Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opened MSIL.Agent.BNY exe file, scans can't find it


  • This topic is locked This topic is locked
10 replies to this topic

#1 ek0552

ek0552

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 17 November 2017 - 10:54 PM

I was foolishly tricked into opening an exe file and I'm trying to confirm I wasn't actually infected. When I double clicked, I saw a Windows popup as if an application crashed, but it disappeared before I could catch any of the details. I immediately ran a Windows Defender quick scan, but nothing showed (no other live protection installed). I uploaded the file to virustotal and half the engines showed it as a virus, so I immediately downloaded Avast free while running back-to-back scans with (already downloaded but ~7-day stale virus signatures) Spybot and SUPERAntiSpywhere--again, no infections shown.

 

I installed Avast Free, unplugged internet, and proceeded to run full scans (Avast recognized the exe file and I deleted it successfully through the results page). I then ran a boot scan via Avast (replugged into internet first to download the additional signature files that it suggested), which (coincidentally and unrelated?) picked up a Java:Bitcoin-A [Trj] infection (successfully moved this to Virus Chest) and it also flagged blk00129.dat as infected with anticad-4096 (my research on this suggested that it was a false positive on the Bitcoin Core data files, so I ignored this). No other items found. I then ran Windows Defender Offline scan, which came up clean. I've uploaded my HijackThis logs to auto analyzer sites, and they also come up clean. 

 

**In my C:\windows\temp folder, I am noticing something peculiar--perhaps it's normal? I selected everything and deleted what wasn't "in use", and only a few avast folders and a VulkanRT folder remained, and a .tmp (0kb) file that is constantly changing, too fast for me to select and delete it. The file name begins SEP***.tmp and the other 3 or 4 characters are changing in what seems to be a random pattern. No other symptoms so far... but would very much appreciate a look over of my logs!

 

I ran a FRST scan in safe mode, with options checked as instructed on the guide. FRST.txt and Addition.txt will be in reply (post too long). I am also planning to run the Malwarebytes rootkit tool next and will report back if anything shows up. Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2017
Ran by Eric (administrator) on ERIC-HTPC (17-11-2017 18:15:51)
Running from D:\My Files\Downloads
Loaded Profiles: Eric (Available Profiles: Eric)
Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [aRunMaincpl] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\MainCpl.exe [56320 2013-03-18] ()
HKLM\...\Run: [aOSD] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\osd.exe [117072 2015-06-15] (Chicony)
HKLM\...\Run: [aHScrollutility] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\HScrollFun.exe [73344 2016-03-11] (Lenovo)
HKLM\...\Run: [aSetSpeed] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\SetSpeed.exe [63824 2013-04-08] (Lenovo)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-16] (AVAST Software)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [aHScrollutility] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\HScrollFun.exe [73344 2016-03-11] (Lenovo)
HKLM-x32\...\Run: [aOSD] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\osd.exe [117072 2015-06-15] (Chicony)
HKLM-x32\...\Run: [aSetSpeed] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\SetSpeed.exe [63824 2013-04-08] (Lenovo)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Run: [Google Update] => C:\Users\Eric\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Run: [Media Monkey Remote Server] => C:\Program Files (x86)\MediaMonkey Remote Server\MediaMonkey Remote Server.exe [351232 2016-01-20] ()
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Run: [Spotify Web Helper] => C:\Users\Eric\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-13] (Spotify Ltd)
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => No File
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk [2010-10-22]
ShortcutTarget: Process Explorer.lnk -> C:\System Tools\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
 
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles.lnk [2012-11-14]
ShortcutTarget: ToggleHiddenFiles.lnk -> C:\System Tools\System Files\ToggleHiddenFiles.exe ()
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{712de4c9-b41c-4476-a6cc-a53aaf3185ab}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{c9ee0c7a-0585-4990-b466-e46775935469}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{def0258f-a34e-436f-a697-9cc909bab57e}: [DhcpNameServer] 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137
Tcpip\..\Interfaces\{f6029bb1-65c2-41cc-8794-5e49e8b885cf}: [DhcpNameServer] 78.46.223.24 162.242.211.137
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-16] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-16] (Oracle Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-16] (Oracle Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll [2010-03-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-16] (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll [2010-03-24] (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8bfi9nt0.default [2017-11-16]
FF NewTab: Mozilla\Firefox\Profiles\8bfi9nt0.default -> hxxp://search.swagbucks.com/?f=51
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\8bfi9nt0.default -> Bing
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\8bfi9nt0.default -> hxxp://www.bing.com/search?FORM=DCF1DF&PC=DCF1&q=
FF Homepage: Mozilla\Firefox\Profiles\8bfi9nt0.default -> hxxp://search.swagbucks.com/?f=51
FF Keyword.URL: Mozilla\Firefox\Profiles\8bfi9nt0.default -> hxxp://www.bing.com/search?FORM=DCF1DF&PC=DCF1&q=
FF Extension: (Avast Online Security) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8bfi9nt0.default\Extensions\wrc@avast.com.xpi [2017-11-16]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF Extension: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011-04-24] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-05-15] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-16] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-2962414311-339052606-3791041055-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2962414311-339052606-3791041055-1000: @talk.google.com/O1DPlugin -> C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2962414311-339052606-3791041055-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2962414311-339052606-3791041055-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Eric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Eric\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.hbogo.com/#home/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default [2017-11-17]
CHR Extension: (Entanglement Web App) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-09-05]
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Honey) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-11-15]
CHR Extension: (Adblock Plus) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-29]
CHR Extension: (Google Search) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Play Music) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-10-18]
CHR Extension: (Forecastfox) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2011-03-03]
CHR Extension: (Disconnect) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-06]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-10-26]
CHR Extension: (Poppit!) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-09-19]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
StartMenuInternet: Google Chrome - C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-01] (SUPERAntiSpyware.com)
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed]
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-16] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-16] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-26] (Dropbox, Inc.)
S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.)
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S2 logonsetsvc; C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\set\logonsetsvc.exe [250024 2013-04-23] (LENOVO) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [414344 2017-11-07] ()
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S2 ThinkPadKBSvc; C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\ThinkPadKBSvc.exe [250192 2013-03-22] (LENOVO)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [38320 2016-12-25] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-16] (AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-16] (AVAST Software s.r.o.)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-16] (AVAST Software s.r.o.)
S0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-16] (AVAST Software s.r.o.)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-16] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-16] (AVAST Software)
S1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-16] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-16] (AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-16] (AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-16] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-16] (AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-16] (AVAST Software)
S3 gbridge; C:\WINDOWS\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-17] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-17] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-17] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-17] (Malwarebytes)
S3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R0 mv61xx; C:\WINDOWS\System32\drivers\mv61xx.sys [179752 2009-08-05] (Marvell Semiconductor, Inc.)
S2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-01-01] (CACE Technologies, Inc.)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-26] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-17 18:12 - 2017-11-17 18:15 - 000000000 ____D C:\FRST
2017-11-17 18:11 - 2017-11-17 18:12 - 000271936 _____ C:\WINDOWS\ntbtlog.txt
2017-11-17 15:50 - 2017-11-17 18:10 - 097779712 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-11-17 15:45 - 2017-11-17 15:50 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-11-17 00:24 - 2017-11-17 18:11 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-17 00:24 - 2017-11-17 18:11 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-17 00:24 - 2017-11-17 15:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-17 00:24 - 2017-11-17 15:54 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-17 00:24 - 2017-11-17 00:24 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-17 00:03 - 2017-11-17 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-17 00:03 - 2017-11-17 00:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-17 00:03 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-16 23:59 - 2017-11-16 23:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-11-16 23:59 - 2017-11-16 23:59 - 000000000 ____D C:\Program Files (x86)\QuickTime
2017-11-16 23:59 - 2010-11-29 14:38 - 000094208 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTimeVR.qtx
2017-11-16 23:59 - 2010-11-29 14:38 - 000069632 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTime.qts
2017-11-16 23:58 - 2017-11-16 23:58 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-11-16 23:58 - 2017-11-16 23:58 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Sun
2017-11-16 23:57 - 2017-11-16 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-16 23:57 - 2017-11-16 23:57 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-16 23:57 - 2017-11-16 23:57 - 000000000 ____D C:\ProgramData\Oracle
2017-11-16 23:54 - 2017-11-16 23:54 - 000002024 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-11-16 23:54 - 2017-11-16 23:54 - 000000000 ____D C:\Users\Eric\AppData\Roaming\AVAST Software
2017-11-16 23:53 - 2017-11-17 14:57 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-16 23:53 - 2017-11-16 23:53 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-16 23:53 - 2017-11-16 23:53 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-16 23:53 - 2017-11-16 23:53 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-16 23:52 - 2017-11-16 23:52 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-16 23:51 - 2017-11-17 08:49 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-15 18:27 - 2017-11-15 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-11-15 18:27 - 2017-11-15 18:27 - 000000000 ____D C:\Program Files (x86)\NordVPN
2017-11-15 18:09 - 2017-11-15 18:09 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-15 12:57 - 2017-11-15 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-14 20:24 - 2017-11-14 20:24 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-14 20:23 - 2017-11-14 20:23 - 000000000 ___HD C:\Users\Eric\MicrosoftEdgeBackups
2017-11-14 20:23 - 2017-11-14 20:23 - 000000000 ____D C:\ProgramData\USOShared
2017-11-14 20:22 - 2017-11-14 20:22 - 000000020 ___SH C:\Users\Eric\ntuser.ini
2017-11-14 20:20 - 2017-11-17 18:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-14 20:20 - 2017-11-17 16:44 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4BD4B495-53DF-4323-90FF-A0B4FA7AFCFB}
2017-11-14 20:20 - 2017-11-14 20:25 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2962414311-339052606-3791041055-1000
2017-11-14 20:20 - 2017-11-14 20:20 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-11-14 20:20 - 2017-11-14 20:20 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-11-14 20:20 - 2017-11-14 20:20 - 000003598 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000UA
2017-11-14 20:20 - 2017-11-14 20:20 - 000003546 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000UA1d260af53f14d8e
2017-11-14 20:20 - 2017-11-14 20:20 - 000003438 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-11-14 20:20 - 2017-11-14 20:20 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000Core
2017-11-14 20:20 - 2017-11-14 20:20 - 000003278 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000Core1d260af53ea224d
2017-11-14 20:20 - 2017-11-14 20:20 - 000003214 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-11-14 20:20 - 2017-11-14 20:20 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-14 20:20 - 2017-11-14 20:20 - 000002222 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-11-14 20:20 - 2017-11-14 20:20 - 000002110 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2017-11-14 20:20 - 2017-11-14 20:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-11-14 20:20 - 2017-11-14 20:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-14 20:20 - 2017-11-14 20:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-11-14 20:20 - 2017-11-14 20:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-11-14 20:17 - 2017-11-14 20:17 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-11-14 20:14 - 2017-11-15 17:22 - 000000000 ____D C:\Users\Eric\AppData\Local\Packages
2017-11-14 20:14 - 2017-11-14 20:14 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-14 20:13 - 2017-11-14 20:23 - 000000000 ____D C:\Users\Eric
2017-11-14 20:13 - 2017-11-14 20:17 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-14 20:09 - 2017-11-17 18:15 - 001178376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-14 20:09 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-14 20:08 - 2017-11-14 20:08 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-14 20:08 - 2017-10-27 09:50 - 000532088 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-11-14 20:08 - 2017-10-27 08:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-14 20:08 - 2017-09-13 15:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-14 20:08 - 2017-09-13 15:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-14 20:08 - 2017-09-13 15:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-14 20:08 - 2017-09-13 15:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-14 20:06 - 2017-11-17 15:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-14 20:06 - 2017-11-14 20:17 - 000221968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 20:04 - 2017-11-14 20:22 - 000000000 ____D C:\Windows.old
2017-11-14 20:01 - 2017-11-14 20:04 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-14 20:01 - 2017-11-14 20:01 - 000000000 ___DL C:\Users\Public\Recorded TV (1)
2017-11-14 20:01 - 2017-11-14 20:01 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-11-14 20:00 - 2017-11-14 20:01 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-14 20:00 - 2017-11-14 20:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-14 19:59 - 2017-11-14 19:59 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-14 19:59 - 2017-11-14 19:59 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-14 19:59 - 2017-11-14 19:59 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 19:59 - 2017-11-14 19:59 - 000000000 ____D C:\WINDOWS\containers
2017-11-14 19:58 - 2017-11-14 19:59 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-14 19:58 - 2017-11-14 19:58 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-14 19:58 - 2017-11-14 19:58 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-14 19:58 - 2017-11-14 19:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 19:57 - 2017-11-14 19:57 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-14 19:57 - 2017-11-14 19:57 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-11-14 19:57 - 2017-11-14 19:57 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-14 19:57 - 2017-11-14 19:57 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-11-14 19:57 - 2017-11-14 19:57 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-11-14 19:57 - 2017-11-14 19:57 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\WINDOWS\system32\msmq
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\Program Files\MSBuild
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-14 19:57 - 2017-11-14 19:57 - 000000000 ____D C:\inetpub
2017-11-14 19:15 - 2017-11-14 20:22 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-13 02:26 - 2017-11-13 02:26 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-13 02:26 - 2017-11-13 02:26 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-13 02:26 - 2017-11-13 02:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-13 02:26 - 2017-11-13 02:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-11-11 07:56 - 2017-11-11 07:56 - 000000000 ____D C:\Users\Eric\AppData\Local\AdvinstAnalytics
2017-11-10 20:35 - 2017-11-10 20:35 - 001001704 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20171110-203542.backup
2017-11-10 20:35 - 2017-11-10 19:51 - 001001793 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20171110-203541.backup
2017-11-10 19:51 - 2014-01-31 21:58 - 001051738 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20171110-195116.backup
2017-11-10 19:28 - 2017-11-14 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-10 19:28 - 2017-11-10 20:35 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-10 19:28 - 2017-11-10 19:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-10 19:28 - 2017-11-10 19:28 - 000001505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-10 19:28 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-11-09 20:53 - 2017-11-14 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-11-08 19:28 - 2017-10-27 09:50 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001615472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001331200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001044848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-08 19:28 - 2017-10-27 09:50 - 000225208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-11-08 19:28 - 2017-10-27 09:50 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-08 19:28 - 2017-10-27 09:50 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-08 19:28 - 2017-10-27 09:50 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-11-08 19:27 - 2017-10-27 09:50 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-08 19:27 - 2017-10-27 09:50 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-08 19:27 - 2017-10-27 09:50 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-08 19:27 - 2017-10-27 09:50 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-08 19:27 - 2017-10-27 09:50 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-08 19:27 - 2017-10-27 09:50 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-10-26 20:38 - 2017-11-14 20:16 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2017-10-26 20:38 - 2017-10-26 20:38 - 000000000 ____D C:\Program Files\Bitcoin
2017-10-26 20:11 - 2017-11-14 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-10-26 20:11 - 2017-11-09 20:04 - 000000000 ____D C:\Users\Eric\AppData\Roaming\qBittorrent
2017-10-26 20:11 - 2017-10-26 20:11 - 000000000 ____D C:\Users\Eric\AppData\Local\qBittorrent
2017-10-26 20:11 - 2017-10-26 20:11 - 000000000 ____D C:\Program Files\qBittorrent
2017-10-26 19:02 - 2017-10-26 19:02 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Dropbox
2017-10-26 18:51 - 2017-11-16 18:48 - 000000000 ____D C:\Users\Eric\AppData\Local\Dropbox
2017-10-26 18:51 - 2017-11-15 12:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-26 18:51 - 2017-11-10 19:06 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-26 18:51 - 2017-11-10 19:06 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-26 18:51 - 2017-10-26 18:51 - 000000000 ____D C:\ProgramData\Dropbox
2017-10-20 10:35 - 2017-10-10 17:05 - 001796032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-10-20 10:35 - 2017-10-10 17:05 - 001577920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-10-20 10:35 - 2017-10-10 17:05 - 000918976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-10-20 10:35 - 2017-10-10 17:05 - 000050624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-10-20 09:43 - 2017-11-14 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-10-20 09:43 - 2017-10-10 17:05 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-10-20 09:43 - 2017-10-10 17:05 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-10-20 09:43 - 2017-10-10 15:26 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-10-20 09:42 - 2017-10-27 08:36 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-10-20 09:40 - 2017-10-06 05:35 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438792.dll
2017-10-20 09:40 - 2017-10-06 05:35 - 001606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438792.dll
2017-10-20 09:34 - 2017-10-27 08:12 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-10-20 09:34 - 2017-10-27 08:12 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-10-20 09:34 - 2017-10-27 08:12 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-10-20 09:34 - 2017-10-27 08:12 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-10-20 09:34 - 2017-10-27 08:12 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-10-20 09:34 - 2017-10-27 08:12 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-10-20 09:34 - 2017-10-27 08:12 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-10-20 09:34 - 2017-10-25 02:33 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-10-20 09:28 - 2017-10-20 09:28 - 000000000 ____D C:\NVIDIA
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-17 18:11 - 2016-05-31 09:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-17 18:10 - 2017-09-29 00:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-17 17:22 - 2010-09-14 19:38 - 000000000 ____D C:\Users\Eric\AppData\Local\VirtualStore
2017-11-17 15:52 - 2016-09-26 23:07 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-17 15:43 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-17 15:30 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-17 15:30 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-17 08:49 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-17 00:56 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-17 00:22 - 2013-01-19 14:00 - 000000000 ____D C:\Users\Eric\Desktop\Tools
2017-11-17 00:03 - 2017-10-01 15:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-16 23:58 - 2017-07-12 21:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-16 23:58 - 2010-09-18 08:57 - 000000000 ____D C:\Program Files\Java
2017-11-16 23:57 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-16 23:57 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-16 23:57 - 2013-02-25 18:21 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-16 23:57 - 2010-09-18 08:10 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-16 23:47 - 2010-09-17 19:07 - 000000000 ____D C:\Users\Eric\AppData\Roaming\vlc
2017-11-16 21:06 - 2012-04-22 15:15 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Kodi
2017-11-15 21:24 - 2011-12-28 13:54 - 000000000 ____D C:\Users\Eric\AppData\Roaming\MediaMonkey
2017-11-15 18:27 - 2017-04-27 17:35 - 000000000 ____D C:\Users\Eric\AppData\Roaming\NordVPN
2017-11-15 18:27 - 2017-04-27 17:35 - 000000000 ____D C:\Users\Eric\AppData\Local\NordVPN
 
2017-11-15 18:13 - 2015-09-26 13:21 - 000000000 ____D C:\Users\Eric\Desktop\Media Tools
2017-11-15 17:23 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 04:48 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-14 20:25 - 2015-09-26 12:46 - 000002407 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-14 20:25 - 2015-09-26 12:46 - 000000000 ___RD C:\Users\Eric\OneDrive
2017-11-14 20:22 - 2017-09-29 07:05 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-14 20:22 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-14 20:22 - 2015-12-12 19:22 - 000000000 ___RD C:\Users\Eric\3D Objects
2017-11-14 20:22 - 2015-09-26 12:38 - 000000000 ____D C:\Users\Eric\AppData\Local\TileDataLayer
2017-11-14 20:22 - 2015-09-09 21:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-14 20:21 - 2017-09-29 00:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-14 20:20 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-14 20:20 - 2015-09-26 12:34 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-14 20:19 - 2017-09-29 05:46 - 000000000 __RSD C:\WINDOWS\media
2017-11-14 20:16 - 2017-04-01 16:32 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-11-14 20:16 - 2017-03-27 18:40 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2017-11-14 20:16 - 2013-03-14 11:33 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-14 20:16 - 2012-04-29 08:28 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2017-11-14 20:16 - 2011-01-15 14:02 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
2017-11-14 20:16 - 2011-01-15 13:58 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
2017-11-14 20:16 - 2010-10-05 17:10 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxee
2017-11-14 20:16 - 2010-09-18 06:47 - 000000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications
2017-11-14 20:16 - 2010-09-18 06:43 - 000000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
2017-11-14 20:15 - 2017-09-29 05:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-14 20:14 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-11-14 20:14 - 2013-01-09 19:39 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2017-11-14 20:14 - 2010-10-16 14:47 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware
2017-11-14 20:09 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-14 20:09 - 2017-04-11 15:57 - 000972260 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-11-14 20:09 - 2017-04-11 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkPad Keyboard Suite
2017-11-14 20:09 - 2016-09-26 23:07 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-14 20:07 - 2016-09-26 23:07 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-14 20:05 - 2017-09-29 05:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-14 20:04 - 2017-09-29 05:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\IME
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\schemas
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Help
2017-11-14 20:04 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-14 20:04 - 2017-04-11 15:18 - 000000000 ____D C:\Program Files\UNP
2017-11-14 20:04 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-14 20:04 - 2017-01-01 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 6.1
2017-11-14 20:04 - 2016-09-26 23:07 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-14 20:04 - 2016-09-03 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-11-14 20:04 - 2016-09-03 17:13 - 000000000 ____D C:\Program Files\Intel
2017-11-14 20:04 - 2016-05-14 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-14 20:04 - 2015-03-19 21:11 - 000000000 ____D C:\WINDOWS\system32\log
2017-11-14 20:04 - 2014-11-22 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-11-14 20:04 - 2014-05-23 01:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-11-14 20:04 - 2013-09-05 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MonkeyTunes
2017-11-14 20:04 - 2013-07-26 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-11-14 20:04 - 2013-04-10 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2017-11-14 20:04 - 2013-03-14 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-14 20:04 - 2013-01-19 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2017-11-14 20:04 - 2013-01-17 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2017-11-14 20:04 - 2012-12-04 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey Remote Server
2017-11-14 20:04 - 2012-05-11 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-14 20:04 - 2012-05-11 19:42 - 000000000 __SHD C:\WINDOWS\system32\%APPDATA%
2017-11-14 20:04 - 2012-04-21 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-11-14 20:04 - 2011-12-28 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2017-11-14 20:04 - 2011-12-25 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-11-14 20:04 - 2011-09-25 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey's Audio
2017-11-14 20:04 - 2011-05-15 11:58 - 000000000 __SHD C:\WINDOWS\SysWOW64\%APPDATA%
2017-11-14 20:04 - 2011-04-24 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2017-11-14 20:04 - 2011-04-11 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Browser
2017-11-14 20:04 - 2011-04-11 18:39 - 000000000 ____D C:\WINDOWS\system32\SPReview
2017-11-14 20:04 - 2011-04-11 18:39 - 000000000 ____D C:\WINDOWS\system32\EventProviders
2017-11-14 20:04 - 2011-01-17 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
2017-11-14 20:04 - 2011-01-15 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2017-11-14 20:04 - 2011-01-15 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-11-14 20:04 - 2011-01-15 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-11-14 20:04 - 2011-01-01 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-14 20:04 - 2010-10-05 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Channel Logos
2017-11-14 20:04 - 2010-09-25 07:46 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-11-14 20:04 - 2010-09-18 09:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
2017-11-14 20:04 - 2010-09-18 09:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applications
2017-11-14 20:04 - 2009-07-13 19:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-14 20:03 - 2017-09-29 05:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-14 20:01 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-14 20:01 - 2016-09-08 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend
2017-11-14 20:01 - 2013-01-19 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
2017-11-14 20:01 - 2013-01-09 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-11-14 20:01 - 2013-01-09 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell
2017-11-14 20:01 - 2011-01-08 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-14 19:59 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-14 19:59 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-14 19:59 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-14 19:59 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-14 19:59 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-14 19:59 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-14 19:59 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 19:59 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-14 19:57 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-11-14 19:49 - 2016-09-26 22:49 - 000008192 __RSH C:\BOOTSECT.BAK
2017-11-14 19:40 - 2017-10-17 16:13 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 19:40 - 2013-07-10 18:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-14 19:39 - 2010-09-15 18:05 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-14 00:02 - 2016-10-21 21:42 - 000000000 ____D C:\Users\Eric\AppData\Local\CrashDumps
2017-11-10 19:06 - 2014-05-23 01:20 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-09 20:53 - 2014-12-29 18:42 - 000000000 ____D C:\Program Files (x86)\Kodi
2017-11-09 19:49 - 2011-12-28 13:53 - 000000000 ____D C:\Program Files (x86)\MediaMonkey
2017-11-03 17:25 - 2017-09-29 05:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-03 17:25 - 2017-09-29 05:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-27 09:50 - 2017-09-29 06:42 - 000437696 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-10-26 19:43 - 2016-09-22 21:25 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-10-23 20:30 - 2016-09-28 19:35 - 000000000 ____D C:\Users\Eric\AppData\Local\NVIDIA Corporation
2017-10-20 10:11 - 2016-09-26 21:08 - 000000000 ____D C:\Users\Eric\AppData\Local\NVIDIA
2017-10-20 10:09 - 2010-10-06 18:33 - 000000000 ____D C:\Users\Eric\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2010-10-17 18:40 - 2015-09-10 05:27 - 000224256 _____ () C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-16 17:38 - 2010-09-16 17:38 - 000000017 _____ () C:\Users\Eric\AppData\Local\resmon.resmoncfg
2012-01-21 20:05 - 2012-01-21 20:05 - 000001955 _____ () C:\Users\Eric\AppData\Local\Temp1.html
2012-01-21 20:06 - 2012-01-21 20:06 - 000026842 _____ () C:\Users\Eric\AppData\Local\Temp20.html
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-14 20:06
 
==================== End of FRST.txt ============================

Edited by ek0552, 17 November 2017 - 11:36 PM.


BC AdBot (Login to Remove)

 


#2 ek0552

ek0552
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 17 November 2017 - 10:58 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2017
Ran by Eric (17-11-2017 18:16:24)
Running from D:\My Files\Downloads
Windows 10 Pro Version 1709 16299.64 (X64) (2017-11-15 04:22:40)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2962414311-339052606-3791041055-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2962414311-339052606-3791041055-503 - Limited - Disabled)
Eric (S-1-5-21-2962414311-339052606-3791041055-1000 - Administrator - Enabled) => C:\Users\Eric
Guest (S-1-5-21-2962414311-339052606-3791041055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2962414311-339052606-3791041055-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2962414311-339052606-3791041055-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Unbox Video (HKLM-x32\...\{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.1.0.126 - Amazon.com) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.1.0.126 - Amazon.com)
AOMEI Partition Assistant Standard Edition 6.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{963BFE7E-C350-4346-B43C-B02358306A45}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1363.0 - Microsoft Corporation)
Bing Bar Platform (HKLM-x32\...\{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}) (Version: 5.0.1423.0 - Microsoft Corporation) Hidden
Bitcoin Core (64-bit) (HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Bitcoin Core (64-bit)) (Version: 0.15.0 - Bitcoin Core project)
Bonjour (HKLM\...\{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}) (Version: 2.0.3.0 - Apple Inc.)
Boxee (HKLM-x32\...\BOXEE) (Version:  - Boxee)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) <==== ATTENTION
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 2 - Your Mom)
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DiskCheckup v3.1 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.1.1005 - PassMark Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.03.03 - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Google Chrome (HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
GPU Boost Driver (HKLM-x32\...\{B8887E02-C910-4498-A7C0-186ABFDCD110}) (Version: 1.00.00 - ASUS)
HandBrake 1.0.3 (HKLM-x32\...\HandBrake) (Version: 1.0.3 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{0C682623-8F66-46A8-B9B3-93FE1E66A001}) (Version: 10.1.1.4 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java™ 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Kodi (HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Kodi) (Version:  - XBMC-Foundation)
MakeMKV v1.7.4 (HKLM-x32\...\MakeMKV) (Version: v1.7.4 - GuinpinSoft inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7100 - Marvell)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Media Browser (HKLM-x32\...\{89A08369-DD80-41C6-966E-A8A057B03FFF}) (Version: 2.3.2.0 - Media Browser)
MediaInfo 0.7.57 (HKLM\...\MediaInfo) (Version: 0.7.57 - MediaArea.net)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MediaMonkey Remote Server version 1.5.282B (HKLM-x32\...\{DFE645FA-57F3-4EE8-8DD4-7521660D9C30}_is1) (Version: 1.5.282B - Erlend Dahl)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )
MonkeyTunes 1.7.5.1 (HKLM-x32\...\{5285987F-41E8-49B5-9143-72FE789C3FC8}_is1) (Version:  - Melloware Inc)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
My Channel Logos (HKLM\...\{85114F07-92FC-4B51-BBAA-AAFCB8F1E71C}) (Version: 1.22 -  My Channel Logos)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
NordVPN (HKLM-x32\...\{A18D9494-DE67-414D-8E9E-B65A91DD90E6}) (Version: 6.8.10 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.8.10) (Version: 6.8.10 - NordVPN)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Passware Kit Forensic 10.1 (HKLM-x32\...\{8F54D841-4334-49BC-AAB0-6DC4586CE812}) (Version: 10.1.1986 - Passware)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.3.16 (HKLM-x32\...\qBittorrent) (Version: 3.3.16 - The qBittorrent project)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
SABnzbd 2.3.1 (HKLM-x32\...\SABnzbd) (Version: 2.3.1 - The SABnzbd Team)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
ThinkPad Compact Keyboard with TrackPoint driver (HKLM-x32\...\{CF48A022-4ACC-465A-9441-4069BDCCDCAE}) (Version: 1.5.1.0 - Lenovo)
Transcend SSD Scope version 3.3.0 (HKLM-x32\...\{AD8E7B8B-EAD8-4B9F-882E-7970ABFACE34}_is1) (Version: 3.3.0 - Transcend Information, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WhoCrashed 3.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.9.2 - Shark007)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.62 - Christoph Grether)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
x64 Components v2.9.4 (HKLM\...\x64 Components_is1) (Version: 2.9.4 - Shark007)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\ChromeHTML: -> C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01EBD609-F1A4-4354-BFAD-F869F8F7AEF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {021C1AA9-98CA-4C24-A9C5-15C10FC73ED5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {0584ABBF-CB3C-4635-9A81-FBD8F6B6F34F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {060CBD35-3D75-4A82-92EB-9D1EB478B185} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {0D9D9401-A09C-4769-B7F6-4D4F378A6DA5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0E56DA47-B8C5-4C0F-8987-2853D95BA551} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0F31F9EA-B3D4-45AC-8674-83200A3CAB00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {169A98AD-A0D9-4862-B2A6-816763739442} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {17FB9F36-8F99-4604-9B2C-52DFD905D28D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {1CC78FCF-99BC-440E-81D5-1D88C4D4B02B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1E7DC61F-7BDE-40CC-B889-C1FE68CB0D56} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {210A4E44-0C6B-428E-8AE2-334164C6AA58} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000UA => C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {21E1BA98-6C78-41A0-89CA-4F418BD6925A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {246E7A1B-1620-49C8-9BD5-91C4474067D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29AE88D6-654E-46E7-90E7-2A75945839AA} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {2A230061-49F9-4588-BC4A-9F295A1547DE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2C068336-8EE5-4643-8F51-F84A31DB541C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2CF90C14-3187-4367-A497-C631B76A8C13} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {30420BF1-DD03-47C8-B348-9D8D8AF39C31} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C1B8971-7A54-4553-9F22-C14B0BC147C4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E0095ED-4513-4522-9632-FF3DB4B26EF7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E0E0F43-3E85-47F0-AF29-BD07012FD069} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-26] (Dropbox, Inc.)
Task: {442FAA20-7024-41EE-98D9-4EA081C0E8AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-14] (Microsoft Corporation)
Task: {4DA124B3-8A22-4678-BB81-DD7AD89F5EC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4DC5180F-76E0-466C-8FFC-9272ED9E0F95} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F87C871-CF05-44B8-9CED-3F640EA76D84} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-10-08] (ASUSTeK Computer Inc.)
Task: {545144E8-2858-43B3-BEAD-0F064F4B889D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {57480D60-F815-4B14-9474-DE3B15FC4AEB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {575E4413-3992-4B81-A45F-CDF889EF4B3B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5792FFF3-60CF-45A3-8300-372FA0BE7670} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {656C446E-A094-457A-9620-977AF9F64D3D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-16] (AVAST Software)
Task: {675A63EC-7299-47C6-8C51-C27B1DD99BC7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {746A7035-D228-4AE3-94D7-E88DB55C6A98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000Core1d260af53ea224d => C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {772B8551-4EE1-4048-AB72-2D2CD30AE3E8} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {7C2A7B05-DC5B-42DE-A285-44D92145EB4F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7FF3268E-0C4D-4F51-BD2F-DB7A0F8286C3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82A37E06-BE0E-4D10-B3AF-9A13547D630C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9042E1B1-91D3-43A8-8F40-F04E0A2903D6} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {98203EFA-0796-4DE1-BCF7-D669E3251041} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {990DEAA7-15D4-4F50-8F2F-7768CEC028F0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-16] (Adobe Systems Incorporated)
Task: {A38A6D5E-D284-44A7-A9E6-4CF181DDDBE9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A3CE165B-1E1E-43DD-AC6B-2B7BFDAF6CAE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {AB396A25-F8C4-4854-8FE2-9A4B09617B59} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC791526-5E3D-44F9-8FEA-897EB9F4FF8C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B25629F6-FA18-4FDB-BD28-C29C1520C8D7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {B4B98FAF-3771-420C-BDDC-8B370F97A949} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-12-01] (ASUSTeK Computer Inc.)
Task: {BCC03B91-63E1-469A-8E04-9CA42729A8A3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE9F2FDA-DE96-44A2-879D-00B86F0CCDC0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BEA6730F-AC51-499D-B8EF-16AFEE0F977A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [2017-08-03] (Piriform Ltd)
Task: {C03E4F3E-A398-4D46-931C-098505E77FAD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-26] (Dropbox, Inc.)
Task: {C4D5E1BF-5005-4E2B-AE0C-39676D76A01F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {C4FD8088-3E99-4D05-8194-92A900FEE860} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {C8CB915E-34EB-40B0-B33B-0E809BAAA315} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CE769C18-C589-4118-A220-F52632BAA95E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000Core => C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {CED99919-8CF9-4A6D-97BE-D0398FFFF215} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000UA1d260af53f14d8e => C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {D0D1D43E-6850-4D5F-9E9A-1B30623A424E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D8D1FAE3-D6D1-4124-95B6-350F13334755} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {DA8144CE-3809-4FD6-91D6-4CD992A0AB0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DFDA172F-1DE0-4ACD-8D2A-B43E7A244469} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {E5D56A5E-6A63-44CA-8C26-63D19158CAF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000Core.job => C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2962414311-339052606-3791041055-1000UA.job => C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-17 00:03 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 05:42 - 2017-09-29 06:42 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 05:42 - 2017-09-29 06:42 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-11 22:14 - 2017-11-11 22:14 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 22:14 - 2017-11-11 22:14 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\123simsen.com -> www.123simsen.com
 
There are 7937 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-01-14 13:43 - 2017-11-10 20:35 - 001001648 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl
127.0.0.1 ad2games.com
127.0.0.1 cms.ad2click.nl
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu
127.0.0.1 cl21.v4.adaction.se
 
There are 29891 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\Control Panel\Desktop\\Wallpaper -> C:\System Tools\System Files\Wallpapers\Earth-at-night-view-from-space-4k-wallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
MSCONFIG\startupreg: Gbridge => "C:\Program Files (x86)\Gbridge LLC\Gbridge\pstartw.exe" "C:\Program Files (x86)\Gbridge LLC\Gbridge\Gbridge.exe" -autostart
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2962414311-339052606-3791041055-1000\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{89A37BAD-AFEC-4547-993C-2151436C237A}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{770ED787-339A-4631-9A55-F5AD94358CAF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{E9A2F2AF-E90F-4DC4-A01F-91E396AD1C64}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [UDP Query User{8DCB0A4B-6E94-435A-8E3F-48BFC1AFAE07}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{64F39435-A55F-4D92-8069-777C6BF2B2F1}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{DCD99857-E32D-44C4-9F0A-228A71744278}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{8338C499-F1CA-4510-8B67-496123FD09D1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{302EB93B-902D-4AD3-A495-B60DD255388E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2847A95F-75E9-4AD7-A65B-9B2C75D16963}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4B60D7F-4670-4ABE-8089-3E0A85DA0944}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66047273-4884-44AD-B1AD-3C42E8CA7BE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{78AC32F2-2049-4705-B095-3E072F4C8AA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6DE8513C-0286-4918-B5A6-EBF3957E8860}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{6CE00F5A-E439-4733-BABC-DB880B78971F}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{8C4A7DD6-F8BB-4AEA-AE80-85225057212D}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{4F21C167-63B3-48FF-800B-E5F705998DA3}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{505328B4-BAF3-43EE-9AB2-351E822C12E1}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{9C4DFDB7-698D-4998-B567-F571F4F3A912}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EBEB9FA-EE42-4894-9401-F5CC73223527}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F58830B2-5904-4B69-BD00-72AB105700C8}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{567032C3-BD30-4C04-BC49-11D8ACF736AE}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{5430D3FF-2682-4D92-BCDF-AC37AA03D08E}C:\users\eric\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eric\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7E346402-037F-41BC-B038-875C1E34E8BC}C:\users\eric\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eric\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{1DC89C46-BBB3-4AEB-99E2-C2ABF2E085EC}C:\users\eric\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\eric\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{53EC4CF3-A128-494F-B38A-C5F6F88EF883}C:\users\eric\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\eric\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{A04894C0-C7C1-4FB2-8EE1-70EF86901467}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{899A984C-0037-4530-AFD5-534A31229CB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9FA17B7D-6B1D-48F1-A4EA-00D0E97E6A00}] => (Allow) LPort=3689
FirewallRules: [UDP Query User{DDA51A36-C4CA-48B6-8BFE-448B8DA6C179}C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe] => (Block) C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [TCP Query User{5B319E25-1E46-4633-9930-631FC407E73A}C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe] => (Block) C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [UDP Query User{7073085C-5FB4-4F9D-9995-1DC116977EA1}C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [TCP Query User{36215BA0-965B-4090-AA87-90C39A0CB3EF}C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\eric\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [{361355A5-00DF-412D-B3CE-5B9B3B635C8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{E90ACD79-BCCF-4B60-8C92-064815C03085}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{33E03D24-0DBB-419E-8C86-28D9E63B653C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{12C905F7-B4AF-4749-B6CE-AFD222E843C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{9D140CB7-FE24-4494-9C62-2F85C66B754B}C:\program files (x86)\couchpotato\couchpotato.exe] => (Allow) C:\program files (x86)\couchpotato\couchpotato.exe
FirewallRules: [TCP Query User{BD392B37-1239-46A6-9F17-E062141E726C}C:\program files (x86)\couchpotato\couchpotato.exe] => (Allow) C:\program files (x86)\couchpotato\couchpotato.exe
FirewallRules: [UDP Query User{A106F906-83A0-4ABD-8DE7-DCF8464C904F}C:\users\eric\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\eric\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{DF18C732-6989-496E-BA1A-BF0F94981BBB}C:\users\eric\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\eric\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{20BF6FE1-769B-4661-A997-EF4C5AB85893}C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe] => (Block) C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [TCP Query User{0F76731F-9B96-4384-BD00-6DE266F91AAE}C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe] => (Block) C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [UDP Query User{08F92AB7-DDC9-466E-A94F-57290F535E88}C:\users\eric\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eric\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{41C6C353-76BE-4640-B79F-102AD8386E93}C:\users\eric\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eric\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7463C8F6-F74B-44E4-9FE8-542E0D65A821}C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe] => (Allow) C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [TCP Query User{427A0AC8-A1E6-4798-9A98-F9A01EDECA78}C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe] => (Allow) C:\program files (x86)\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [UDP Query User{B3DF6DB6-A1B4-4199-9ACD-91A21C16653E}C:\python27\python.exe] => (Block) C:\python27\python.exe
FirewallRules: [TCP Query User{A3618058-E6D9-4ED2-B291-DD3CC88631CA}C:\python27\python.exe] => (Block) C:\python27\python.exe
FirewallRules: [UDP Query User{F470E3E3-111A-494A-8CE4-AC7DF7B57D68}D:\sickbeard\sickbeard.exe] => (Block) D:\sickbeard\sickbeard.exe
FirewallRules: [TCP Query User{1108B7AA-1ABA-468E-8D89-42B9CB9473B6}D:\sickbeard\sickbeard.exe] => (Block) D:\sickbeard\sickbeard.exe
FirewallRules: [UDP Query User{E00FFD63-3961-4735-ADCC-0D3664CFADB5}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [TCP Query User{E9D1ED69-0F50-4FD5-B4C0-1DBA136D969B}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [UDP Query User{FBFF802B-31C0-4C47-A2A6-4A4914A7E06D}D:\sickbeard\sickbeard.exe] => (Allow) D:\sickbeard\sickbeard.exe
FirewallRules: [TCP Query User{6BC2F0F6-CD9E-45FF-9F0F-7374FE306937}D:\sickbeard\sickbeard.exe] => (Allow) D:\sickbeard\sickbeard.exe
FirewallRules: [{B1D1BA77-7D95-4FA6-87F8-790A0FE039A4}] => (Allow) LPort=9083
FirewallRules: [{B34EB6F8-63AA-4B3C-AFFD-7435496DA8F2}] => (Allow) LPort=9083
FirewallRules: [{525783EB-BB3C-46BB-8828-50A27ED418A9}] => (Allow) LPort=9082
FirewallRules: [{7EE6FA98-6ED1-456B-94EC-C2FCA8400F37}] => (Allow) LPort=9082
FirewallRules: [{47E1E5C2-042F-4411-AEE8-B885DAADE53B}] => (Allow) LPort=9081
FirewallRules: [{E83DE6F0-F781-446F-9AC3-F9B2ED36EDCE}] => (Allow) LPort=9081
FirewallRules: [{DB355341-DD0C-4624-A801-39787195D95E}] => (Allow) LPort=9080
FirewallRules: [{4C64F6FA-2BD5-435A-A3C0-E640DE35F849}] => (Allow) LPort=9083
FirewallRules: [{314D8CCF-02C8-4FEF-92D7-D820B6BBBB56}] => (Allow) LPort=9083
FirewallRules: [{E0C23B5E-02E1-4886-BF37-1166955AE8FD}] => (Allow) LPort=9082
FirewallRules: [{6C48D077-574F-4EDD-A357-102DAA302FBA}] => (Allow) LPort=9082
FirewallRules: [{DE8F3AF6-129C-4144-A0D9-DB779316F451}] => (Allow) LPort=9081
FirewallRules: [{AC7E8777-914D-4706-929D-EBA3E9D39C66}] => (Allow) LPort=9081
FirewallRules: [{A4177FF7-1C5C-4737-8AC1-F8D4D51BCDD9}] => (Allow) LPort=9080
FirewallRules: [UDP Query User{AF42D6F5-EF96-4634-9361-F2A07422B880}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{8F84D51B-D6F0-42C8-8ACF-227615B121B4}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{999E1593-A1A4-46CE-AC38-35DE5AEFCBEE}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{C6BAA5B4-ADDA-4CB7-9D2A-C0D45041BEE5}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{5E8E53D7-2D2A-4F14-9CBE-290F82A04826}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{E9C068B7-E815-4216-A013-91C3B3CB3A27}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{3CFF8D98-8B5A-44A8-8D32-3AD26743E270}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{613D978E-77D5-4459-BD8B-EA1998F712F7}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{50EFB863-873A-4B17-A191-126D275FF8DE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D607D945-26B1-4D29-B01A-594963EA2EE4}] => (Allow) LPort=10777
FirewallRules: [UDP Query User{6591344F-9A88-4CE9-A7EF-E3E47E10AE68}C:\program files (x86)\boxee\boxee.exe] => (Allow) C:\program files (x86)\boxee\boxee.exe
FirewallRules: [TCP Query User{463F8542-7D75-4004-A18E-AA61FEA9A3D1}C:\program files (x86)\boxee\boxee.exe] => (Allow) C:\program files (x86)\boxee\boxee.exe
FirewallRules: [{588A08DD-8A95-4424-86A0-3F689AE93F98}] => (Allow) LPort=5016
FirewallRules: [{2A32F106-421F-467D-B1F5-50CE984C688D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hard Reset Redux\launcher.exe
FirewallRules: [{152FC0A4-9BE3-4D61-8272-34624DB4F159}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hard Reset Redux\launcher.exe
FirewallRules: [TCP Query User{0BA6B2F2-AF6F-4489-B496-FC7C5C92CF8C}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{19F1C485-E05A-4DFE-96BF-3569CF590844}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{38B23C40-174B-43C4-A185-2BA3ECB482C7}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5EBA7F4A-7462-4966-950A-87F5FC508433}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3BFCB8F2-D861-4C8B-954F-A12C37FD805C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2C7D45BA-FB7D-41DE-8B97-A2827D592171}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{AE5C3E7A-3949-43B4-B982-F854E2869C5D}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{88B90378-55BE-4212-BD11-BE94185177F8}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{0C368819-7D72-4BFE-B99A-7FEC40927D98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY IX\FF9_Launcher.exe
FirewallRules: [{13748767-F689-4E86-8769-CE8A158D7EEF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY IX\FF9_Launcher.exe
FirewallRules: [{7A6901A7-A70C-4F9C-90EE-5AC7E89ED82A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{70A91C59-8F50-4842-B709-45ED070CBDB6}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [TCP Query User{EC535835-C238-4D26-8AE8-A168176AE4B1}C:\program files\sabnzbd\sabnzbd.exe] => (Block) C:\program files\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{1D9837ED-05F9-4E9E-BFE4-FBD98F433A6B}C:\program files\sabnzbd\sabnzbd.exe] => (Block) C:\program files\sabnzbd\sabnzbd.exe
FirewallRules: [TCP Query User{5575D863-0634-4C07-B6B1-754CF3E31156}C:\program files\bitcoin\bitcoin-qt.exe] => (Block) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{96F96B97-ED54-41E5-BA85-176E788C41FB}C:\program files\bitcoin\bitcoin-qt.exe] => (Block) C:\program files\bitcoin\bitcoin-qt.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/17/2017 05:39:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 740: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (11/17/2017 08:39:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/17/2017 08:39:03 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (11/17/2017 08:39:02 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_64_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.
 
Error: (11/17/2017 08:39:02 AM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL ASP.NET_64_2.0.50727 in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.
 
Error: (11/17/2017 12:28:44 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/17/2017 12:28:44 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (11/17/2017 12:28:44 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/17/2017 12:28:44 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/17/2017 12:28:44 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (11/17/2017 06:16:55 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (11/17/2017 06:16:24 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/17/2017 06:16:06 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/17/2017 06:15:52 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/17/2017 06:14:00 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (11/17/2017 06:12:21 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/17/2017 06:12:09 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/17/2017 06:12:09 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/17/2017 06:12:09 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/17/2017 06:12:09 PM) (Source: DCOM) (EventID: 10005) (User: ERIC-HTPC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2017-11-17 18:07:06.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 18:07:06.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 18:06:57.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 18:06:57.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 18:06:53.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 18:06:53.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 18:00:10.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 18:00:10.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 17:45:11.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-17 17:45:11.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 661 @ 3.33GHz
Percentage of memory in use: 29%
Total physical RAM: 3966.04 MB
Available physical RAM: 2795.96 MB
Total Virtual: 7934.04 MB
Available Virtual: 6949.22 MB
 
==================== Drives ================================
 
Drive c: (Win10 SSD) (Fixed) (Total:118.8 GB) (Free:17.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data Disk) (Fixed) (Total:465.66 GB) (Free:84.31 GB) NTFS
Drive e: (Library A) (Fixed) (Total:1863.01 GB) (Free:162.2 GB) NTFS
Drive f: (Library B) (Fixed) (Total:2794.39 GB) (Free:33.6 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 66519F5E)
Partition 1: (Active) - (Size=118.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A90B3ADC)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=465.7 GB) - (Type=42)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D6C08F91)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 ek0552

ek0552
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 November 2017 - 12:18 AM

Quick updates: 

  • Discovered source of the changing .tmp files: Microsoft's seaport.exe. I disabled this in services and tmp files are no longer generating.
  • MBAR came up clean. But I just uninstalled Avast and replaced it with Webroot SecureAnywhere. Upon a first scan, I was okay, but restarted, and then did another scan, and it found a "Caution.Rootkit" infection in "System\CurrentControlSet\Services\MzqhFjx"  :smash:  Are my heuristics set too high? I think I'm going to stop for now until I get some professional help before I break things beyond repair... 

Edited by ek0552, 18 November 2017 - 03:31 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,548 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:29 PM

Posted 18 November 2017 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.

CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) <==== ATTENTION
This version was compromised. Get the latest version.
https://www.piriform.com/ccleaner/download

These old versions should be removed.
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
====

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AppInit_DLLs: C:\windows\system32\nvinitx.dll => No File
GroupPolicy: Restriction <==== ATTENTION
CHR Extension: (Poppit!) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-09-19]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {01EBD609-F1A4-4354-BFAD-F869F8F7AEF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0584ABBF-CB3C-4635-9A81-FBD8F6B6F34F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {169A98AD-A0D9-4862-B2A6-816763739442} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {21E1BA98-6C78-41A0-89CA-4F418BD6925A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2CF90C14-3187-4367-A497-C631B76A8C13} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4DA124B3-8A22-4678-BB81-DD7AD89F5EC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7C2A7B05-DC5B-42DE-A285-44D92145EB4F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {98203EFA-0796-4DE1-BCF7-D669E3251041} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BE9F2FDA-DE96-44A2-879D-00B86F0CCDC0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C8CB915E-34EB-40B0-B33B-0E809BAAA315} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DA8144CE-3809-4FD6-91D6-4CD992A0AB0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5D56A5E-6A63-44CA-8C26-63D19158CAF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any remaining issues.

#5 ek0552

ek0552
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 November 2017 - 12:51 PM

Thanks for helping, nasdaq. Here is the log output. Do you think I avoided infection? Anything else I should do to make sure there is nothing lurking anywhere?

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by Eric (18-11-2017 09:44:03) Run:1
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AppInit_DLLs: C:\windows\system32\nvinitx.dll => No File
GroupPolicy: Restriction <==== ATTENTION
CHR Extension: (Poppit!) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-09-19]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {01EBD609-F1A4-4354-BFAD-F869F8F7AEF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0584ABBF-CB3C-4635-9A81-FBD8F6B6F34F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {169A98AD-A0D9-4862-B2A6-816763739442} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {21E1BA98-6C78-41A0-89CA-4F418BD6925A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2CF90C14-3187-4367-A497-C631B76A8C13} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4DA124B3-8A22-4678-BB81-DD7AD89F5EC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7C2A7B05-DC5B-42DE-A285-44D92145EB4F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {98203EFA-0796-4DE1-BCF7-D669E3251041} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BE9F2FDA-DE96-44A2-879D-00B86F0CCDC0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C8CB915E-34EB-40B0-B33B-0E809BAAA315} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DA8144CE-3809-4FD6-91D6-4CD992A0AB0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5D56A5E-6A63-44CA-8C26-63D19158CAF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
"C:\windows\system32\nvinitx.dll" => Value data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
CHR Extension: (Poppit!) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-09-19] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => key removed successfully
HKU\S-1-5-21-2962414311-339052606-3791041055-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01EBD609-F1A4-4354-BFAD-F869F8F7AEF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01EBD609-F1A4-4354-BFAD-F869F8F7AEF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0584ABBF-CB3C-4635-9A81-FBD8F6B6F34F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0584ABBF-CB3C-4635-9A81-FBD8F6B6F34F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{169A98AD-A0D9-4862-B2A6-816763739442} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{169A98AD-A0D9-4862-B2A6-816763739442} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21E1BA98-6C78-41A0-89CA-4F418BD6925A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21E1BA98-6C78-41A0-89CA-4F418BD6925A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CF90C14-3187-4367-A497-C631B76A8C13} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CF90C14-3187-4367-A497-C631B76A8C13} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DA124B3-8A22-4678-BB81-DD7AD89F5EC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA124B3-8A22-4678-BB81-DD7AD89F5EC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C2A7B05-DC5B-42DE-A285-44D92145EB4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C2A7B05-DC5B-42DE-A285-44D92145EB4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98203EFA-0796-4DE1-BCF7-D669E3251041} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98203EFA-0796-4DE1-BCF7-D669E3251041} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE9F2FDA-DE96-44A2-879D-00B86F0CCDC0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE9F2FDA-DE96-44A2-879D-00B86F0CCDC0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8CB915E-34EB-40B0-B33B-0E809BAAA315} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8CB915E-34EB-40B0-B33B-0E809BAAA315} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA8144CE-3809-4FD6-91D6-4CD992A0AB0E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA8144CE-3809-4FD6-91D6-4CD992A0AB0E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5D56A5E-6A63-44CA-8C26-63D19158CAF0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5D56A5E-6A63-44CA-8C26-63D19158CAF0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28204725 B
Java, Flash, Steam htmlcache => 163759786 B
Windows/system/drivers => 2250218 B
Edge => 12973 B
Chrome => 90909423 B
Firefox => 42172136 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 39284 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Eric => 10287666 B
DefaultAppPool => 33058 B
 
RecycleBin => 0 B
EmptyTemp: => 329.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:44:39 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,548 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:29 PM

Posted 18 November 2017 - 02:12 PM

Hi,

I think so. Just to be on the save side run this scan.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

#7 ek0552

ek0552
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 November 2017 - 02:23 PM

I downloaded and installed it no problem, but I got an error message when it was trying to update saying that the tool cannot be started and to see the log file. I don't see any log file generated... any thoughts?



#8 ek0552

ek0552
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 November 2017 - 02:27 PM

I just tried to reinstall it again, but the setup file now says "Error 1606.Could not access network location data." It gave me an option to view the log before quitting the installer:

 

=== Verbose logging started: 11/18/2017  11:24:24  Build type: SHIP UNICODE 5.00.10011.00  Calling process: C:\WINDOWS\SysWOW64\msiexec.exe ===
MSI © (24:8C) [11:24:24:733]: Font created.  Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
 
MSI © (24:8C) [11:24:24:733]: Font created.  Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
 
MSI © (24:D0) [11:24:24:749]: Resetting cached policy values
MSI © (24:D0) [11:24:24:749]: Machine policy value 'Debug' is 0
MSI © (24:D0) [11:24:24:749]: ******* RunEngine:
           ******* Product: C:\Users\Eric\AppData\Local\Temp\nsq753B.tmp.dir\Sophos Virus Removal Tool.msi
           ******* Action: 
           ******* CommandLine: **********
MSI © (24:D0) [11:24:24:749]: Machine policy value 'DisableUserInstalls' is 0
MSI © (24:D0) [11:24:24:812]: Cloaking enabled.
MSI © (24:D0) [11:24:24:812]: Attempting to enable all disabled privileges before calling Install on Server
MSI © (24:D0) [11:24:24:827]: End dialog not enabled
MSI © (24:D0) [11:24:24:827]: Original package ==> C:\Users\Eric\AppData\Local\Temp\nsq753B.tmp.dir\Sophos Virus Removal Tool.msi
MSI © (24:D0) [11:24:24:827]: Package we're running from ==> C:\WINDOWS\Installer\551eb7.msi
MSI © (24:D0) [11:24:24:827]: APPCOMPAT: Uninstall Flags override found.
MSI © (24:D0) [11:24:24:827]: APPCOMPAT: Uninstall VersionNT override found.
MSI © (24:D0) [11:24:24:827]: APPCOMPAT: Uninstall ServicePackLevel override found.
MSI © (24:D0) [11:24:24:827]: APPCOMPAT: looking for appcompat database entry with ProductCode '{B829E117-D072-41EA-9606-9826A38D34C1}'.
MSI © (24:D0) [11:24:24:827]: APPCOMPAT: no matching ProductCode found in database.
MSI © (24:D0) [11:24:24:858]: MSCOREE not loaded loading copy from system32
MSI © (24:D0) [11:24:24:874]: Machine policy value 'DisablePatch' is 0
MSI © (24:D0) [11:24:24:874]: Machine policy value 'AllowLockdownPatch' is 0
MSI © (24:D0) [11:24:24:874]: Machine policy value 'DisableLUAPatching' is 0
MSI © (24:D0) [11:24:24:874]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI © (24:D0) [11:24:24:874]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
MSI © (24:D0) [11:24:24:874]: APPCOMPAT: looking for appcompat database entry with ProductCode '{B829E117-D072-41EA-9606-9826A38D34C1}'.
MSI © (24:D0) [11:24:24:874]: APPCOMPAT: no matching ProductCode found in database.
MSI © (24:D0) [11:24:24:874]: Transforms are not secure.
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Eric\AppData\Local\Temp\MSIa7d87.LOG'.
MSI © (24:D0) [11:24:24:874]: Command Line: CURRENTDIRECTORY=C:\Users\Eric\AppData\Local\Temp\nsq753B.tmp.dir CLIENTUILEVEL=0 CLIENTPROCESSID=8740 
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{301F9BA2-812F-434E-9975-D8DE90C67CBE}'.
MSI © (24:D0) [11:24:24:874]: Product Code passed to Engine.Initialize:           '{B829E117-D072-41EA-9606-9826A38D34C1}'
MSI © (24:D0) [11:24:24:874]: Product Code from property table before transforms: '{B829E117-D072-41EA-9606-9826A38D34C1}'
MSI © (24:D0) [11:24:24:874]: Product Code from property table after transforms:  '{B829E117-D072-41EA-9606-9826A38D34C1}'
MSI © (24:D0) [11:24:24:874]: Product registered: entering maintenance mode
MSI © (24:D0) [11:24:24:874]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI © (24:D0) [11:24:24:874]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI © (24:D0) [11:24:24:874]: Specifed source is not already in a list.
MSI © (24:D0) [11:24:24:874]: User policy value 'SearchOrder' is 'nmu'
MSI © (24:D0) [11:24:24:874]: Machine policy value 'DisableBrowse' is 0
MSI © (24:D0) [11:24:24:874]: Machine policy value 'AllowLockdownBrowse' is 0
MSI © (24:D0) [11:24:24:874]: Adding new sources is allowed.
MSI © (24:D0) [11:24:24:874]: Package name retrieved from configuration data: 'Sophos Virus Removal Tool.msi'
MSI © (24:D0) [11:24:24:874]: Note: 1: 2262 2: AdminProperties 3: -2147287038 
MSI © (24:D0) [11:24:24:874]: Machine policy value 'DisableMsi' is 0
MSI © (24:D0) [11:24:24:874]: Machine policy value 'AlwaysInstallElevated' is 0
MSI © (24:D0) [11:24:24:874]: User policy value 'AlwaysInstallElevated' is 0
MSI © (24:D0) [11:24:24:874]: Product {B829E117-D072-41EA-9606-9826A38D34C1} is admin assigned: LocalSystem owns the publish key.
MSI © (24:D0) [11:24:24:874]: Product {B829E117-D072-41EA-9606-9826A38D34C1} is managed.
MSI © (24:D0) [11:24:24:874]: Running product '{B829E117-D072-41EA-9606-9826A38D34C1}' with elevated privileges: Product is assigned.
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\Eric\AppData\Local\Temp\nsq753B.tmp.dir'.
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '8740'.
MSI © (24:D0) [11:24:24:874]: TRANSFORMS property is now: 
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '1033'.
MSI © (24:D0) [11:24:24:874]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\Favorites
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: D:\My Files\My Documents
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Recent
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\SendTo
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Templates
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Local
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: D:\My Files\My Pictures
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\Users\Eric\Desktop
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI © (24:D0) [11:24:24:874]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI © (24:D0) [11:24:24:874]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 32 
MSI © (24:D0) [11:24:24:890]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI © (24:D0) [11:24:24:890]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI © (24:D0) [11:24:24:890]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI © (24:D0) [11:24:24:890]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI © (24:D0) [11:24:24:890]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Eric'.
MSI © (24:D0) [11:24:24:890]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 
MSI © (24:D0) [11:24:24:890]: PROPERTY CHANGE: Adding Installed property. Its value is '2017/09/25 03:42:32'.
MSI © (24:D0) [11:24:24:890]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\WINDOWS\Installer\551eb7.msi'.
MSI © (24:D0) [11:24:24:890]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\Eric\AppData\Local\Temp\nsq753B.tmp.dir\Sophos Virus Removal Tool.msi'.
MSI © (24:D0) [11:24:24:890]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI © (24:8C) [11:24:24:890]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
=== Logging started: 11/18/2017  11:24:24 ===
MSI © (24:D0) [11:24:24:905]: Note: 1: 2205 2:  3: PatchPackage 
MSI © (24:D0) [11:24:24:905]: Machine policy value 'DisableRollback' is 0
MSI © (24:D0) [11:24:24:905]: User policy value 'DisableRollback' is 0
MSI © (24:D0) [11:24:24:905]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
MSI © (24:D0) [11:24:24:905]: Note: 1: 2203 2: C:\WINDOWS\Installer\inprogressinstallinfo.ipi 3: -2147287038 
MSI © (24:D0) [11:24:24:905]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI © (24:D0) [11:24:24:905]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI © (24:D0) [11:24:24:905]: Doing action: INSTALL
Action 11:24:24: INSTALL. 
Action start 11:24:24: INSTALL.
MSI © (24:D0) [11:24:24:921]: UI Sequence table 'InstallUISequence' is present and populated.
MSI © (24:D0) [11:24:24:921]: Running UISequence
MSI © (24:D0) [11:24:24:921]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
MSI © (24:D0) [11:24:24:921]: Doing action: AppSearch
Action 11:24:24: AppSearch. Searching for installed applications
Action start 11:24:24: AppSearch.
MSI © (24:D0) [11:24:24:921]: Note: 1: 2205 2:  3: AppSearch 
MSI © (24:D0) [11:24:24:921]: Note: 1: 2228 2:  3: AppSearch 4: SELECT `Property`, `Signature_` FROM `AppSearch` 
Action ended 11:24:24: AppSearch. Return value 0.
MSI © (24:D0) [11:24:24:921]: Skipping action: LaunchConditions (condition is false)
MSI © (24:D0) [11:24:24:921]: Doing action: SetupInitialization
Action 11:24:24: SetupInitialization. 
Action start 11:24:24: SetupInitialization.
MSI © (24:D0) [11:24:24:921]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetupInitialization' 
Info 2898.For Tahoma8 textstyle, the system created a 'Tahoma' font, in 0 character set.
Info 2898.For TahomaBold10 textstyle, the system created a 'Tahoma' font, in 0 character set.
Action 11:24:24: SetupInitialization. Dialog created
Action ended 11:24:24: SetupInitialization. Return value 1.
MSI © (24:D0) [11:24:24:983]: Doing action: FindRelatedProducts
Action 11:24:24: FindRelatedProducts. Searching for related applications
Action start 11:24:24: FindRelatedProducts.
MSI © (24:D0) [11:24:24:983]: Skipping FindRelatedProducts action: not run in maintenance mode
Action ended 11:24:24: FindRelatedProducts. Return value 0.
MSI © (24:D0) [11:24:24:983]: Skipping action: CCPSearch (condition is false)
MSI © (24:D0) [11:24:24:983]: Skipping action: RMCCPSearch (condition is false)
MSI © (24:D0) [11:24:24:983]: Doing action: ValidateProductID
Action 11:24:24: ValidateProductID. 
Action start 11:24:24: ValidateProductID.
Action ended 11:24:24: ValidateProductID. Return value 1.
MSI © (24:D0) [11:24:24:983]: Doing action: CostInitialize
Action 11:24:24: CostInitialize. Computing space requirements
Action start 11:24:24: CostInitialize.
MSI © (24:D0) [11:24:24:983]: Machine policy value 'MaxPatchCacheSize' is 10
MSI © (24:D0) [11:24:24:983]: Baseline: Sorting baselines for {B829E117-D072-41EA-9606-9826A38D34C1}.
MSI © (24:D0) [11:24:24:983]: Baseline: New baseline 2.6.1 from transaction.
MSI © (24:D0) [11:24:24:983]: Baseline: Sorted order Native: Order 0.
MSI © (24:D0) [11:24:24:983]: Baseline Data Table:
MSI © (24:D0) [11:24:24:983]: ProductCode: {B829E117-D072-41EA-9606-9826A38D34C1} Version: 2.6.1 Attributes: 0 PatchId: Native BaselineId: -2147483648 Order: 0
MSI © (24:D0) [11:24:24:983]: Baseline File Table:
MSI © (24:D0) [11:24:24:999]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'E:\'.
MSI © (24:D0) [11:24:24:999]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
Action ended 11:24:24: CostInitialize. Return value 1.
MSI © (24:D0) [11:24:24:999]: Doing action: FileCost
Action 11:24:24: FileCost. Computing space requirements
Action start 11:24:24: FileCost.
MSI © (24:D0) [11:24:24:999]: Note: 1: 2205 2:  3: MsiAssembly 
MSI © (24:D0) [11:24:24:999]: Note: 1: 2205 2:  3: Class 
MSI © (24:D0) [11:24:24:999]: Note: 1: 2205 2:  3: Extension 
MSI © (24:D0) [11:24:24:999]: Note: 1: 2205 2:  3: TypeLib 
Action ended 11:24:24: FileCost. Return value 1.
MSI © (24:D0) [11:24:24:999]: Doing action: IsolateComponents
Action 11:24:24: IsolateComponents. 
Action start 11:24:24: IsolateComponents.
Action ended 11:24:24: IsolateComponents. Return value 0.
MSI © (24:D0) [11:24:24:999]: Doing action: setUserProfileNT
Action 11:24:24: setUserProfileNT. 
Action start 11:24:24: setUserProfileNT.
MSI © (24:D0) [11:24:24:999]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'setUserProfileNT' 
MSI © (24:D0) [11:24:24:999]: PROPERTY CHANGE: Adding USERPROFILE property. Its value is 'C:\Users\Eric'.
Action ended 11:24:24: setUserProfileNT. Return value 1.
MSI © (24:D0) [11:24:24:999]: Skipping action: SetAllUsersProfileNT (condition is false)
MSI © (24:D0) [11:24:24:999]: Doing action: setAllUsersProfile2K
Action 11:24:24: setAllUsersProfile2K. 
Action start 11:24:24: setAllUsersProfile2K.
MSI © (24:D0) [11:24:25:015]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'setAllUsersProfile2K' 
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding ALLUSERSPROFILE property. Its value is 'C:\ProgramData'.
Action ended 11:24:25: setAllUsersProfile2K. Return value 1.
MSI © (24:D0) [11:24:25:015]: Skipping action: ResolveSource (condition is false)
MSI © (24:D0) [11:24:25:015]: Doing action: CostFinalize
Action 11:24:25: CostFinalize. Computing space requirements
Action start 11:24:25: CostFinalize.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI © (24:D0) [11:24:25:015]: Note: 1: 2205 2:  3: MsiAssembly 
MSI © (24:D0) [11:24:25:015]: Note: 1: 2228 2:  3: MsiAssembly 4:  SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`,  `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE  `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ? 
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool'.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding SKMSCAN property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\skmscan'.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding SCTBootDriver property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTBootDriver'.
MSI © (24:D0) [11:24:25:015]: PROPERTY CHANGE: Adding ENGINE property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine'.
MSI © (24:D0) [11:24:25:015]: Note: 1: 2205 2:  3: Patch 
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'E:\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying USERPROFILE property. Its current value is 'C:\Users\Eric'. Its new value: 'C:\Users\Eric\'.
MSI © (24:D0) [11:24:25:030]: WIN64DUALFOLDERS: 'C:\WINDOWS\SysWOW64\' will substitute 20 characters in 'C:\WINDOWS\system32\' folder path. (mask argument = 0, the folder pair's iSwapAttrib member = 1).
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying System64Folder property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'C:\WINDOWS\SysWOW64\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding System16Folder property. Its value is 'E:\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding sophos_1_sophos_plc property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding sophos_1_sophos_cleanup_tool property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\'.
MSI © (24:D0) [11:24:25:030]: WIN64DUALFOLDERS: 'C:\Program Files (x86)\' will substitute 17 characters in 'C:\Program Files\' folder path. (mask argument = 0, the folder pair's iSwapAttrib member = 0).
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying ProgramFiles64Folder property. Its current value is 'C:\Program Files\'. Its new value: 'C:\Program Files (x86)\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding PrimaryVolumePath property. Its value is 'E:\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding GlobalAssemblyCache property. Its value is 'E:\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding ISMyCompanyDir property. Its value is 'C:\Program Files (x86)\My Company Name\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding ISMyProductDir property. Its value is 'C:\Program Files (x86)\My Company Name\My Product Name\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding SOPHOS_PLC property. Its value is 'C:\Program Files (x86)\Sophos\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding MY_PRODUCT_NAME property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying INSTALLDIR property. Its current value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool'. Its new value: 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying SKMSCAN property. Its current value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\skmscan'. Its new value: 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\skmscan\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying SCTBootDriver property. Its current value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTBootDriver'. Its new value: 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTBootDriver\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding IDEFOLDER property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\data\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying ENGINE property. Its current value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine'. Its new value: 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding ISYourDataBaseDir property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding DATABASEDIR property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding ISCommonFilesFolder property. Its value is 'C:\Program Files (x86)\Common Files\InstallShield\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding ISUpdateServiceFolder property. Its value is 'C:\Program Files (x86)\Common Files\InstallShield\UpdateService\'.
MSI © (24:D0) [11:24:25:030]: WIN64DUALFOLDERS: 'C:\Program Files (x86)\' will substitute 17 characters in 'C:\Program Files\Common Files\' folder path. (mask argument = 0, the folder pair's iSwapAttrib member = 0).
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying CommonFiles64Folder property. Its current value is 'C:\Program Files\Common Files\'. Its new value: 'C:\Program Files (x86)\Common Files\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding CommonAppSophos property. Its value is 'C:\ProgramData\Sophos\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding CommonAppSVRT property. Its value is 'C:\ProgramData\Sophos\Sophos Virus Removal Tool\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Adding LocalRepDir property. Its value is 'C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\'.
MSI © (24:D0) [11:24:25:030]: PROPERTY CHANGE: Modifying ALLUSERSPROFILE property. Its current value is 'C:\ProgramData'. Its new value: 'C:\ProgramData\'.
MSI © (24:D0) [11:24:25:030]: Target path resolution complete. Dumping Directory table...
MSI © (24:D0) [11:24:25:030]: Note: target paths subject to change (via custom actions or browsing)
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: TARGETDIR , Object: E:\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: sophos_1_sophos_cleanup_tool1 , Object: NULL
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: sophos_1_sophos_plc1 , Object: NULL
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: WindowsVolume , Object: C:\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: WindowsFolder , Object: C:\WINDOWS\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: USERPROFILE , Object: C:\Users\Eric\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: TemplateFolder , Object: C:\ProgramData\Microsoft\Windows\Templates\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: TempFolder , Object: C:\Users\Eric\AppData\Local\Temp\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: SystemFolder , Object: C:\WINDOWS\SysWOW64\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: System64Folder , Object: C:\WINDOWS\SysWOW64\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: System16Folder , Object: E:\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: StartupFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: StartMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: SendToFolder , Object: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\SendTo\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ProgramMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: sophos_1_sophos_plc , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: sophos_1_sophos_cleanup_tool , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ProgramFiles64Folder , Object: C:\Program Files (x86)\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: PrimaryVolumePath , Object: E:\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: PersonalFolder , Object: D:\My Files\My Documents\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: MyPicturesFolder , Object: D:\My Files\My Pictures\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: LocalAppDataFolder , Object: C:\Users\Eric\AppData\Local\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: GlobalAssemblyCache , Object: E:\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: FontsFolder , Object: C:\WINDOWS\Fonts\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: FavoritesFolder , Object: C:\Users\Eric\Favorites\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: DesktopFolder , Object: C:\Users\Public\Desktop\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ProgramFilesFolder , Object: C:\Program Files (x86)\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ISMyCompanyDir , Object: C:\Program Files (x86)\My Company Name\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ISMyProductDir , Object: C:\Program Files (x86)\My Company Name\My Product Name\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: SOPHOS_PLC , Object: C:\Program Files (x86)\Sophos\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: MY_PRODUCT_NAME , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: INSTALLDIR , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: SKMSCAN , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\skmscan\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: SCTBootDriver , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTBootDriver\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: IDEFOLDER , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\data\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ENGINE , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ISYourDataBaseDir , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: DATABASEDIR , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: CommonFilesFolder , Object: C:\Program Files (x86)\Common Files\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ISCommonFilesFolder , Object: C:\Program Files (x86)\Common Files\InstallShield\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ISUpdateServiceFolder , Object: C:\Program Files (x86)\Common Files\InstallShield\UpdateService\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: CommonFiles64Folder , Object: C:\Program Files (x86)\Common Files\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: CommonAppDataFolder , Object: C:\ProgramData\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: CommonAppSophos , Object: C:\ProgramData\Sophos\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: CommonAppSVRT , Object: C:\ProgramData\Sophos\Sophos Virus Removal Tool\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: LocalRepDir , Object: C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: AppDataFolder , Object: C:\Users\Eric\AppData\Roaming\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: AdminToolsFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
MSI © (24:D0) [11:24:25:030]: Dir (target): Key: ALLUSERSPROFILE , Object: C:\ProgramData\
Action ended 11:24:25: CostFinalize. Return value 1.
MSI © (24:D0) [11:24:25:030]: Doing action: SetIDEFOLDER
Action 11:24:25: SetIDEFOLDER. 
Action start 11:24:25: SetIDEFOLDER.
MSI © (24:D0) [11:24:25:030]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetIDEFOLDER' 
MSI © (24:D0) [11:24:52:807]: Note: 1: 1314 2: data 
MSI © (24:D0) [11:24:52:807]: Note: 1: 1606 2: data 
Error 1606.Could not access network location data.
MSI © (24:D0) [11:26:37:050]: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
MSI © (24:D0) [11:27:04:226]: Note: 1: 1314 2: data 
MSI © (24:D0) [11:27:04:226]: Note: 1: 1606 2: data 
Error 1606.Could not access network location data.
MSI © (24:D0) [11:27:07:079]: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
MSI © (24:D0) [11:27:07:080]: Note: 1: 1606 2: data 
Error 1606.Could not access network location data.
MSI © (24:D0) [11:27:09:360]: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Action ended 11:27:09: SetIDEFOLDER. Return value 3.
MSI © (24:D0) [11:27:09:362]: Doing action: SetupCompleteError
Action 11:27:09: SetupCompleteError. 
Action start 11:27:09: SetupCompleteError.
MSI © (24:D0) [11:27:09:364]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetupCompleteError' 
Info 2826.Control ShowMsiLogText on dialog SetupCompleteError extends beyond the boundaries of the dialog to the right by 48 pixels.
Action 11:27:09: SetupCompleteError. Dialog created
MSI © (24:48) [11:27:09:387]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI © (24:48) [11:27:09:388]: Note: 1: 2205 2:  3: BindImage 
MSI © (24:48) [11:27:09:388]: Note: 1: 2205 2:  3: ProgId 
MSI © (24:48) [11:27:09:388]: Note: 1: 2205 2:  3: PublishComponent 
MSI © (24:48) [11:27:09:388]: Note: 1: 2205 2:  3: SelfReg 
MSI © (24:48) [11:27:09:388]: Note: 1: 2205 2:  3: Extension 
MSI © (24:48) [11:27:09:388]: Note: 1: 2205 2:  3: Font 
MSI © (24:48) [11:27:09:388]: Note: 1: 2205 2:  3: Class 
MSI © (24:48) [11:27:09:389]: Note: 1: 2205 2:  3: TypeLib 
MSI © (24:48) [11:27:09:390]: Note: 1: 2727 2:  
MSI © (24:8C) [11:27:13:721]: PROPERTY CHANGE: Adding ISSHOWMSILOG property. Its value is '1'.
MSI © (24:8C) [11:27:15:986]: Doing action: ShowMsiLog
Action 11:27:15: ShowMsiLog. 
Action start 11:27:15: ShowMsiLog.
MSI © (24:8C) [11:27:15:986]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'ShowMsiLog' 
Action ended 11:27:15: SetupCompleteError. Return value 2.
Action ended 11:27:15: INSTALL. Return value 3.
Action ended 11:27:16: ShowMsiLog. Return value 0.
Property©: DiskPrompt = [1]
Property©: UpgradeCode = {85c95869-44ad-473e-a0af-839dfda60f91}
Property©: Installed = 2017/09/25 03:42:32
Property©: PrimaryVolumeSpaceRemaining = 0
Property©: PrimaryVolumeSpaceRequired = 0
Property©: PrimaryVolumeSpaceAvailable = 0
Property©: OutOfNoRbDiskSpace = 0
Property©: OutOfDiskSpace = 0
Property©: CostingComplete = 1
Property©: ROOTDRIVE = E:\
Property©: EXECUTEACTION = INSTALL
Property©: ACTION = INSTALL
Property©: UILevel = 5
Property©: VersionHandler = 5.00
Property©: OriginalDatabase = C:\Users\Eric\AppData\Local\Temp\nsq753B.tmp.dir\Sophos Virus Removal Tool.msi
Property©: DATABASE = C:\WINDOWS\Installer\551eb7.msi
Property©: Privileged = 1
Property©: MsiRunningElevated = 1
Property©: RedirectedDllSupport = 2
Property©: MsiWin32AssemblySupport = 6.3.16299.15
Property©: MsiNetAssemblySupport = 4.7.2556.0
Property©: Date = 11/18/2017
Property©: Time = 11:27:16
Property©: TTCSupport = 1
Property©: ColorBits = 32
Property©: TextInternalLeading = 6
Property©: TextHeight = 32
Property©: BorderSide = 1
Property©: BorderTop = 1
Property©: CaptionHeight = 45
Property©: ScreenY = 2160
Property©: ScreenX = 3840
Property©: SystemLanguageID = 1033
Property©: ComputerName = ERIC-HTPC
Property©: UserLanguageID = 1033
Property©: UserSID = S-1-5-21-2962414311-339052606-3791041055-1000
Property©: LogonUser = Eric
Property©: MsiTrueAdminUser = 1
Property©: AdminUser = 1
Property©: VirtualMemory = 4969
Property©: PhysicalMemory = 3966
Property©: Intel = 6
Property©: Msix64 = 6
Property©: MsiAMD64 = 6
Property©: ShellAdvtSupport = 1
Property©: OLEAdvtSupport = 1
Property©: GPTSupport = 1
Property©: VersionNT = 603
Property©: TARGETDIR = E:\
Property©: ALLUSERSPROFILE = C:\ProgramData\
Property©: AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property©: AppDataFolder = C:\Users\Eric\AppData\Roaming\
Property©: CommonAppDataFolder = C:\ProgramData\
Property©: CommonAppSophos = C:\ProgramData\Sophos\
Property©: CommonAppSVRT = C:\ProgramData\Sophos\Sophos Virus Removal Tool\
Property©: CommonFiles64Folder = C:\Program Files (x86)\Common Files\
Property©: CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property©: ISYourDataBaseDir = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\
Property©: DATABASEDIR = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\
Property©: DesktopFolder = C:\Users\Public\Desktop\
Property©: INSTALLDIR = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\
Property©: ENGINE = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine\
Property©: FavoritesFolder = C:\Users\Eric\Favorites\
Property©: FontsFolder = C:\WINDOWS\Fonts\
Property©: GlobalAssemblyCache = E:\
Property©: IDEFOLDER = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\data\
Property©: MY_PRODUCT_NAME = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\
Property©: ISCommonFilesFolder = C:\Program Files (x86)\Common Files\InstallShield\
Property©: ProgramFilesFolder = C:\Program Files (x86)\
Property©: ISMyCompanyDir = C:\Program Files (x86)\My Company Name\
Property©: ISMyProductDir = C:\Program Files (x86)\My Company Name\My Product Name\
Property©: ISUpdateServiceFolder = C:\Program Files (x86)\Common Files\InstallShield\UpdateService\
Property©: LocalAppDataFolder = C:\Users\Eric\AppData\Local\
Property©: LocalRepDir = C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\
Property©: SOPHOS_PLC = C:\Program Files (x86)\Sophos\
Property©: MyPicturesFolder = D:\My Files\My Pictures\
Property©: PersonalFolder = D:\My Files\My Documents\
Property©: PrimaryVolumePath = E:\
Property©: ProgramFiles64Folder = C:\Program Files (x86)\
Property©: ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property©: SCTBootDriver = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTBootDriver\
Property©: SKMSCAN = C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\skmscan\
Property©: SendToFolder = C:\Users\Eric\AppData\Roaming\Microsoft\Windows\SendTo\
Property©: StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property©: StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property©: System16Folder = E:\
Property©: System64Folder = C:\WINDOWS\SysWOW64\
Property©: SystemFolder = C:\WINDOWS\SysWOW64\
Property©: TempFolder = C:\Users\Eric\AppData\Local\Temp\
Property©: TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property©: USERPROFILE = C:\Users\Eric\
Property©: WindowsFolder = C:\WINDOWS\
Property©: WindowsVolume = C:\
Property©: sophos_1_sophos_plc = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\
Property©: sophos_1_sophos_cleanup_tool = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\
Property©: RecentFolder = C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Recent\
Property©: PrintHoodFolder = C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property©: NetHoodFolder = C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property©: RemoteAdminTS = 1
Property©: MsiNTProductType = 1
Property©: ServicePackLevelMinor = 0
Property©: ServicePackLevel = 0
Property©: WindowsBuild = 9600
Property©: VersionNT64 = 603
Property©: VersionMsi = 5.00
Property©: ISCHECKFORPRODUCTUPDATES = 1
Property©: LAUNCHPROGRAM = 1
Property©: ApplicationUsers = AllUsers
Property©: AgreeToLicense = No
Property©: _IsMaintenance = Change
Property©: RestartManagerOption = CloseRestart
Property©: IS_SQLSERVER_USERNAME = sa
Property©: IS_SQLSERVER_AUTHENTICATION = 0
Property©: SetupType = Typical
Property©: _IsSetupTypeMin = Typical
Property©: Display_IsBitmapDlg = 1
Property©: ALLUSERS = 1
Property©: ARPPRODUCTICON = ARPPRODUCTICON.exe
Property©: ARPURLINFOABOUT = http://www.sophos.com
Property©: DWUSINTERVAL = 30
Property©: DWUSLINK = CE1CF09FF90B87B899ACF09FCECB978FCEDBF78F59CCF0B8CE2CD7EF39DCE7BFC95C87AFCEAC
Property©: DefaultUIFont = Tahoma8
Property©: DialogCaption = InstallShield for Windows Installer
Property©: DisplayNameCustom = Custom
Property©: DisplayNameMinimal = Minimal
Property©: DisplayNameTypical = Typical
Property©: ErrorDialog = SetupError
Property©: INSTALLLEVEL = 100
Property©: ISVROOT_PORT_NO = 0
Property©: IS_COMPLUS_PROGRESSTEXT_COST = Costing COM+ application: [1]
Property©: IS_COMPLUS_PROGRESSTEXT_INSTALL = Installing COM+ application: [1]
Property©: IS_COMPLUS_PROGRESSTEXT_UNINSTALL = Uninstalling COM+ application: [1]
Property©: IS_PROGMSG_XML_COSTING = Costing XML files...
Property©: IS_PROGMSG_XML_CREATE_FILE = Creating XML file %s...
Property©: IS_PROGMSG_XML_FILES = Performing XML file changes...
Property©: IS_PROGMSG_XML_REMOVE_FILE = Removing XML file %s...
Property©: IS_PROGMSG_XML_ROLLBACK_FILES = Rolling back XML file changes...
Property©: IS_PROGMSG_XML_UPDATE_FILE = Updating XML file %s...
Property©: InstallChoice = AR
Property©: Manufacturer = Sophos Limited
Property©: PIDTemplate = 12345<###-%%%%%%%>@@@@@
Property©: PROGMSG_IIS_CREATEAPPPOOL = Creating application pool %s
Property©: PROGMSG_IIS_CREATEAPPPOOLS = Creating application Pools...
Property©: PROGMSG_IIS_CREATEVROOT = Creating IIS virtual directory %s
Property©: PROGMSG_IIS_CREATEVROOTS = Creating IIS virtual directories...
Property©: PROGMSG_IIS_CREATEWEBSERVICEEXTENSION = Creating web service extension
Property©: PROGMSG_IIS_CREATEWEBSERVICEEXTENSIONS = Creating web service extensions...
Property©: PROGMSG_IIS_EXTRACT = Extracting information for IIS virtual directories...
Property©: PROGMSG_IIS_EXTRACTDONE = Extracted information for IIS virtual directories...
Property©: PROGMSG_IIS_EXTRACTDONEz = Extracted information for IIS virtual directories...
Property©: PROGMSG_IIS_EXTRACTzDONE = Extracted information for IIS virtual directories...
Property©: PROGMSG_IIS_REMOVEAPPPOOL = Removing application pool
Property©: PROGMSG_IIS_REMOVEAPPPOOLS = Removing application pools...
Property©: PROGMSG_IIS_REMOVESITE = Removing web site at port %d
Property©: PROGMSG_IIS_REMOVEVROOT = Removing IIS virtual directory %s
Property©: PROGMSG_IIS_REMOVEVROOTS = Removing IIS virtual directories...
Property©: PROGMSG_IIS_REMOVEWEBSERVICEEXTENSION = Removing web service extension
Property©: PROGMSG_IIS_REMOVEWEBSERVICEEXTENSIONS = Removing web service extensions...
Property©: PROGMSG_IIS_ROLLBACKAPPPOOLS = Rolling back application pools...
Property©: PROGMSG_IIS_ROLLBACKVROOTS = Rolling back virtual directory and web site changes...
Property©: PROGMSG_IIS_ROLLBACKWEBSERVICEEXTENSIONS = Rolling back web service extensions...
Property©: PROGRAMFILETOLAUNCHATEND = Launch
Property©: ProductCode = {B829E117-D072-41EA-9606-9826A38D34C1}
Property©: ProductID = none
Property©: ProductLanguage = 1033
Property©: ProductName = Sophos Virus Removal Tool
Property©: ProductVersion = 2.6.1
Property©: ProgressType0 = install
Property©: ProgressType1 = Installing
Property©: ProgressType2 = installed
Property©: ProgressType3 = installs
Property©: RebootYesNo = Yes
Property©: ReinstallModeText = omus
Property©: SHOWLAUNCHPROGRAM = 0
Property©: MsiLogFileLocation = C:\Users\Eric\AppData\Local\Temp\MSIa7d87.LOG
Property©: VersionDatabase = 200
Property©: PRODUCTLANGUAGE = 1033
Property©: CLIENTPROCESSID = 8740
Property©: CLIENTUILEVEL = 0
Property©: CURRENTDIRECTORY = C:\Users\Eric\AppData\Local\Temp\nsq753B.tmp.dir
Property©: ProductToBeRegistered = 1
Property©: ProductState = 5
Property©: PackageCode = {301F9BA2-812F-434E-9975-D8DE90C67CBE}
Property©: USERNAME = Eric
Property©: ISSHOWMSILOG = 1
=== Logging stopped: 11/18/2017  11:27:16 ===
MSI © (24:D0) [11:27:16:053]: Windows Installer reconfigured the product. Product Name: Sophos Virus Removal Tool. Product Version: 2.6.1. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 1603.
 
MSI © (24:D0) [11:27:16:057]: Grabbed execution mutex.
MSI © (24:D0) [11:27:16:057]: Cleaning up uninstalled install packages, if any exist
MSI © (24:D0) [11:27:16:061]: MainEngineThread is returning 1603
=== Verbose logging stopped: 11/18/2017  11:27:16 ===


#9 ek0552

ek0552
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 November 2017 - 02:45 PM

Ok sorry for the multiple posts, I restarted my computer and tried again successfully. Scanning now... I will report back when it finishes.

#10 ek0552

ek0552
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 November 2017 - 04:00 PM

Scan finished... (ended up running it in Safe Mode)--results came up clean! I am feeling better about this. Anything else you would suggest before I put this to rest? Any other anti-rootkit scans... ? 

 

Also, do you have any advice on anti-virus software? I am using Webroot currently and a trial of Premium Malwarebytes as well, but I am thinking about disabling Malwarebytes live protection (and letting the trial expire) and just relying entirely on Webroot for active protection. Please let me know if you have any other suggestions.

 

Thanks again for taking a look at my issue and helping me figure it out. 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,548 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:29 PM

Posted 19 November 2017 - 09:20 AM



Hi,

but I am thinking about disabling Malwarebytes live protection (and letting the trial expire)


Just leave the trial period expire.
You can then run the program if and when you have some issue with the computer.
===

Webroot is a respectable antivirus.

==

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users