49B08FBA9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Volgarr\Volgarr.exe
FirewallRules: [{1324F2A2-7331-4191-B818-A7CFB404F45F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Volgarr\Volgarr.exe
FirewallRules: [{380E1544-7737-4E8C-93D2-2E6D05D00214}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA2733CE-7AA7-4ADD-862C-C05EB02197E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4BB72FDF-AAC8-42E8-8BFC-49DF97019DED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFD7A8C5-7821-4DA4-B931-B73562DF3FE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2753BF5C-DD40-4638-B7E4-2C3B394DBC20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{0B26B9EA-D068-482B-B3F9-95A58F72CD87}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{F2A77743-0BC1-4F21-B4D8-E0B5E6D86926}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD3057E7-795B-4D29-96C4-8EF81CC9C04F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9E56579E-33E5-46CC-B37C-763CA8C98220}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4AE585F7-1783-4E67-8F2C-1935920FE5B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{F5BDCDD8-9F7B-4F49-B1B4-63D7F3215C01}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{F619D47C-4AFE-4EAD-999E-75B541E8D27A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{D958C619-BB01-488A-8817-E0757EB82879}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C641A514-C086-4CF1-9475-E5615FD9E023}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{759AA4CB-51EE-402C-BD2A-07346EC4D7E1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{01A89B95-2BAC-4F90-A58B-CBD97F983B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F58C62EE-B2B8-4375-8172-AB40F707D819}] => (Allow) LPort=5556
FirewallRules: [{8B22C45C-9F09-42E3-832E-298D05368DEF}] => (Allow) LPort=5558
FirewallRules: [{9EC92BD9-F4DA-4F18-9C97-020AE8C7CE0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14C5E660-F729-45F4-A6AB-AF5FAF0185D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CD696F9-181A-4421-A25A-6C24F2C279BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DRAGON A Game About a Dragon\AGameAboutADragon.exe
FirewallRules: [{FA7407B0-F3B9-4118-8BE3-5F6D65962A9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DRAGON A Game About a Dragon\AGameAboutADragon.exe
FirewallRules: [{0958A7BC-0087-428A-9460-0F75E6E29446}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Guardian of Light\lcgol.exe
FirewallRules: [{722F0492-2382-4339-8FBA-8310550AD664}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Guardian of Light\lcgol.exe
FirewallRules: [TCP Query User{CCCA4FC1-54E5-4872-8474-03FDB05556B7}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [UDP Query User{BFAA2595-F440-4773-9D3A-0D79527BD7F4}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [TCP Query User{554623E3-87F1-4E22-81A7-AAF5436E6187}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [UDP Query User{8A8C92D4-741E-4D20-B126-A1A1CF770F13}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [TCP Query User{B43F88AB-23BC-4165-9DA8-15C8024ED388}C:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Block) C:\program files (x86)\plex\plex media server\plexdlnaserver.exe
FirewallRules: [UDP Query User{4B8724CB-9112-4DC0-A82A-77915A62579D}C:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Block) C:\program files (x86)\plex\plex media server\plexdlnaserver.exe
FirewallRules: [TCP Query User{CBB76B22-7F97-43E2-B9A5-B0AF989F49E7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{D04AFA2C-6840-4525-BA20-45DB3F37833E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{9A2CC934-EAC4-474E-9CD1-B3E9FAE2103A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Costume Quest\Cq.exe
FirewallRules: [{A20C5AA6-FC89-4816-9F2B-9E40C4B9FD72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Costume Quest\Cq.exe
FirewallRules: [{8C6F00B3-AEC3-4B2D-837F-7829C5041D33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2.exe
FirewallRules: [{B2CD4414-6BDE-47DC-8747-9851DFCE0613}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2.exe
FirewallRules: [{CE13744C-CEB5-496C-A7F8-FD91B6CE9631}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2_DX9.exe
FirewallRules: [{378E3805-2B18-4214-8B1A-6A4C3A75EDCB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CostumeQuest2\CostumeQuest2_DX9.exe
FirewallRules: [{803B3738-1CCD-4D4F-BBF6-2797EF8CC3E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{9C21E43D-6592-4A07-A271-67F33AFF107C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{B9EF4594-4F4F-4674-AF36-C45E5BB6C4EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{AF4F690A-B54F-4B4A-9475-39AE434F0E59}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{20DD59B4-3336-4BD7-9788-46C0E21B2102}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DuckTales Remastered\executable\DuckTales.exe
FirewallRules: [{067450CB-BD28-4278-A3E3-47A0D62BF111}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DuckTales Remastered\executable\DuckTales.exe
FirewallRules: [{22BEEECC-1D4C-4EB3-B12F-A0E8C3B01C64}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4105D685-C0C3-4204-82AD-D99C147BE0E4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0358C674-40B8-400E-BD42-E8F682BB05C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{11C29988-07B3-435B-B11D-7837EB796D15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{8300F7E9-9C0E-4BF8-B87D-06412470DC20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{AD0C72DF-66A0-4C09-A5DC-33C302D037D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{1AFB4225-017A-4709-B9D2-5D7B2349CED1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{54D16092-5D5E-4801-A637-B8048843B694}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{5C2405F6-8BC1-464F-AB85-255A1BEEC91D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{46537295-08AE-4D37-9A76-ACEEAF4EF67A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{81367DB2-07A5-4855-8731-04E3FB8A78CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wild_Animals_Animated_Jigsaws\Wild_Animals_Animated_Jigsaws.exe
FirewallRules: [{6738000D-7BE6-46C3-9251-EB01A913B827}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wild_Animals_Animated_Jigsaws\Wild_Animals_Animated_Jigsaws.exe
FirewallRules: [TCP Query User{950CE9AE-03CC-43CC-9B32-4E83311828B4}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{6EB044C8-092F-44D1-873A-3A23BB4F8223}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{61CFBB39-033E-450C-BA8C-0E0C8ECF371E}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{BD7AFB10-7275-41B6-BF71-780D6204BEEA}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{6D4E1213-05AC-4C00-8AFF-136C5973ECB3}F:\yooka-laylee\yookalaylee64.exe] => (Allow) F:\yooka-laylee\yookalaylee64.exe
FirewallRules: [UDP Query User{BC9F4183-8B08-4552-A14F-08845B699D8D}F:\yooka-laylee\yookalaylee64.exe] => (Allow) F:\yooka-laylee\yookalaylee64.exe
FirewallRules: [{28C0849E-F20B-4F1C-AE0E-D26395096890}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EE6729E1-B400-4144-AFEF-C65EC9AAAF34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C1511B0F-5B3D-401F-B673-4E37053B8DC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5A6BD130-9B8B-41EC-BA95-E0C4A86599AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA6DDE95-B810-46CA-9656-D31D28B214C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{931736E7-0146-4E34-8DC7-AEFC6D12E2EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{5E4159C0-E961-43D3-AC27-C5CD53B031E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶停杩潮慲整敢䙬湥停杩潮慲整敢䙬湥攮數
FirewallRules: [{570BC207-8259-41EE-94F4-74A081860CD9}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶停杩潮慲整敢䙬湥停杩潮慲整敢䙬湥⹟硥e
FirewallRules: [{7840C514-A613-4578-8331-7F7BB79EA424}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Mountain Adventure\Teddy Floppy Ear - Mountain Adventure.exe
FirewallRules: [{1626A2FD-3781-442B-AA23-E00C2005F8E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Mountain Adventure\Teddy Floppy Ear - Mountain Adventure.exe
FirewallRules: [{B5D08411-B2E1-4457-AA7B-3481862B1BD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Kayaking\Teddy Floppy Ear - Kayaking.exe
FirewallRules: [{AB15F145-E457-4495-8049-27C132C51719}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Teddy Floppy Ear - Kayaking\Teddy Floppy Ear - Kayaking.exe
FirewallRules: [TCP Query User{59F47727-758F-4660-9D5B-5D7936CEBC59}C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe] => (Allow) C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe
FirewallRules: [UDP Query User{0DA85E95-73FA-46D1-A745-15A08F1C50F0}C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe] => (Allow) C:\users\eddo\desktop\audio-cast-win32-ia32\audio-cast.exe
FirewallRules: [{3A51B062-A062-4B7D-A80D-B5B1DBE2D05B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FB1734BB-5F40-498A-8258-D2E8BF82B109}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{583DFB69-8C23-45B1-8C0F-9FFE1B53FAAA}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{78E21377-0F15-4862-BD77-D8BB81FE4396}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{83006CCC-0E27-409C-8A56-A1ED42FEA2FD}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{766F282C-5645-4CED-828C-B5F1860E2C39}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{F0C1CD90-4C59-424B-AE4D-67850EBA1A47}C:\users\eddo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eddo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{00D86792-944F-41F5-916D-E4477F489CB7}C:\users\eddo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eddo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{77686D71-CF84-4FCD-B25D-840C27F31853}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{65B831FC-AB49-46F9-B387-36672F6B5CDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{8F30B456-4768-4F07-B1FE-36B1CFAD09B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Water Worries\ScummVM_Windows\scummvm.exe
FirewallRules: [{D488B8A0-E94D-4B18-8815-B4C16A5A4058}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Water Worries\ScummVM_Windows\scummvm.exe
FirewallRules: [{B28ADFD0-6EAF-4C29-8104-866067538340}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Maze Madness\ScummVM_Windows\scummvm.exe
FirewallRules: [{5748EA0B-E7AE-46E7-A0E9-5432D8CA1E9E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish and Luthers Maze Madness\ScummVM_Windows\scummvm.exe
FirewallRules: [{EE56C6EF-77D8-44B9-833A-F5B69CA527B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 5\ScummVM_Windows\scummvm.exe
FirewallRules: [{1AF80441-3A7F-4E6E-BCA0-3F9FDE2776B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 5\ScummVM_Windows\scummvm.exe
FirewallRules: [{9E7AD6A9-2288-447E-8CAB-EBA6A2A7EF1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 4\ScummVM_Windows\scummvm.exe
FirewallRules: [{8DEC04D7-18FA-47C8-AB09-7B9DBEC786FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 4\ScummVM_Windows\scummvm.exe
FirewallRules: [{7D75E125-6D70-4150-8CEB-00027B5D7218}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 3\ScummVM_Windows\scummvm.exe
FirewallRules: [{4544553E-E11F-4DD7-99B2-47E16F2508B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 3\ScummVM_Windows\scummvm.exe
FirewallRules: [{CB8AB971-615F-4F16-B57F-9231EA1EADB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{3E413850-897F-4641-890B-E34967892BE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Freddi Fish 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{027C713D-2CAA-426D-8C20-53454481A96C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E7C3BDD5-C0E1-43C6-8192-FF7D7BABE712}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{5F0C0895-F1F6-4694-95FF-5BB63ED1F028}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{EA9A9AD4-3A99-4CE4-ACBB-78A59EFD4931}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{2E54E754-8225-462C-AA91-66648FFAF79F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{6FE2C493-1022-47A2-A1C0-7A87CEEEEA0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{1022C863-5B33-48CD-91D2-D649BC264E60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{E0A85ACF-DD13-4499-A3FC-80C9928442BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [{3E8CBC50-F65D-4C3F-910D-74A7D45BFC4E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [{6E9D770B-B9E5-4E4A-9E6E-79D48D8E1543}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CAYNE\cayne.exe
FirewallRules: [{2DEE1210-BDBE-4911-ADCD-E1DCED85C7EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CAYNE\cayne.exe
FirewallRules: [TCP Query User{5F848F19-49CE-4268-992A-D52632459801}C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe
FirewallRules: [UDP Query User{FBCFC609-2EFA-4D50-9B9E-55BB24B8590C}C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe
FirewallRules: [{09491FAF-02BD-41C6-920B-5412C5428E18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8DAYS_Demo\8DAYS.exe
FirewallRules: [{56165FD7-E897-4435-A4A1-BE07647F4A0B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8DAYS_Demo\8DAYS.exe
FirewallRules: [TCP Query User{E4E374FC-6AE6-41B4-A70F-654B7BB95484}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9F6DEC7-C131-4104-A52D-2DD060C8C054}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{36C4894E-EC54-49F1-84B8-CDA5B3C72C7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zwuggels - Beach Holidays\zwuggels_beach_holidays.exe
FirewallRules: [{1F981726-43B2-4061-9902-375C629B204D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zwuggels - Beach Holidays\zwuggels_beach_holidays.exe
FirewallRules: [{54897423-FC69-44A3-A998-CCD038823BD0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{BFCE82A4-6AC8-425A-958F-57EBE5F998B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC7B4564-79A0-418B-9966-E8E8EE1DE7AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{24ABF677-B4A3-464C-BBF2-2E251245DFF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kitten adventures in city park\cat-game.exe
FirewallRules: [{EAAE9242-35A6-4DFC-A230-2F8B389A149E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kitten adventures in city park\cat-game.exe
FirewallRules: [{ACBDCF31-2149-488E-BE73-BF29D313489D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\It's Spring Again\Spring.exe
FirewallRules: [{A4A7C6B7-9BD3-42A4-B6D5-42A326205E90}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\It's Spring Again\Spring.exe

==================== Restore Points =========================

14-11-2017 17:02:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2017 07:48:04 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:43:04Z. Error Code: 0x80070005.

Error: (11/14/2017 07:47:34 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:42:34Z. Error Code: 0x80070005.

Error: (11/14/2017 07:47:04 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:43:04Z. Error Code: 0x80070005.

Error: (11/14/2017 07:46:34 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:42:34Z. Error Code: 0x80070005.

Error: (11/14/2017 07:46:04 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:43:04Z. Error Code: 0x80070005.

Error: (11/14/2017 07:45:34 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:42:33Z. Error Code: 0x80070005.

Error: (11/14/2017 07:45:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:43:03Z. Error Code: 0x80070005.

Error: (11/14/2017 07:44:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:42:33Z. Error Code: 0x80070005.

Error: (11/14/2017 07:44:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-15T02:43:03Z. Error Code: 0x80070005.

Error: (11/14/2017 07:43:46 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1708) SRUJet: Database recovery/restore failed with unexpected error -1032.


System errors:
=============
Error: (11/14/2017 07:45:53 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (11/14/2017 07:44:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (11/14/2017 07:42:54 PM) (Source: DCOM) (EventID: 10016) (User: NewBox)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user NewBox\Admin SID (S-1-5-21-3272754585-3740627633-2259465754-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2017 07:42:54 PM) (Source: DCOM) (EventID: 10016) (User: NewBox)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user NewBox\Admin SID (S-1-5-21-3272754585-3740627633-2259465754-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2017 07:42:54 PM) (Source: DCOM) (EventID: 10016) (User: NewBox)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user NewBox\Admin SID (S-1-5-21-3272754585-3740627633-2259465754-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2017 07:42:54 PM) (Source: DCOM) (EventID: 10016) (User: NewBox)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user NewBox\Admin SID (S-1-5-21-3272754585-3740627633-2259465754-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2017 07:42:54 PM) (Source: DCOM) (EventID: 10016) (User: NewBox)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user NewBox\Admin SID (S-1-5-21-3272754585-3740627633-2259465754-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2017 07:42:53 PM) (Source: DCOM) (EventID: 10016) (User: NewBox)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user NewBox\Admin SID (S-1-5-21-3272754585-3740627633-2259465754-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2017 07:42:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2017 07:42:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TeamViewer service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2017-11-14 16:22:08.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 16:48:48.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 15:50:47.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 15:26:33.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-13 15:26:26.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 22:09:40.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 22:08:11.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 22:06:38.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 21:49:44.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-12 21:19:04.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16323.07 MB
Available physical RAM: 13287.22 MB
Total Virtual: 16723.07 MB
Available Virtual: 13436.39 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:222.54 GB) (Free:77.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:9.57 GB) (Free:1.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:4.08 GB) (Free:0 GB) UDF
Drive f: (Secondary) (Fixed) (Total:920.02 GB) (Free:513.81 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1AE24ED8)

Partition: GPT.

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 87C52754)

Partition: GPT.

==================== End of Addition.txt ============================



#6 bantadant

bantadant
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 14 November 2017 - 08:30 PM

I was able to remove the unwanted items from the Startup tab in msconfig by removing the registry entries with regedit.   I also ran a followup scan with both Panda Antivirus and Malwarebytes, and no results were found, so I'm considering this a success.  Thank you for your help with this.  I really appreciate it.



#7 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 15 November 2017 - 02:26 AM

So Malware stopped blocking antivirus programs now?

---


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
Start::
CreateRestorePoint:
CloseProcesses:
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
S3 MFE_RR; \??\C:\Users\Admin\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S3 MSPCLOCK; \SystemRoot\system32\DRIVERS\MSPCLOCK.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
S3 udiskMgr; system32\drivers\ybehlo.sys [X]
2017-11-13 18:58 - 2016-08-11 02:50 - 000000000 ____D C:\Users\DefaultAppPool\Documents\hp.system.package.metadata
C:\Users\Eddo\caffeine.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
Task: {01D03E21-A7DE-4A20-A9B8-2AF8FD90CAEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {064CE729-319E-40D0-952C-4306D5554533} - \AutoKMS -> No File <==== ATTENTION
Task: {06864373-B6BF-400C-9375-A59369DBF66B} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1003 -> No File <==== ATTENTION
Task: {0BC6617A-159D-437A-963E-E6D561D5C996} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {136113AC-4BA9-47D6-929D-B5BAF03B17E0} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {3E204E7D-2182-4C66-A53F-5C5869DDF455} - System32\Tasks\Optimize Desktop Icon Cache => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\agent.ini" <==== ATTENTION
Task: {7F30C706-C153-464F-BC3A-552B920C3964} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1001 -> No File <==== ATTENTION
Task: {7FA477BA-A7E9-491A-939E-62E43D2679E5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {877D634A-1E27-483C-9296-CF4E7A7581DC} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {92AB854F-31A0-4985-8B1E-615BF28D6C35} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {94510185-753C-4645-BA79-4286DD81D90A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9716069D-70E7-4E73-BCCC-59BE2C54B132} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9D1DDACC-0270-45CC-A930-7214A72AE3ED} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9EE53C14-9B4A-4075-B784-0A598F7B7284} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A926C06F-073B-40E5-9A48-051918FA19B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DAACBF0E-C97C-4213-A287-7757FD6FA500} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-500 -> No File <==== ATTENTION
Task: {DEC5719F-B261-487F-AE42-88C81592C9FC} - \Optimize Start Menu Cache Files-S-1-5-21-3272754585-3740627633-2259465754-1002 -> No File <==== ATTENTION
Task: {E221193D-DB99-42F7-879D-E11DAC1E8346} - \DivXUpdate -> No File <==== ATTENTION
Task: {ED49DDF9-FF55-4EFB-B909-17F6A371A474} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F2BE4F06-759C-43C6-B89F-5BD10AF785C8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F6483FEC-E6AE-4830-B236-629613071195} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
VirusTotal: C:\Program Files (x86)\Lik\bedding.exe
VirusTotal: C:\Program Files (x86)\Biome\bedding.exe
FirewallRules: [{5E4159C0-E961-43D3-AC27-C5CD53B031E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶停杩潮慲整敢䙬湥停杩潮慲整敢䙬湥攮數
FirewallRules: [{570BC207-8259-41EE-94F4-74A081860CD9}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶停杩潮慲整敢䙬湥停杩潮慲整敢䙬湥⹟硥e

End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 18 November 2017 - 02:39 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:22 PM

Posted 21 November 2017 - 11:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users