Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Browser Redirects to search bar (no ads)


  • This topic is locked This topic is locked
42 replies to this topic

#1 hesca

hesca

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 28 November 2017 - 05:47 PM

Hello!

 

My win10 64bit computer is infected by some weird malware that prevents me from using a browser, which is vital for my job. I tried to paste the Addition text to this post but I got a mssg saying "the post was too long, try to shorten it a little"

 

This thing pops a new Google Chrome window, and it triggers two ways: sometimes on its own and at random several times per mitnue, and sometimes via my keyboard inputs, so if I dont type, the redirect rate slows down.  Its also blocking some keys like F4 or capital A (which is weird), or even key commands like ALT+F4 or CTRL+W. The redirect is triggered by random keys, not always the same, and its triggered by typing on the browser or on any other app, like powerpoint, for instance. Im afraid my keystrokes are being tracked or recorded.  :o  :unsure:

 

The new window doesnt show any Ads, just the basic Google Search startup screen, and it places the cursor on the empty textbox or address bar. When using Firerfox, it doesnt popup a new window, which is an improvement, but it still resets the tab to a blank page with the cursor on the default search bar. I don´t even want to try Internet Explorer, as it is waaaay to slow to even be considered a viable option.

 

I´ve tried, to no avail:

 

  1. Resetting Google Chrome
  2. Singing out of my google user
  3. Reinstalling Chrome 
  4. Spybot: Running a full system scan
  5. Malware bytes Threat Scan
  6. Uninstalling Chrome and using FireFox. The issue persists, less intensely, but it still causes firefox to "reset back" to the google search with an empty box
  7. Round 2 spybot + malware bytes scans
  8. Uninstall Chrome 
  9. After all that, I discovered and tried the browser redirect removal guide, but still, no cigar.
  10. Try Firefox again, issue presists, but now it doesnt create new windows, it just resets the current tab back to the default searchbar. The issue is intermittent now, and it lets me work for short spans (10-20 minutes), but after a while it tarts again and it wont even let me type in other applications different to the web browser because it pops the firefox window and positions the cursor on the search bar

  11. installed app called "Always on Top" that allows for a window to remain in front and at least be able to get some work done. 

  12. Started using Internet Explorer, which seems to not be affected by the malware at all. 

 

I´ve already followed the steps on the Preparation Guide

 

It seems this malware is somehow hijacked the search or new tab keyboard shortcut... please help! I really like Chrome and use google docs for my job, so I really dont want to have to start using another browser.

 

Thanks guys!

 

**********FRST file***************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2017
Ran by Admin (administrator) on ELITEBOOK8470P (28-11-2017 16:13:09)
Running from C:\+User files\Desktop
Loaded Profiles: Admin & MSSQL$SQLEXPRESS1 & MSSQL$SQLEXPRESS & DefaultAppPool (Available Profiles: Admin & MSSQL$SQLEXPRESS1 & MSSQL$SQLEXPRESS & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.729 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(ZKSoftware Inc) C:\Program Files (x86)\FPSensor\bin\iZHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Audinate Pty Ltd) C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.2.889.11556\AdAwareService.exe
() C:\ProgramData\DatacardService\DCService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Audinate Pty Ltd) C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Huawei) C:\Program Files (x86)\HiSuite\HiSuite.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Users\Admin\AppData\Local\Hisuite\userdata\hwtools\hdbtransport.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.2.889.11556\AdAwareTray.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\TimeDoctorPro\timedoctorpro.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Guys With Towels) C:\Program Files (x86)\Memento\Memento.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-12-19] (IDT, Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.2.889.11556\AdAwareTray.exe [4743640 2017-11-01] ()
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8849832 2017-11-13] (Emsisoft Ltd)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-16] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Run: [TimeDoctorPro] => C:\Program Files (x86)\TimeDoctorPro\timedoctorpro.exe [6039952 2016-11-22] ()
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited)
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {0c51ec89-8861-11e7-9ff7-a41731b37b31} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {43259698-ad8c-11e6-9e48-606720cbf668} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {4edb7c4c-4ac3-11e7-9f83-a41731b37b31} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {5bf3ad5f-c8d2-11e7-a097-a41731b37b31} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {c3b75dfb-9fa6-11e7-a037-a41731b37b31} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {cead74b0-d0e5-11e6-9e89-38eaa7874bd0} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {dd5b4b26-a63d-11e7-a043-a41731b37b31} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {f5de8969-cf7c-11e7-a0a9-a41731b37b31} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-80-2636429284-1409549652-43199981-1799884323-1242493567\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-11-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2014-10-27]
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memento.lnk [2013-12-15]
ShortcutTarget: Memento.lnk -> C:\Program Files (x86)\Memento\Memento.exe (Guys With Towels)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2013-12-16]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll [171480 2016-05-04] (Audinate Pty. Ltd.)
Winsock: Catalog5-x64 08 C:\Program Files\Audinate\Shared Files\mdnsNSP.dll [179712 2016-05-04] (Audinate Pty. Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.100.1
Tcpip\..\Interfaces\{00e9808f-b5b2-4060-9bde-b0464ad9911a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6c77968f-318b-4dbd-924b-4f680833b784}: [NameServer] 10.1.1.0,10.1.1.100
Tcpip\..\Interfaces\{7d178acf-61fa-4628-b824-5bf112063da1}: [DhcpNameServer] 192.168.100.1 192.168.100.1
Tcpip\..\Interfaces\{861c3a59-3c7c-4f0c-82eb-6a49234637be}: [DhcpNameServer] 10.110.138.1
Tcpip\..\Interfaces\{96fe834b-7d4c-4553-8f82-43838fd9558e}: [DhcpNameServer] 192.168.100.1 192.168.100.1
Tcpip\..\Interfaces\{ac97da4d-6871-4d0e-92ce-71805e7a5003}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c3f104c2-4945-421b-8ab0-d238481a92e2}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-19] (Microsoft Corporation)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-09-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-11-13] (FreeDownloadManager.ORG)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: une08wlp.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\une08wlp.default [2017-11-28]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\une08wlp.default\user.js [2017-08-11]
FF Extension: (Ads Removal) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\une08wlp.default\Extensions\adremoveext@adremoveext.net [2016-08-20] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-07-02] [Lagacy] [not signed]
FF HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2017-01-25] [Lagacy]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9173552 2017-11-13] (Emsisoft Ltd)
R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.2.889.11556\AdAwareService.exe [587832 2017-11-01] ()
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2305816 2016-08-23] (Broadcom Corporation.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-11-02] (Microsoft Corporation)
R2 conmon; C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe [329200 2016-05-04] (Audinate Pty Ltd)
R2 DanteDiscovery; C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe [428504 2016-05-04] (Audinate Pty. Ltd.)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
S3 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [84992 2015-11-23] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [190464 2015-11-23] (Avid Technology, Inc.) [File not signed]
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
R2 dvs.manager; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_service.exe [7649280 2016-05-26] (Audinate Pty Ltd) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 iZHost; C:\Program Files (x86)\FPSensor\bin\iZHost.exe [283648 2013-07-24] (ZKSoftware Inc) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-12-16] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-30] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2016-05-27] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS1; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS1\MSSQL\Binn\sqlservr.exe [370368 2016-05-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed]
S4 RoxioBurnLauncher; C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [536848 2012-03-20] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2016-05-27] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS1; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS1\MSSQL\Binn\SQLAGENT.EXE [613056 2016-05-27] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ARCVCAM; C:\WINDOWS\system32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
S3 automap; C:\WINDOWS\system32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-08-29] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [879600 2017-08-29] (BitDefender)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2016-08-23] (Broadcom Corporation.)
R1 bdfwfpf; C:\Program Files\adaware\adaware antivirus\AdAwareProxyEngine\1.0.0.8\bdfwfpf.sys [127312 2016-06-16] (BitDefender LLC)
S3 BTWDPAN; C:\WINDOWS\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-11-28] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 dvs.asio; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\Driver\Win10\dvs_asio.sys [173520 2016-05-26] (Audinate Pty Ltd)
S3 dvs.wdm; C:\WINDOWS\system32\DRIVERS\dvs_wdm.sys [237008 2016-05-26] (Audinate Pty Ltd)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 ffusb2audio; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [178384 2017-02-08] (BitDefender LLC)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2017-07-26] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-08] (REALiX™)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R0 Ignis; C:\WINDOWS\System32\drivers\ignis.sys [304448 2017-08-29] (Bitdefender)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit)
U5 JMCR; C:\Windows\System32\Drivers\JMCR.sys [176880 2013-12-16] (JMicron Technology Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-28] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-28] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew01.sys [3363112 2015-07-28] (Intel Corporation)
R3 NIWinCDEmu; C:\WINDOWS\System32\drivers\NIWinCDEmu.sys [112408 2016-09-07] ()
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
S4 RsFx0301; C:\WINDOWS\System32\DRIVERS\RsFx0301.sys [249024 2016-05-27] (Microsoft Corporation)
S3 Saffire; C:\WINDOWS\System32\Drivers\Saffire.sys [242384 2015-12-21] (Focusrite A.E.)
S3 SaffireAudio; C:\WINDOWS\system32\drivers\SaffireAudio.sys [48336 2015-12-21] (Focusrite A.E.)
S3 SaffireMidi; C:\WINDOWS\system32\drivers\SaffireMidi.sys [32336 2015-12-21] (Focusrite A.E.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snp2uvcW10.sys [2530920 2015-12-20] (Sonix Tech. Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 synusb64; C:\WINDOWS\System32\drivers\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [442848 2017-02-08] (BitDefender S.R.L.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 usbaudio2; C:\WINDOWS\System32\drivers\usbaudio2.sys [225792 2017-03-18] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2016-08-23] (HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-05-14] (Wellbia.com Co., Ltd.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-11-28] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-28] (Zemana Ltd.)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-28 16:12 - 2017-11-28 16:13 - 000000000 ____D C:\FRST
2017-11-28 16:10 - 2017-11-28 16:10 - 000000064 __RSH C:\WINDOWS\system32\Drivers\xboxgip.winsecurity
2017-11-28 15:39 - 2017-11-28 15:39 - 000000064 __RSH C:\WINDOWS\system32\Drivers\xusb22.winsecurity
2017-11-28 15:33 - 2017-11-28 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-11-28 15:33 - 2017-11-28 15:33 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-11-28 14:23 - 2017-11-28 14:23 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-28 13:17 - 2017-11-28 13:17 - 000003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAdmin
2017-11-28 13:17 - 2017-11-28 13:17 - 000000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job
2017-11-28 13:08 - 2017-11-28 13:08 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-28 13:08 - 2017-11-28 13:08 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-28 13:07 - 2017-11-28 13:07 - 000000000 ____H C:\ProgramData\cm-lock
2017-11-28 13:06 - 2017-11-28 16:13 - 014702766 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-28 13:06 - 2017-11-28 16:13 - 001842839 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-28 12:47 - 2017-11-28 12:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-11-28 12:47 - 2017-11-28 12:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-11-28 12:47 - 2017-11-28 12:47 - 000001196 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-11-28 12:47 - 2017-11-28 12:47 - 000000000 ____D C:\Users\Admin\AppData\Local\Zemana
2017-11-28 12:47 - 2017-11-28 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-11-28 12:47 - 2017-11-28 12:47 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-28 12:39 - 2017-11-28 12:44 - 000000000 ____D C:\ProgramData\Emsisoft
2017-11-28 12:36 - 2017-11-28 15:37 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-11-28 12:36 - 2017-11-28 12:36 - 000000954 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-11-28 12:36 - 2017-11-28 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-11-28 11:11 - 2017-11-28 11:11 - 000020112 _____ C:\Users\Admin\Documents\Memento.notes
2017-11-28 10:03 - 2017-11-28 10:03 - 000000000 ___HD C:\OneDriveTemp
2017-11-28 09:55 - 2017-11-28 09:55 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-28 09:55 - 2017-11-28 09:55 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-28 09:55 - 2017-11-28 09:55 - 000001925 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-28 09:55 - 2017-11-28 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-28 09:55 - 2017-11-28 09:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-28 09:55 - 2017-11-28 09:55 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-28 09:55 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-28 07:40 - 2017-11-28 08:17 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-28 07:40 - 2017-11-28 07:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-28 07:40 - 2017-11-28 07:40 - 000001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-28 07:40 - 2017-11-28 07:40 - 000001435 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-11-28 07:40 - 2017-11-28 07:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-28 07:40 - 2017-11-28 07:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-28 07:40 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-11-24 15:13 - 2017-11-27 20:14 - 000000000 ____D C:\Users\Admin\Documents\VSTConnectPerformer
2017-11-24 15:10 - 2017-11-24 15:10 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg VST Connect Performer 64bit
2017-11-23 08:29 - 2017-11-17 03:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-23 08:29 - 2017-11-17 03:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-23 08:29 - 2017-11-17 03:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-23 08:29 - 2017-11-17 03:39 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-23 08:29 - 2017-11-17 03:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-23 08:29 - 2017-11-17 03:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-23 08:29 - 2017-11-17 03:36 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-23 08:29 - 2017-11-17 03:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-23 08:29 - 2017-11-17 03:11 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-23 08:29 - 2017-11-17 03:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-23 08:29 - 2017-11-17 03:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-23 08:29 - 2017-11-17 02:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-23 08:29 - 2017-11-17 02:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-23 08:29 - 2017-11-17 02:54 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-23 08:29 - 2017-11-17 02:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-23 08:29 - 2017-11-17 02:51 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-21 07:24 - 2017-11-21 07:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2017-11-21 07:22 - 2017-11-21 07:22 - 000000000 ____D C:\Program Files\Common Files\adaware
2017-11-20 13:00 - 2017-11-20 13:00 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 9.5
2017-11-20 13:00 - 2017-10-10 01:09 - 005438976 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll
2017-11-20 13:00 - 2017-10-10 01:09 - 000086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2017-11-15 13:09 - 2017-11-15 13:09 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-14 21:12 - 2017-11-04 19:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-14 21:12 - 2017-11-04 19:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 21:11 - 2017-11-01 23:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-14 21:11 - 2017-11-01 23:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 21:11 - 2017-11-01 23:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-14 21:11 - 2017-11-01 23:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 21:11 - 2017-11-01 23:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 21:11 - 2017-11-01 23:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-14 21:11 - 2017-11-01 23:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-14 21:11 - 2017-11-01 23:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-14 21:11 - 2017-11-01 23:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 21:11 - 2017-11-01 23:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-14 21:11 - 2017-11-01 23:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 21:11 - 2017-11-01 22:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-14 21:11 - 2017-11-01 22:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-14 21:11 - 2017-11-01 22:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-14 21:11 - 2017-11-01 22:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 21:11 - 2017-11-01 22:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-14 21:11 - 2017-11-01 22:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-14 21:11 - 2017-11-01 22:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-14 21:11 - 2017-11-01 22:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-14 21:11 - 2017-11-01 22:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-14 21:11 - 2017-11-01 22:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-14 21:11 - 2017-11-01 22:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-14 21:11 - 2017-11-01 22:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-14 21:11 - 2017-11-01 22:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-14 21:11 - 2017-11-01 22:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-14 21:11 - 2017-11-01 22:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 21:11 - 2017-11-01 22:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-14 21:11 - 2017-11-01 22:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-14 21:11 - 2017-11-01 22:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 21:11 - 2017-11-01 22:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-14 21:11 - 2017-11-01 22:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-14 21:11 - 2017-11-01 22:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-14 21:11 - 2017-11-01 22:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 21:11 - 2017-11-01 22:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-14 21:11 - 2017-11-01 22:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-14 21:11 - 2017-11-01 22:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 21:11 - 2017-10-25 01:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 21:11 - 2017-10-15 09:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-14 21:11 - 2017-10-15 09:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-14 21:11 - 2017-10-15 09:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-14 21:11 - 2017-10-15 08:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-14 21:11 - 2017-10-15 08:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-14 21:11 - 2017-10-15 08:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-14 21:11 - 2017-10-15 08:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-14 21:11 - 2017-10-15 08:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-14 21:11 - 2017-10-15 08:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-14 21:11 - 2017-10-15 08:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-14 21:11 - 2017-10-15 08:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-14 21:11 - 2017-10-15 08:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-14 21:11 - 2017-10-15 08:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-14 21:11 - 2017-10-15 08:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-14 21:11 - 2017-10-15 08:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-14 21:11 - 2017-10-15 08:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-14 21:11 - 2017-10-15 08:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-14 21:11 - 2017-10-15 08:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-14 21:11 - 2017-10-15 08:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 21:11 - 2017-10-15 08:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-14 21:10 - 2017-11-01 23:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-14 21:10 - 2017-11-01 23:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-14 21:10 - 2017-11-01 23:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 21:10 - 2017-11-01 23:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 21:10 - 2017-11-01 23:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 21:10 - 2017-11-01 23:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 21:10 - 2017-11-01 23:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-14 21:10 - 2017-11-01 23:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-14 21:10 - 2017-11-01 23:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-14 21:10 - 2017-11-01 23:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-14 21:10 - 2017-11-01 22:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-14 21:10 - 2017-11-01 22:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-14 21:10 - 2017-11-01 22:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-14 21:10 - 2017-11-01 22:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-14 21:10 - 2017-11-01 22:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-14 21:10 - 2017-11-01 22:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-14 21:10 - 2017-11-01 22:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-14 21:10 - 2017-11-01 22:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 21:10 - 2017-11-01 22:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-14 21:10 - 2017-11-01 22:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-14 21:10 - 2017-11-01 22:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-14 21:10 - 2017-11-01 22:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-14 21:10 - 2017-11-01 22:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-14 21:10 - 2017-11-01 22:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-14 21:10 - 2017-11-01 22:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-14 21:10 - 2017-11-01 22:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-14 21:10 - 2017-11-01 22:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-14 21:10 - 2017-11-01 22:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-14 21:10 - 2017-11-01 22:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-14 21:10 - 2017-11-01 22:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 21:10 - 2017-11-01 22:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-14 21:10 - 2017-11-01 22:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 21:10 - 2017-11-01 22:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-14 21:10 - 2017-11-01 22:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-14 21:10 - 2017-11-01 22:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 21:10 - 2017-11-01 22:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 21:10 - 2017-11-01 22:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 21:10 - 2017-10-15 08:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-14 21:10 - 2017-10-15 08:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-14 21:10 - 2017-10-15 08:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-14 21:10 - 2017-10-15 08:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-14 21:10 - 2017-10-15 08:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-14 21:10 - 2017-10-15 08:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-14 21:10 - 2017-10-15 08:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-14 21:10 - 2017-10-15 08:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-14 21:10 - 2017-10-15 08:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-14 21:10 - 2017-10-15 08:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-14 21:10 - 2017-10-15 08:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-14 21:10 - 2017-10-15 08:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-14 21:10 - 2017-10-15 08:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-14 21:10 - 2017-10-15 08:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-14 21:10 - 2017-10-15 08:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-14 21:10 - 2017-10-15 08:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-14 11:47 - 2017-11-14 11:47 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2017-11-14 08:59 - 2017-11-14 08:59 - 000000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2017-11-14 08:59 - 2017-11-14 08:59 - 000000000 ____D C:\Users\Public\Documents\Kontakt Factory Selection Library
2017-11-14 08:43 - 2017-11-14 08:43 - 000000000 ____D C:\Program Files (x86)\Native Instruments
2017-11-14 08:43 - 2016-09-07 07:26 - 000112408 _____ C:\WINDOWS\system32\Drivers\NIWinCDEmu.sys
2017-11-13 20:01 - 2017-11-13 20:01 - 000000000 __HDC C:\ProgramData\{BA9B21B7-B87A-400D-9B05-4394F527AFF2}
2017-11-11 06:23 - 2017-11-11 06:23 - 000000000 ____D C:\WINDOWS\Panther
2017-11-10 09:10 - 2017-11-10 09:10 - 000002275 _____ C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2017-11-04 14:58 - 2017-11-04 14:58 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2968790452-4219215743-1767289616-1000
2017-11-04 14:58 - 2017-11-04 14:58 - 000002415 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-02 09:32 - 2017-11-20 09:06 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-10-29 06:25 - 2017-10-29 06:25 - 000002553 _____ C:\Users\Public\Desktop\Evernote.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-28 16:13 - 2017-03-15 12:54 - 000000000 ____D C:\Users\Admin\AppData\Local\TimeDoctorPro
2017-11-28 16:08 - 2013-12-15 00:48 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-28 15:24 - 2017-06-02 12:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-28 14:57 - 2017-10-17 06:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-28 13:43 - 2013-12-16 06:55 - 000000000 ___RD C:\Users\Admin\Dropbox
2017-11-28 13:14 - 2017-06-02 12:33 - 005004034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-28 13:09 - 2015-08-15 17:43 - 000000000 ___RD C:\Users\Admin\OneDrive
2017-11-28 13:09 - 2014-05-16 13:16 - 000000000 ____D C:\ProgramData\ProductData
2017-11-28 13:09 - 2014-05-16 13:14 - 000000000 ____D C:\ProgramData\IObit
2017-11-28 13:07 - 2017-06-02 12:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-28 13:07 - 2016-06-02 10:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-28 13:06 - 2017-06-02 12:34 - 000000000 ____D C:\Users\Admin
2017-11-28 13:06 - 2017-03-18 05:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-28 13:06 - 2014-06-19 10:15 - 000000000 ____D C:\AdwCleaner
2017-11-28 13:05 - 2014-05-16 13:16 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\IObit
2017-11-28 13:05 - 2014-05-16 13:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\IObit
2017-11-28 12:08 - 2015-08-15 17:41 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-11-28 11:11 - 2016-02-08 21:25 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-11-28 11:09 - 2013-12-15 07:17 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2017-11-28 11:09 - 2013-12-15 07:17 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-28 10:07 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-28 09:06 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-27 20:37 - 2013-12-15 19:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Steinberg
2017-11-27 18:27 - 2017-06-02 12:48 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FE55E7D-14EB-4F8E-96C0-8DDCBE5C1581}
2017-11-27 18:18 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-24 17:01 - 2015-10-23 21:41 - 000000000 ____D C:\temp
2017-11-24 15:31 - 2017-01-19 12:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-24 15:10 - 2013-12-15 19:52 - 000000000 ____D C:\Program Files\Steinberg
2017-11-24 15:09 - 2014-09-02 18:40 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Celemony Software GmbH
2017-11-24 12:48 - 2013-12-15 23:00 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2017-11-24 07:18 - 2016-02-04 10:26 - 000000000 ____D C:\Users\Admin\Documents\Camtasia Studio
2017-11-23 20:21 - 2017-06-02 12:32 - 004197000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-23 08:31 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-23 08:30 - 2017-03-18 15:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-21 07:23 - 2013-12-15 07:32 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 13:02 - 2017-09-22 09:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALion Library Manager
2017-11-20 13:01 - 2017-01-26 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg
2017-11-20 13:00 - 2017-09-22 09:52 - 000001243 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2017-11-20 13:00 - 2016-11-17 11:55 - 000000049 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2017-11-20 13:00 - 2016-11-17 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2017-11-20 13:00 - 2013-12-15 19:52 - 000000000 ____D C:\Program Files (x86)\eLicenser
2017-11-20 12:39 - 2013-12-16 06:35 - 000000000 ____D C:\Program Files (x86)\steinberg
2017-11-19 07:34 - 2017-03-18 15:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-19 07:33 - 2013-12-15 14:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-18 19:58 - 2013-12-16 21:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-18 19:49 - 2017-10-11 08:24 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-18 19:49 - 2013-12-16 21:07 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 06:49 - 2014-01-12 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-11-15 17:58 - 2014-10-16 17:06 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2017-11-15 13:09 - 2013-12-16 06:54 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2017-11-15 12:42 - 2017-06-02 12:48 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 12:42 - 2017-06-02 12:48 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-15 07:27 - 2017-03-05 22:25 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-14 21:43 - 2016-04-13 08:58 - 000000000 ____D C:\ProgramData\Spectrasonics
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-14 08:59 - 2013-12-15 20:01 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2017-11-13 19:59 - 2013-12-15 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-11-13 19:58 - 2015-08-15 17:23 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-12 03:00 - 2016-01-27 17:50 - 000000000 ____D C:\ProgramData\TEMP
2017-11-11 07:44 - 2013-12-16 13:45 - 000000000 ____D C:\Users\Admin\Documents\Native Instruments
2017-11-11 07:36 - 2017-06-30 06:09 - 000000000 ____D C:\Program Files (x86)\Clickteam Fusion 2.5 Free Edition
2017-11-11 06:37 - 2014-04-11 15:23 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2017-11-10 06:54 - 2017-09-02 07:41 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-10 06:54 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-08 06:29 - 2015-03-12 15:22 - 000000000 ____D C:\+User files
2017-11-05 21:38 - 2015-08-12 12:01 - 000000000 ____D C:\FFOutput
2017-11-05 14:07 - 2017-06-02 12:48 - 000003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-04 06:02 - 2017-02-23 19:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-11-01 21:15 - 2017-06-02 12:34 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS1
2017-11-01 21:15 - 2017-06-02 12:34 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2017-10-29 06:25 - 2017-10-23 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
 
==================== Files in the root of some directories =======
 
2014-01-08 09:00 - 2014-01-08 09:00 - 002387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2014-01-08 09:00 - 2014-01-08 09:00 - 001732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2017-11-10 09:10 - 2017-11-10 09:10 - 000002275 _____ () C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2014-06-19 10:08 - 2014-06-19 10:08 - 000000024 _____ () C:\Users\Admin\AppData\Roaming\temp.ini
2015-01-20 17:13 - 2017-05-21 06:42 - 000006144 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 15:33 - 2014-11-03 08:50 - 000007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2017-11-15 15:01 - 2017-11-15 15:02 - 058818504 _____ (Skype Technologies S.A.) C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-28 09:05
 
==================== End of FRST.txt ============================

Attached Files


Edited by hesca, 29 November 2017 - 10:08 AM.


BC AdBot (Login to Remove)

 


m

#2 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 01 December 2017 - 12:39 PM

Hi hesca,

 

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#3 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 01 December 2017 - 02:13 PM

Hello Polskamachina!

Thank you for your time. 

 

I read and understood everything on your message. I just have a few comments:

  1. Im in GMT-6 so we should be able to communicate well. 
  2. I had to attach the Addition log because the forum wouldnt let me paste it as text, saying “the mssg is too large”
  3. I will describe the status of my system below this list. But please first read my original post, which includes all the steps I already took 
  4. I have already stored a backup, but this computer is the one I use at work and it holds a ton of software, so if it becomes necessary to format the harddrive, i would need a couple days to prepare because I have pending deliverables that depend on this software and its instalation takes several hours.  

My current situation (after everything i specified in the original post)

 

I figured out that the keyboard hijacking may not be related to the virus, but to a malfunctioning keyboard. However there still may be some relation between the redirects and the keyboard input,  because Chrome poped up in apparent accordance to my typing, and when I stopped typing, the popping rate slowed down. 

 

Having uninstalled Chrome, I started using Firefox, but the issue was kind of the same. With Chrome,  every fraction of a second the redirects caused popping up of a new window with the default search bar. Then, after a few minutes the issue stops, and the after a few minutes it begins again. On the other hand, the malware causes FireFox to just “reset” the tab back to the search screen. Not suicide inducing, but still annoying and frustrating. 

 

Finally, I moved over to Microsoft Edge, and the problems are almost unnoticeable. The browsing experience is glitchy, but maybe thats just Edge’s low quality. Im not familiar with it. With Edge, the browser redirecting doesnt happen anymore. However, onces every few minutes, my keyboard inputs are blocked, and the textboxes get stuck, particularly in a chat website that I use for work, called Facebook Workplace. 

 

So, given the fact that the issue was mostly gone, I reinstalled Chrome. Sadly, the redirecting and new-window popping-up started again. Thus, I uninstalled Chrome again. 

 

And that brings us to this morning, when I received your reply on the forum.   

 

Im puzzled by this thing. There are no Ads, and there is no apparent malicious interruption of the computer's processes. Everything runs fine, nothing is slowed down. It feels almost prankish. What do you think? Have you seen anything like it? 

 

Thanks again.



#4 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 01 December 2017 - 03:58 PM

Hi hesca,

 

I am currently working on a fix for your system. :busy: Since I am still a student, my fixes have to be approved by one of the staff before I can pass it along to you.

 

Generally speaking, new ways are found every day to disrupt people's workflow with their computers. Usually the disrupter's motivation is monetary (directing you to view ads or locking down your system with ransomware). While your symptoms do seem out of the ordinary, I am confident we will be able to track down the problems. I should be back within the next 24-48 hours with some specific instructions for you. Thank you for your patience!

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#5 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 01 December 2017 - 05:26 PM

Thanks a lot! 

 

I will be waiting.

 

 

Happy... coding, or typing or whatever your emoji is doing there! :D



#6 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 03 December 2017 - 12:15 PM

Hi hesca :)

It sounds like your computer has become a big headache for you. Let's get started with the fixing.

Your logs show there is evidence of pirated products installed in your system. These pirated programs are a good source of malware infection as you do not know what was included when the original product was patched/pirated. Ethics aside, it may be illegal depending on the cyber law of your country. We at Bleeping Computer would like to give the user who seeks assistance the benefit of the doubt and would give you a chance to remove the cracked software and the associated files. If you decide to remove the cracked software, please follow the steps below and attach the log into your next reply to me. If you decide to keep the cracked software the topic will be closed.

After removing the cracked software:

  • Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
  • Important - Save it to your Desktop
  • Right Click CKScanner.exe and select, Run as administrator
  • Give permission if necessary, and click Search For Files
  • After a very short time, when the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved. Please run the program only once
  • Double-click the CKFiles.txt icon on your desktop
  • Copy and paste the contents of the logfile into your next reply to me

Next:

Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anti-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.
 
There is one exception to the use only one anti-virus product rule and that is the Malwarebytes version 3.x product. It may coexist with another anti-virus product.
 
In summary you may use two antivirus products IF one of them is Malwarebytes. In either case, you will still need to remove at least one AV product since at the present time you have three of them enabled.
 
Your choices are:

  • Multiple AV products
    • MBAM AND either Emisisoft OR Adaware
  • Single AV product
    • MBAM
    • Emsisoft
    • Adaware

Next:

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions VERY carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs below, I want you to remove at least one anti-virus program according to the rule I described previously. Therefore, select the anti-virus program(s) you would like to keep and uninstall the remaining program(s).
AV: adaware antivirus
AV: Emsisoft Anti-Malware
AV: Malwarebytes
  • Double click on the program you've selected to remove and let the uninstall process begin.
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • Note this important step: Before Revo removes the remnants of the program, the original program's uninstaller will run and will prompt you that the process is complete. Then it may ask you to restart your computer. DO NOT RESTART YOUR COMPUTER AT THIS TIME. Click cancel on the restart option and continue with the uninstallation process.
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
  • Repeat the above steps to remove a second AV prgoram if you have decided to keep only one of them.

Next:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click AdwCleaner and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Next:

  • Right-click FRST64 and run it as administrator
  • If the program needs to update, let it update
  • Click the Scan button
  • When the scan has completed, FRST.txt and Addition.txt will appear in Notepad
  • Please copy and paste those two logs into your next reply to me

In summary I will need from you,

  • CKFiles log
  • AdwCleaner log
  • FRST.txt
  • Addition.txt
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#7 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 04 December 2017 - 04:41 PM

Hello polskamachina. 

 

I received the message. Let me try all this stuff and I will get back to you as soon as I can get it done. I had a guy "get it ready" for work, and apparently some of the stuff in here must be uninstalled. 



#8 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 04 December 2017 - 06:40 PM

Hi hesca :)

 

Thanks for the update and let me know if you have any questions.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#9 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 04 December 2017 - 06:46 PM

Hi! Here is the CKfile:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\14.6. clic y crackle - vinil.peak
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\asmr vinyl crackling sound 30 minutes.peak
c:\+user files\wwise projects\wwise lessons\+limbo\resources\audio\limbo\.cache\windows\sfx\foodeggshellcrack_edtpmc_68d04c20.wem
c:\program files\common files\native instruments\kontakt 5\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files\steinberg\wavelab 9\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files\steinberg\wavelab pro 9.5\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files (x86)\steam\steamapps\common\axiom verge\content\art\tilesets\crackedtiles.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\stonecrack.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\tankcrack1.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\wallcrack1.xnb
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win32\x-crackle.dll
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win64\x-crackle.dll
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\users\admin\dropbox\vonkelemen\19 curriculista\referencias-libros-link\hack_x_crack_hacking_buscadores.pdf
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.ZZ.11.NNAPI0
 ----- EOF -----
 



#10 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 04 December 2017 - 06:52 PM

Hi! Here is the CKfile:

 

I used Revo to remove the non licensed software. Hope everything is in order now. 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\14.6. clic y crackle - vinil.peak
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\asmr vinyl crackling sound 30 minutes.peak
c:\+user files\wwise projects\wwise lessons\+limbo\resources\audio\limbo\.cache\windows\sfx\foodeggshellcrack_edtpmc_68d04c20.wem
c:\program files\common files\native instruments\kontakt 5\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files\steinberg\wavelab 9\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files\steinberg\wavelab pro 9.5\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files (x86)\steam\steamapps\common\axiom verge\content\art\tilesets\crackedtiles.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\stonecrack.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\tankcrack1.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\wallcrack1.xnb
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win32\x-crackle.dll
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win64\x-crackle.dll
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\users\admin\dropbox\vonkelemen\19 curriculista\referencias-libros-link\hack_x_crack_hacking_buscadores.pdf
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.ZZ.11.NNAPI0
 ----- EOF -----
 


Hi! Here is the CKfile:

 

I used Revo to remove the non licensed software. Hope everything is in order now. 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\14.6. clic y crackle - vinil.peak
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\asmr vinyl crackling sound 30 minutes.peak
c:\+user files\wwise projects\wwise lessons\+limbo\resources\audio\limbo\.cache\windows\sfx\foodeggshellcrack_edtpmc_68d04c20.wem
c:\program files\common files\native instruments\kontakt 5\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files\steinberg\wavelab 9\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files\steinberg\wavelab pro 9.5\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files (x86)\steam\steamapps\common\axiom verge\content\art\tilesets\crackedtiles.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\stonecrack.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\tankcrack1.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\wallcrack1.xnb
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win32\x-crackle.dll
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win64\x-crackle.dll
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\users\admin\dropbox\vonkelemen\19 curriculista\referencias-libros-link\hack_x_crack_hacking_buscadores.pdf
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.ZZ.11.NNAPI0
 ----- EOF -----
 


Hi! Here is the CKfile:

 

I used Revo to remove the non licensed software. Hope everything is in order now. 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\14.6. clic y crackle - vinil.peak
c:\+user files\desktop\rockschool\projects\371 - studio sound mixing\the butterfly effect - preach right here\images\asmr vinyl crackling sound 30 minutes.peak
c:\+user files\wwise projects\wwise lessons\+limbo\resources\audio\limbo\.cache\windows\sfx\foodeggshellcrack_edtpmc_68d04c20.wem
c:\program files\common files\native instruments\kontakt 5\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files\steinberg\wavelab 9\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files\steinberg\wavelab pro 9.5\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files (x86)\steam\steamapps\common\axiom verge\content\art\tilesets\crackedtiles.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\stonecrack.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\tankcrack1.xnb
c:\program files (x86)\steam\steamapps\common\axiom verge\content\audio\soundeffects\wallcrack1.xnb
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win32\x-crackle.dll
c:\program files (x86)\waves\plug-ins v9\x-crackle.bundle\contents\win64\x-crackle.dll
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\users\admin\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\users\admin\dropbox\vonkelemen\19 curriculista\referencias-libros-link\hack_x_crack_hacking_buscadores.pdf
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.ZZ.11.NNAPI0
 ----- EOF -----
 



#11 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 04 December 2017 - 07:39 PM

ADW Cleaner Log

 

 

theiho# AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 05 00:28:12 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader

***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
Plugin deleted: Ads Removal - androidapps

***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [4724 B] - [2017/11/28 19:6:8]
C:/AdwCleaner/AdwCleaner[S0].txt - [4070 B] - [2014/6/19 16:15:53]
C:/AdwCleaner/AdwCleaner[S1].txt - [5336 B] - [2017/11/28 19:4:48]
C:/AdwCleaner/AdwCleaner[S2].txt - [1428 B] - [2017/12/5 0:20:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########


#12 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 04 December 2017 - 07:50 PM

Hi hesca :)

 

Thanks for the update and let me know if you have any questions.

 

polskamachina

Hi polskamachina, sorry for the multiple posts. I got an error and after trying again I noticed the repetitions. 

 

I have a question. Can I reinstall Google Chrome now? Its the one thing I would need to test if the fixes worked.  



#13 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 04 December 2017 - 07:55 PM

FRST file

**************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Admin (administrator) on ELITEBOOK8470P (04-12-2017 18:44:21)
Running from C:\+User files\Desktop\Downloads
Loaded Profiles: Admin & MSSQL$SQLEXPRESS1 & MSSQL$SQLEXPRESS (Available Profiles: Admin & MSSQL$SQLEXPRESS1 & MSSQL$SQLEXPRESS & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.729 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(ZKSoftware Inc) C:\Program Files (x86)\FPSensor\bin\iZHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
() C:\ProgramData\DatacardService\DCService.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Audinate Pty Ltd) C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Audinate Pty Ltd) C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\TimeDoctorPro\timedoctorpro.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Guys With Towels) C:\Program Files (x86)\Memento\Memento.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Farbar) C:\+User files\Desktop\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-12-19] (IDT, Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8850344 2017-11-30] (Emsisoft Ltd)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-16] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Run: [TimeDoctorPro] => C:\Program Files (x86)\TimeDoctorPro\timedoctorpro.exe [6039952 2016-11-22] ()
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited)
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {0c51ec89-8861-11e7-9ff7-a41731b37b31} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {43259698-ad8c-11e6-9e48-606720cbf668} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {4edb7c4c-4ac3-11e7-9f83-a41731b37b31} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {5bf3ad5f-c8d2-11e7-a097-a41731b37b31} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {c3b75dfb-9fa6-11e7-a037-a41731b37b31} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {cead74b0-d0e5-11e6-9e89-38eaa7874bd0} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {dd5b4b26-a63d-11e7-a043-a41731b37b31} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\MountPoints2: {f5de8969-cf7c-11e7-a0a9-a41731b37b31} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-80-2636429284-1409549652-43199981-1799884323-1242493567\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-11-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2014-10-27]
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memento.lnk [2013-12-15]
ShortcutTarget: Memento.lnk -> C:\Program Files (x86)\Memento\Memento.exe (Guys With Towels)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2013-12-16]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll [171480 2016-05-04] (Audinate Pty. Ltd.)
Winsock: Catalog5-x64 08 C:\Program Files\Audinate\Shared Files\mdnsNSP.dll [179712 2016-05-04] (Audinate Pty. Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.100.1
Tcpip\..\Interfaces\{00e9808f-b5b2-4060-9bde-b0464ad9911a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6c77968f-318b-4dbd-924b-4f680833b784}: [NameServer] 10.1.1.0,10.1.1.100
Tcpip\..\Interfaces\{7d178acf-61fa-4628-b824-5bf112063da1}: [DhcpNameServer] 192.168.100.1 192.168.100.1
Tcpip\..\Interfaces\{861c3a59-3c7c-4f0c-82eb-6a49234637be}: [DhcpNameServer] 10.110.138.1
Tcpip\..\Interfaces\{96fe834b-7d4c-4553-8f82-43838fd9558e}: [DhcpNameServer] 186.177.66.6 186.176.224.6
Tcpip\..\Interfaces\{ac97da4d-6871-4d0e-92ce-71805e7a5003}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c3f104c2-4945-421b-8ab0-d238481a92e2}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-19] (Microsoft Corporation)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-09-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-11-13] (FreeDownloadManager.ORG)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: une08wlp.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\une08wlp.default [2017-12-01]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\une08wlp.default\user.js [2017-08-11]
FF Extension: (Ads Removal) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\une08wlp.default\Extensions\adremoveext@adremoveext.net [2016-08-20] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-07-02] [Lagacy] [not signed]
FF HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2017-01-25] [Lagacy]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-12-04]
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-29]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-29]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-29]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-29]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-29]
CHR Extension: (Skype) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-29]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9216648 2017-11-30] (Emsisoft Ltd)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2305816 2016-08-23] (Broadcom Corporation.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
R2 conmon; C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe [329200 2016-05-04] (Audinate Pty Ltd)
R2 DanteDiscovery; C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe [428504 2016-05-04] (Audinate Pty. Ltd.)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
R2 dvs.manager; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_service.exe [7649280 2016-05-26] (Audinate Pty Ltd) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 iZHost; C:\Program Files (x86)\FPSensor\bin\iZHost.exe [283648 2013-07-24] (ZKSoftware Inc) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-12-16] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-30] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2016-05-27] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS1; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS1\MSSQL\Binn\sqlservr.exe [370368 2016-05-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed]
S4 RoxioBurnLauncher; C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [536848 2012-03-20] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2016-05-27] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS1; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS1\MSSQL\Binn\SQLAGENT.EXE [613056 2016-05-27] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ARCVCAM; C:\WINDOWS\system32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
S3 automap; C:\WINDOWS\system32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2016-08-23] (Broadcom Corporation.)
S3 BTWDPAN; C:\WINDOWS\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-11-28] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 dvs.asio; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\Driver\Win10\dvs_asio.sys [173520 2016-05-26] (Audinate Pty Ltd)
S3 dvs.wdm; C:\WINDOWS\system32\DRIVERS\dvs_wdm.sys [237008 2016-05-26] (Audinate Pty Ltd)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R3 ffusb2audio; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2017-07-26] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-08] (REALiX™)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit)
U5 JMCR; C:\Windows\System32\Drivers\JMCR.sys [176880 2013-12-16] (JMicron Technology Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-28] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-04] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-04] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew01.sys [3363112 2015-07-28] (Intel Corporation)
R3 NIWinCDEmu; C:\WINDOWS\System32\drivers\NIWinCDEmu.sys [112408 2016-09-07] ()
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
S4 RsFx0301; C:\WINDOWS\System32\DRIVERS\RsFx0301.sys [249024 2016-05-27] (Microsoft Corporation)
S3 Saffire; C:\WINDOWS\System32\Drivers\Saffire.sys [242384 2015-12-21] (Focusrite A.E.)
S3 SaffireAudio; C:\WINDOWS\system32\drivers\SaffireAudio.sys [48336 2015-12-21] (Focusrite A.E.)
S3 SaffireMidi; C:\WINDOWS\system32\drivers\SaffireMidi.sys [32336 2015-12-21] (Focusrite A.E.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snp2uvcW10.sys [2530920 2015-12-20] (Sonix Tech. Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 synusb64; C:\WINDOWS\System32\drivers\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 usbaudio2; C:\WINDOWS\System32\drivers\usbaudio2.sys [225792 2017-03-18] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2016-08-23] (HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-05-14] (Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-28] (Zemana Ltd.)
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-04 18:31 - 2017-12-04 18:31 - 000000064 __RSH C:\WINDOWS\system32\Drivers\xusb22.winsecurity
2017-12-04 18:31 - 2017-12-04 18:31 - 000000064 __RSH C:\WINDOWS\system32\Drivers\xboxgip.winsecurity
2017-12-04 18:30 - 2017-12-04 18:44 - 000044402 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-04 18:30 - 2017-12-04 18:30 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-04 18:30 - 2017-12-04 18:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-04 18:30 - 2017-12-04 18:30 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-04 18:30 - 2017-12-04 18:30 - 000000000 ____H C:\ProgramData\cm-lock
2017-12-04 17:52 - 2017-12-04 17:52 - 000023733 _____ C:\Users\Admin\Documents\Memento.notes
2017-12-04 17:25 - 2016-09-26 11:03 - 002189824 _____ (Propellerhead Software AB) C:\WINDOWS\system32\ReWire.dll
2017-12-04 17:07 - 2017-12-04 17:07 - 000000000 ____D C:\Users\Admin\AppData\Local\VS Revo Group
2017-12-04 17:07 - 2017-12-04 17:07 - 000000000 ____D C:\ProgramData\VS Revo Group
2017-12-04 17:07 - 2017-12-04 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-12-04 17:07 - 2017-12-04 17:07 - 000000000 ____D C:\Program Files\VS Revo Group
2017-12-04 17:07 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2017-12-04 15:50 - 2017-12-04 15:50 - 000002315 _____ C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2017-12-04 15:29 - 2017-12-04 18:05 - 012197561 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-04 14:37 - 2017-12-04 14:37 - 000001192 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2017-12-04 13:30 - 2017-12-04 15:29 - 000000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job
2017-12-04 13:30 - 2017-12-04 13:30 - 000003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAdmin
2017-12-04 11:01 - 2017-12-04 11:01 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Cuphead
2017-12-02 06:28 - 2017-12-02 06:28 - 000000000 ___HD C:\OneDriveTemp
2017-11-28 16:12 - 2017-12-04 18:44 - 000000000 ____D C:\FRST
2017-11-28 15:33 - 2017-11-28 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-11-28 15:33 - 2017-11-28 15:33 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-11-28 14:57 - 2017-12-01 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-28 12:47 - 2017-12-04 18:30 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-28 12:47 - 2017-11-28 12:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-11-28 12:47 - 2017-11-28 12:47 - 000000000 ____D C:\Users\Admin\AppData\Local\Zemana
2017-11-28 12:39 - 2017-11-28 12:44 - 000000000 ____D C:\ProgramData\Emsisoft
2017-11-28 12:36 - 2017-12-04 18:38 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-11-28 12:36 - 2017-11-28 12:36 - 000000954 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-11-28 12:36 - 2017-11-28 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-11-28 09:55 - 2017-11-28 09:55 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-28 09:55 - 2017-11-28 09:55 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-28 09:55 - 2017-11-28 09:55 - 000001925 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-28 09:55 - 2017-11-28 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-28 09:55 - 2017-11-28 09:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-28 09:55 - 2017-11-28 09:55 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-28 09:55 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-28 07:40 - 2017-11-28 08:17 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-28 07:40 - 2017-11-28 07:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-28 07:40 - 2017-11-28 07:40 - 000001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-28 07:40 - 2017-11-28 07:40 - 000001435 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-11-28 07:40 - 2017-11-28 07:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-28 07:40 - 2017-11-28 07:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-28 07:40 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-11-24 15:13 - 2017-11-27 20:14 - 000000000 ____D C:\Users\Admin\Documents\VSTConnectPerformer
2017-11-24 15:10 - 2017-11-24 15:10 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg VST Connect Performer 64bit
2017-11-23 08:29 - 2017-11-17 03:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-23 08:29 - 2017-11-17 03:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-23 08:29 - 2017-11-17 03:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-23 08:29 - 2017-11-17 03:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-23 08:29 - 2017-11-17 03:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-23 08:29 - 2017-11-17 03:39 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-23 08:29 - 2017-11-17 03:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-23 08:29 - 2017-11-17 03:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-23 08:29 - 2017-11-17 03:36 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-23 08:29 - 2017-11-17 03:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-23 08:29 - 2017-11-17 03:11 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-23 08:29 - 2017-11-17 03:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-23 08:29 - 2017-11-17 03:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-23 08:29 - 2017-11-17 02:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-23 08:29 - 2017-11-17 02:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-23 08:29 - 2017-11-17 02:54 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-23 08:29 - 2017-11-17 02:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-23 08:29 - 2017-11-17 02:51 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-20 13:00 - 2017-11-20 13:00 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 9.5
2017-11-20 13:00 - 2017-10-10 01:09 - 005438976 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll
2017-11-20 13:00 - 2017-10-10 01:09 - 000086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2017-11-15 13:09 - 2017-11-15 13:09 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-14 21:12 - 2017-11-04 19:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-14 21:12 - 2017-11-04 19:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 21:11 - 2017-11-01 23:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-14 21:11 - 2017-11-01 23:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 21:11 - 2017-11-01 23:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-14 21:11 - 2017-11-01 23:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 21:11 - 2017-11-01 23:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 21:11 - 2017-11-01 23:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-14 21:11 - 2017-11-01 23:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-14 21:11 - 2017-11-01 23:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-14 21:11 - 2017-11-01 23:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-14 21:11 - 2017-11-01 23:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 21:11 - 2017-11-01 23:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-14 21:11 - 2017-11-01 23:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 21:11 - 2017-11-01 22:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-14 21:11 - 2017-11-01 22:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-14 21:11 - 2017-11-01 22:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-14 21:11 - 2017-11-01 22:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-14 21:11 - 2017-11-01 22:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 21:11 - 2017-11-01 22:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-14 21:11 - 2017-11-01 22:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-14 21:11 - 2017-11-01 22:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-14 21:11 - 2017-11-01 22:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-14 21:11 - 2017-11-01 22:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-14 21:11 - 2017-11-01 22:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-14 21:11 - 2017-11-01 22:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-14 21:11 - 2017-11-01 22:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-14 21:11 - 2017-11-01 22:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-14 21:11 - 2017-11-01 22:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-14 21:11 - 2017-11-01 22:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-14 21:11 - 2017-11-01 22:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-14 21:11 - 2017-11-01 22:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 21:11 - 2017-11-01 22:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-14 21:11 - 2017-11-01 22:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-14 21:11 - 2017-11-01 22:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 21:11 - 2017-11-01 22:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-14 21:11 - 2017-11-01 22:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-14 21:11 - 2017-11-01 22:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-14 21:11 - 2017-11-01 22:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-14 21:11 - 2017-11-01 22:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-14 21:11 - 2017-11-01 22:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-14 21:11 - 2017-11-01 22:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 21:11 - 2017-11-01 22:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-14 21:11 - 2017-11-01 22:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 21:11 - 2017-11-01 22:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-14 21:11 - 2017-11-01 22:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-14 21:11 - 2017-11-01 22:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-14 21:11 - 2017-11-01 22:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 21:11 - 2017-10-25 01:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 21:11 - 2017-10-15 09:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-14 21:11 - 2017-10-15 09:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-14 21:11 - 2017-10-15 09:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-14 21:11 - 2017-10-15 08:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-14 21:11 - 2017-10-15 08:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-14 21:11 - 2017-10-15 08:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-14 21:11 - 2017-10-15 08:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-14 21:11 - 2017-10-15 08:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-14 21:11 - 2017-10-15 08:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-14 21:11 - 2017-10-15 08:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-14 21:11 - 2017-10-15 08:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-14 21:11 - 2017-10-15 08:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-14 21:11 - 2017-10-15 08:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-14 21:11 - 2017-10-15 08:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-14 21:11 - 2017-10-15 08:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-14 21:11 - 2017-10-15 08:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-14 21:11 - 2017-10-15 08:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-14 21:11 - 2017-10-15 08:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-14 21:11 - 2017-10-15 08:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 21:11 - 2017-10-15 08:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-14 21:10 - 2017-11-01 23:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-14 21:10 - 2017-11-01 23:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-14 21:10 - 2017-11-01 23:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 21:10 - 2017-11-01 23:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 21:10 - 2017-11-01 23:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 21:10 - 2017-11-01 23:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 21:10 - 2017-11-01 23:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-14 21:10 - 2017-11-01 23:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-14 21:10 - 2017-11-01 23:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-14 21:10 - 2017-11-01 23:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-14 21:10 - 2017-11-01 22:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-14 21:10 - 2017-11-01 22:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-14 21:10 - 2017-11-01 22:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-14 21:10 - 2017-11-01 22:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-14 21:10 - 2017-11-01 22:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-14 21:10 - 2017-11-01 22:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-14 21:10 - 2017-11-01 22:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-14 21:10 - 2017-11-01 22:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 21:10 - 2017-11-01 22:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-14 21:10 - 2017-11-01 22:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-14 21:10 - 2017-11-01 22:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-14 21:10 - 2017-11-01 22:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-14 21:10 - 2017-11-01 22:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-14 21:10 - 2017-11-01 22:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-14 21:10 - 2017-11-01 22:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-14 21:10 - 2017-11-01 22:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-14 21:10 - 2017-11-01 22:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-14 21:10 - 2017-11-01 22:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-14 21:10 - 2017-11-01 22:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-14 21:10 - 2017-11-01 22:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-14 21:10 - 2017-11-01 22:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-14 21:10 - 2017-11-01 22:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 21:10 - 2017-11-01 22:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-14 21:10 - 2017-11-01 22:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-14 21:10 - 2017-11-01 22:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 21:10 - 2017-11-01 22:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-14 21:10 - 2017-11-01 22:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-14 21:10 - 2017-11-01 22:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-14 21:10 - 2017-11-01 22:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 21:10 - 2017-11-01 22:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 21:10 - 2017-11-01 22:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 21:10 - 2017-10-15 08:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-14 21:10 - 2017-10-15 08:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-14 21:10 - 2017-10-15 08:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-14 21:10 - 2017-10-15 08:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-14 21:10 - 2017-10-15 08:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-14 21:10 - 2017-10-15 08:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-14 21:10 - 2017-10-15 08:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-14 21:10 - 2017-10-15 08:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-14 21:10 - 2017-10-15 08:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-14 21:10 - 2017-10-15 08:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-14 21:10 - 2017-10-15 08:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-14 21:10 - 2017-10-15 08:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-14 21:10 - 2017-10-15 08:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-14 21:10 - 2017-10-15 08:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-14 21:10 - 2017-10-15 08:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-14 21:10 - 2017-10-15 08:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-14 11:47 - 2017-11-14 11:47 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2017-11-14 08:59 - 2017-11-14 08:59 - 000000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2017-11-14 08:59 - 2017-11-14 08:59 - 000000000 ____D C:\Users\Public\Documents\Kontakt Factory Selection Library
2017-11-14 08:43 - 2017-11-14 08:43 - 000000000 ____D C:\Program Files (x86)\Native Instruments
2017-11-14 08:43 - 2016-09-07 07:26 - 000112408 _____ C:\WINDOWS\system32\Drivers\NIWinCDEmu.sys
2017-11-13 20:01 - 2017-11-13 20:01 - 000000000 __HDC C:\ProgramData\{BA9B21B7-B87A-400D-9B05-4394F527AFF2}
2017-11-11 06:23 - 2017-11-11 06:23 - 000000000 ____D C:\WINDOWS\Panther
2017-11-04 14:58 - 2017-11-04 14:58 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2968790452-4219215743-1767289616-1000
2017-11-04 14:58 - 2017-11-04 14:58 - 000002415 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-04 18:44 - 2017-03-15 12:54 - 000000000 ____D C:\Users\Admin\AppData\Local\TimeDoctorPro
2017-12-04 18:38 - 2017-06-02 12:33 - 005176782 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-04 18:38 - 2014-06-19 10:15 - 000000000 ____D C:\AdwCleaner
2017-12-04 18:32 - 2014-05-16 13:16 - 000000000 ____D C:\ProgramData\ProductData
2017-12-04 18:32 - 2014-05-16 13:14 - 000000000 ____D C:\ProgramData\IObit
2017-12-04 18:31 - 2015-08-15 17:43 - 000000000 ___RD C:\Users\Admin\OneDrive
2017-12-04 18:31 - 2013-12-15 00:48 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-12-04 18:30 - 2017-06-02 12:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-04 18:30 - 2017-06-02 12:34 - 000000000 ____D C:\Users\Admin
2017-12-04 18:30 - 2017-03-18 05:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-04 17:33 - 2016-01-26 18:09 - 000000000 ____D C:\Program Files (x86)\Nuance
2017-12-04 17:32 - 2016-01-27 17:50 - 000000000 ____D C:\ProgramData\TEMP
2017-12-04 17:25 - 2016-08-23 16:58 - 000000000 ____D C:\Program Files (x86)\VSTPlugIns
2017-12-04 17:25 - 2014-02-11 12:55 - 000000000 ____D C:\Program Files (x86)\Waves
2017-12-04 17:25 - 2013-12-15 19:52 - 000000000 ____D C:\Program Files\Common Files\VST3
2017-12-04 17:25 - 2013-12-14 23:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-04 17:18 - 2016-02-11 11:10 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Avid
2017-12-04 17:18 - 2014-09-02 18:38 - 000000000 ____D C:\Program Files\Common Files\Avid
2017-12-04 17:15 - 2016-09-21 14:04 - 000000000 ____D C:\Users\Admin\Documents\iZotope
2017-12-04 17:10 - 2017-08-30 11:07 - 000000000 ____D C:\ProgramData\TechSmith
2017-12-04 17:10 - 2015-08-15 17:23 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-04 16:48 - 2015-08-15 17:41 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-12-04 16:01 - 2016-02-08 21:25 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-12-04 14:13 - 2017-03-05 22:25 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-04 11:00 - 2014-09-02 18:40 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Celemony Software GmbH
2017-12-04 11:00 - 2013-12-15 19:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Steinberg
2017-12-04 09:28 - 2013-12-15 23:00 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2017-12-04 09:13 - 2017-06-02 12:48 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FE55E7D-14EB-4F8E-96C0-8DDCBE5C1581}
2017-12-04 09:13 - 2017-03-18 15:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-04 09:13 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-02 19:43 - 2017-06-02 12:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-01 19:24 - 2017-03-18 15:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-01 19:22 - 2013-12-15 14:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-01 19:02 - 2016-06-02 10:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-01 15:43 - 2013-12-16 06:55 - 000000000 ___RD C:\Users\Admin\Dropbox
2017-12-01 15:41 - 2015-10-23 21:41 - 000000000 ____D C:\temp
2017-12-01 12:25 - 2014-10-16 17:06 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2017-12-01 11:47 - 2014-10-16 17:06 - 000000000 ____D C:\ProgramData\Skype
2017-12-01 10:32 - 2017-11-02 09:32 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-12-01 10:31 - 2016-06-02 10:39 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-01 10:31 - 2014-01-10 13:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2017-11-29 07:33 - 2013-12-15 07:17 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-29 07:31 - 2013-12-15 07:17 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2017-11-28 16:59 - 2017-06-02 12:48 - 000003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-28 13:05 - 2014-05-16 13:16 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\IObit
2017-11-28 13:05 - 2014-05-16 13:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\IObit
2017-11-28 09:06 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-27 18:18 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-24 15:31 - 2017-01-19 12:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-24 15:10 - 2013-12-15 19:52 - 000000000 ____D C:\Program Files\Steinberg
2017-11-24 07:18 - 2016-02-04 10:26 - 000000000 ____D C:\Users\Admin\Documents\Camtasia Studio
2017-11-23 20:21 - 2017-06-02 12:32 - 004197000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-23 08:31 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-21 07:23 - 2013-12-15 07:32 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 13:02 - 2017-09-22 09:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALion Library Manager
2017-11-20 13:01 - 2017-01-26 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg
2017-11-20 13:00 - 2017-09-22 09:52 - 000001243 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2017-11-20 13:00 - 2016-11-17 11:55 - 000000049 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2017-11-20 13:00 - 2016-11-17 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2017-11-20 13:00 - 2013-12-15 19:52 - 000000000 ____D C:\Program Files (x86)\eLicenser
2017-11-20 12:39 - 2013-12-16 06:35 - 000000000 ____D C:\Program Files (x86)\steinberg
2017-11-18 19:58 - 2013-12-16 21:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-18 19:49 - 2017-10-11 08:24 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-18 19:49 - 2013-12-16 21:07 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 06:49 - 2014-01-12 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-11-15 13:09 - 2013-12-16 06:54 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2017-11-15 12:42 - 2017-06-02 12:48 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 12:42 - 2017-06-02 12:48 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 21:43 - 2016-04-13 08:58 - 000000000 ____D C:\ProgramData\Spectrasonics
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-14 21:37 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-14 08:59 - 2013-12-15 20:01 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2017-11-13 19:59 - 2013-12-15 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-11-11 07:44 - 2013-12-16 13:45 - 000000000 ____D C:\Users\Admin\Documents\Native Instruments
2017-11-11 07:36 - 2017-06-30 06:09 - 000000000 ____D C:\Program Files (x86)\Clickteam Fusion 2.5 Free Edition
2017-11-11 06:37 - 2014-04-11 15:23 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2017-11-10 06:54 - 2017-09-02 07:41 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-10 06:54 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-08 06:29 - 2015-03-12 15:22 - 000000000 ____D C:\+User files
2017-11-05 21:38 - 2015-08-12 12:01 - 000000000 ____D C:\FFOutput
2017-11-04 06:02 - 2017-02-23 19:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== Files in the root of some directories =======
2014-01-08 09:00 - 2014-01-08 09:00 - 002387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2014-01-08 09:00 - 2014-01-08 09:00 - 001732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2017-12-04 15:50 - 2017-12-04 15:50 - 000002315 _____ () C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2014-06-19 10:08 - 2014-06-19 10:08 - 000000024 _____ () C:\Users\Admin\AppData\Roaming\temp.ini
2015-01-20 17:13 - 2017-05-21 06:42 - 000006144 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 15:33 - 2014-11-03 08:50 - 000007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-12-04 13:30 - 2017-12-04 13:30 - 000008704 _____ () C:\Users\Admin\AppData\Local\Temp\hxpe5sh6.dll
2017-11-15 15:01 - 2017-11-15 15:02 - 058818504 _____ (Skype Technologies S.A.) C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-28 09:05
==================== End of FRST.txt ============================


#14 hesca

hesca
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 04 December 2017 - 07:57 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Admin (04-12-2017 18:45:02)
Running from C:\+User files\Desktop\Downloads
Windows 10 Pro Version 1703 15063.729 (X64) (2017-06-02 18:53:12)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Admin (S-1-5-21-2968790452-4219215743-1767289616-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2968790452-4219215743-1767289616-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2968790452-4219215743-1767289616-503 - Limited - Disabled)
Guest (S-1-5-21-2968790452-4219215743-1767289616-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2968790452-4219215743-1767289616-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{30689060-43BD-46E9-8A54-E6CDB18AAB88}) (Version: 20.2.1 - HP Inc.) Hidden
7 Speed Reading 2014 (HKLM-x32\...\{8574C0C9-3286-484B-AEF6-3DEC05C8F217}) (Version: 14.0 - eReflect)
Acrobat.com (HKLM-x32\...\{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (HKLM\...\{887797BF-37A5-4199-B0C9-0D38D6196E9A}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_5445c5ddd9a5c69582d3c1e2bba18f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (HKLM\...\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (HKLM\...\{A3454894-144A-4D80-B605-C128FE0D7329}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (HKLM\...\{8875A1C0-6308-4790-8CF6-D34E89880052}) (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (HKLM\...\{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (HKLM\...\{295CFB7C-A57E-4313-93E7-68E7CE1D0332}) (Version: 1.1 - Adobe Systems Incorporated) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\{F24F876B-7D71-4BD6-88E9-614D3BB84237}) (Version: 1.7.37.0 - Alcor Micro Corp.) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.37.0 - Alcor Micro Corp.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{0336B81E-E745-7FE9-74D5-157EBCDF71E3}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AquaSnap 1.19.1 (HKLM-x32\...\{EDAEE420-7A56-4246-9F0D-2847FD7C29C1}) (Version: 1.19.1 - Nurgo Software)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.38 - ArcSoft)
Authorizer 2.9.2d15 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.2d15 - Propellerhead Software AB)
Authorizer Ignition Key Support (HKLM\...\{AA664481-960B-47E2-959D-2FC100C74D13}) (Version: 1.0.5.0 - Propellerhead Software AB) Hidden
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
BitTorrent (HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - Broadcom Corporation)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Connect (HKLM-x32\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Dante Control and Monitoring (HKLM-x32\...\{32B9C78C-6BA0-456F-8053-5BA6305AEA37}) (Version: 1.10.4.1 - Audinate Pty. Ltd.)
Dante Controller (HKLM-x32\...\{0C0F970D-C74E-4981-AE1E-A59998B6E3F8}) (Version: 3.10.0.19 - Audinate) Hidden
Dante Controller (HKLM-x32\...\{eb68951e-8a65-4c2a-a9b3-543643bfa4d7}) (Version: 3.10.0.19 - Audinate Pty. Ltd.)
Dante Discovery (HKLM\...\{BB809BBB-7F71-402D-B0C0-603008B0BB59}) (Version: 1.2.1.1 - Audinate Pty. Ltd.)
Dante Virtual Soundcard (HKLM\...\{1E3ED5C3-014A-4B79-9A30-947457E38B6E}) (Version: 3.10.0.8 - Audinate) Hidden
Dante Virtual Soundcard (HKLM-x32\...\{38b524c7-f569-4d20-a26c-4be7a1f6fb62}) (Version: 3.10.0.8 - Audinate Pty. Ltd.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
Dropbox (HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.6.2217 - Steinberg Media Technologies GmbH)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.4 - Emsisoft Ltd.)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON K100 Series Printer Uninstall (HKLM\...\EPSON K100 Series) (Version:  - SEIKO EPSON Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.7.5 (HKLM-x32\...\{65B334F4-9E45-11E7-A6A5-005056951CAD}) (Version: 6.7.5.5825 - Evernote Corp.)
FamilySearch Indexing 3.26.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.26.0 - FamilySearch)
FastStone Capture 7.4 (HKLM-x32\...\FastStone Capture) (Version: 7.4 - FastStone Soft)
Fingerprint Reader Driver 2.3.4.0 (HKLM-x32\...\Fingerprint Reader Driver_is1) (Version:  - ZKTeco Inc.)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
GIF Viewer (HKLM-x32\...\GIF Viewer) (Version:  - )
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Hotfix 2569 for SQL Server 2014 (KB3158271) (64-bit) (HKLM\...\KB3158271) (Version: 12.0.2569.0 - Microsoft Corporation)
HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{EC8D12E4-A73C-4C27-B1C7-E9683052E556}) (Version: 4.5.25.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.9.8004.0_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{5877C85D-8CA5-4153-A366-C232ECFE7A2B}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.27.17 - Roxio)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Imagine (HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\Imagine) (Version: 1.1.0 - Chun Sejin)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
kuler (HKLM-x32\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
KX-TE Maintenance Console (HKLM-x32\...\{EF5B455C-7FAA-4978-BB92-29CEBD013C9C}) (Version: 3.000 - )
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Melodyne 3.2 (HKLM-x32\...\{2E337869-756A-4E46-A936-0E67FE043A5E}) (Version: 3.2.0202 - Celemony Software GmbH) Hidden
Melodyne 3.2 (HKLM-x32\...\{5E09FA7C-4B4A-46FB-A554-B7A88E8D7B62}) (Version: 3.2.0202 - Celemony Software GmbH) Hidden
Melodyne 3.2 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.2.0202 - Celemony Software GmbH)
Melodyne 3.2 Demo (HKLM-x32\...\{EC9A0711-9823-4DD2-83C4-039886A3ECF6}) (Version: 3.2.0105 - Celemony Software GmbH) Hidden
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0001 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Memento 1.12 (HKLM-x32\...\Memento_is1) (Version:  - Guys With Towels)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{E2D10175-7411-4EA5-8E32-FA21262B435D}) (Version: 11.2.5592.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{92FBD63F-918C-4465-A283-957B15042D80}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{2C8240B9-2142-4A0E-9678-7F3C678E34C6}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e52a6842-b0ac-476e-b48f-378a97a67346}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIDI Control Center 1.1.0 (HKLM-x32\...\MIDI Control Center_is1) (Version: 1.1.0 - Arturia)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.15.00.540 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 es-ES)) (Version: 52.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.0.32 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
Novation USB Audio Driver 2.6b3 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6b3 - Novation DMS Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{55DFACE8-CBF6-4338-909D-7CEE85C64CC4}) (Version: 3.1.0.1550 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{55DFACE8-CBF6-4338-909D-7CEE85C64CC4}) (Version: 3.1.0.1550 - PACE Anti-Piracy, Inc.)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (HKLM\...\{2D74E972-5A85-44DC-9193-8A302BA8C181}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Reason 9 9.2.2d1 (HKLM\...\Reason9.0Stable_64_is1) (Version: 9.2.2d1 - Propellerhead Software AB)
RedNet Control 1.3 (HKLM\...\{9F9A2255-8A2E-42db-8291-DD82233025E5}}_is1) (Version: 1.3 - Focusrite Audio Engineering Limited)
Retro Boy VST Plug-In (HKLM-x32\...\{3E5F066B-789D-4D50-A7A2-488E7862D55A}_is1) (Version: 1.0.2 - Sound-Base Audio)
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
Roxio MyDVD Business 2010 (HKLM-x32\...\{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}) (Version: 12.1.79.10 - Roxio)
Roxio Secure Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 2.0.31.24 - Roxio)
Saffire MixControl 3.7 (HKLM\...\Saffire PRO 40_is1) (Version: 3.7 - Focusrite Audio Engineering Ltd.)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
Software Intel® PROSet/Wireless WiFi (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{C8511A82-E9FD-4B6D-B1B2-378589D2B48A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{D45C3EC4-282E-4798-98C7-E7BF2362F04E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Caleidoscope Sampler Track Content (HKLM-x32\...\{BD830EFB-4884-422C-8AA0-F564E839FC6F}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Content Updater (HKLM-x32\...\{23BAFE62-0AF0-4D71-98C2-47286139DC45}) (Version: 4.0.0 - Steinberg Media Technologies GmbH)
Steinberg Cubase 7.5 64bit (HKLM\...\{C75E8AD9-C89F-4505-5E87-CFCCEBE284FA}) (Version: 7.5.30 - Steinberg Media Technologies GmbH)
Steinberg Cubase 8.5 64bit (HKLM\...\{81643F2F-C292-46B7-AFB4-8ED2F1FF8AAA}) (Version: 8.5.20 - Steinberg Media Technologies GmbH)
Steinberg Cubase 9 (HKLM\...\{C1F742B9-1B31-4949-9A25-9C4204FADD8B}) (Version: 9.0.1 - Steinberg Media Technologies GmbH)
Steinberg Cubase 9.5 (HKLM\...\{0D6C3731-C484-4711-A85E-D36C9176A237}) (Version: 9.5.0 - Steinberg Media Technologies GmbH)
Steinberg Cubase LE AI Elements 8 64bit (HKLM\...\{C801D1E6-30E3-46BE-368D-0106B42CCE17}) (Version: 8.0.35 - Steinberg Media Technologies GmbH)
Steinberg DDP Player 1.0 (HKLM\...\{D1B50573-EA15-42B8-B5F0-6FC771B493B6}) (Version: 1.0.10 - Steinberg Media Technologies GmbH)
Steinberg Download Assistant (HKLM-x32\...\Steinberg Download Assistant) (Version: 1.6.2 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg EDM Toolbox MIDI Loops (HKLM-x32\...\{8C9B2EA8-9A30-4347-95E9-10E919C4F32E}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.2 - Steinberg Media Technologies GmbH)
Steinberg Generic Lower Latency ASIO Driver 64bit (HKLM\...\{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}) (Version: 1.0.12 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.30 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Acoustic Agent (HKLM-x32\...\{F34EA13C-F078-4003-AE21-43EAB2680EC5}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Allen Morgan Signature Drums (HKLM-x32\...\{09D3BF0C-54D0-40AE-B917-B9BBD7873BB5}) (Version: 2.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.3.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Rock Pop Toolbox Drums (HKLM-x32\...\{E9BFA009-DD72-4F2A-84CB-6DF46472B563}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Content Registration (HKLM-x32\...\{D3BC09D3-55D7-424D-9B7B-5CAF1C6113FD}) (Version: 1.0.0 - Steinberg Media Technologies GmbH) Hidden
Steinberg HALion Library Manager (HKLM\...\{55B14661-3F86-4974-9097-D7508EC63D97}) (Version: 3.0.15 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Component (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 3.0.15 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 2.0.1 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 2.0.1 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Nuendo 7 64bit (HKLM\...\{75C6555C-8BB2-4C51-A3B0-5F96665C4BF9}) (Version: 7.0.35 - Steinberg Media Technologies GmbH)
Steinberg Nuendo 8 (HKLM\...\{D9806ACC-13F8-4FA2-8C3A-E52418F43F3D}) (Version: 8.0.10 - Steinberg Media Technologies GmbH)
Steinberg Nuendo Live 64bit (HKLM\...\{8FAEB2F1-3005-4558-9012-0C6CFEC6EE70}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Production Grooves Content (HKLM-x32\...\{F72824BC-4856-4050-A745-D92BC601CCDE}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 2.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 02 (HKLM-x32\...\{46D333C8-3885-4DC3-BB44-6F8F176EDD49}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg SKI Remote 64bit (HKLM\...\{7C1459C6-FC71-45FD-BABB-74578F9ED460}) (Version: 1.0.7 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Bass Amp Content (HKLM-x32\...\{A2FC1750-B90F-4948-9D6E-DDDA155C6EC8}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg VST Connect Performer 64bit (HKLM\...\{A5E34DC0-C981-4299-BCFA-0CA270B94DE1}) (Version: 4.0.10 - Steinberg Media Technologies GmbH)
Steinberg VST Transit 64bit (HKLM\...\{FF1A114C-0F88-11E5-A6C0-1697F925EC7B}) (Version: 1.0.13 - Steinberg Media Technologies GmbH)
Steinberg WaveLab Pro 9 64bit (HKLM\...\{1E88FAC6-87A1-4CFB-AC83-C551C840855B}) (Version: 9.0.10 - Steinberg Media Technologies GmbH)
Steinberg WaveLab Pro 9.5 64bit (HKLM\...\{4A1B7CDA-699F-4A8B-AEC3-7FA53138FBE6}) (Version: 9.5.10 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Time Doctor Pro (HKLM-x32\...\Time Doctor Pro 1.4.75) (Version: 1.4.75 - Time Doctor LLC)
TinyTake by MangoApps (32 bit) (HKLM-x32\...\{0362DDF1-ED50-48F8-A331-952665B2F0B3}) (Version: 2.5.30.0 - MangoApps) Hidden
TinyTake by MangoApps (HKLM-x32\...\{5526b83d-02bc-49a6-94d6-a8a505c888b9}) (Version: 2.5.30.0 - MangoApps)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voxengo MSED (HKLM\...\Voxengo MSED_is1) (Version: 2.9 - Voxengo)
WebFilteringEngine (HKLM\...\{CE5E1FC7-FD27-493F-A65F-23AD7ED9661D}) (Version: 2.2.1.0 - Lavasoft) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Focusrite (FocusriteRedNetPCIe) Dante Devices  (06/18/2012 1.5.1.1) (HKLM\...\99D167554BAF74C4B3E32523DFFCD66C14D3579D) (Version: 06/18/2012 1.5.1.1 - Focusrite)
Windows Driver Package - Focusrite (FocusriteRedNetPCIe) Dante Devices  (11/14/2013 1.7.1.2) (HKLM\...\320424601D41FDCF93A81BB02E9370183CDB2291) (Version: 11/14/2013 1.7.1.2 - Focusrite)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (05/21/2013 2.5.64.2) (HKLM\...\567E9B3391201C8FD4F17F8C139598186BF94212) (Version: 05/21/2013 2.5.64.2 - Focusrite)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (07/08/2013 2.5.64.2) (HKLM\...\578C66B012E9E7A5E55364203125940D1F96985A) (Version: 07/08/2013 2.5.64.2 - Focusrite)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windscribe version 1.70 build 4 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-07] ()
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-03-01] (TODO: <Company name>)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2012-02-09] (WinZip Computing, S.L.)
ContextMenuHandlers1-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program Files\Movavi\Movavi Video Suite 15\vcContext\vcContext.dll -> No File
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers2-x32: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3-x32: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2012-02-09] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-03] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2015-01-09] (IObit)
ContextMenuHandlers6-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6-x32: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6-x32: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2012-02-09] (WinZip Computing, S.L.)
ContextMenuHandlers6-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program Files\Movavi\Movavi Video Suite 15\vcContext\vcContext.dll -> No File
ContextMenuHandlers1_S-1-5-21-2968790452-4219215743-1767289616-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2968790452-4219215743-1767289616-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2968790452-4219215743-1767289616-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0145622C-1A33-48C1-AD87-D86491A4255B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2013-02-19] (Hewlett-Packard)
Task: {024A312F-CCFC-4C90-B3B2-47E346454456} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {04FF7783-97D9-4A1C-81A7-A785C9C27580} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0560E27B-08E5-4AD2-8D55-7F861CCCFD73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-01] (Microsoft Corporation)
Task: {0B81D777-3302-4B1A-891D-0394129D29B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15] (Adobe Systems Incorporated)
Task: {0B8DD3D6-6B7B-4FC5-86A7-87B3E577FCFE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F4DF38A-6B9F-4D73-98B9-523B1FA3E07E} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {15941882-09F3-44C2-8D02-B564E40ACE5C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {15B70D04-80D4-40A5-AC29-E92A8E485988} - System32\Tasks\{002C183F-B9D1-44E6-A2B0-F4209A208A06} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\K101_x86_1.00ASP_C1_GM.exe -d C:\Users\Admin\Downloads
Task: {15DD2337-3890-44B7-9CB4-4D45B16FB991} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {193652F9-1F26-419C-BB40-B08B25CF5118} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1A3A2CB1-E4C8-4236-9170-3FE822519166} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-18] (Microsoft Corporation)
Task: {2069A43F-2B62-478A-B589-691EEA60C9C6} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {34E4BF65-D740-4B84-89EC-92912EFDD5F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {40982BD5-5E5E-4FE9-A45B-A6DF99144498} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {40AA6505-5BC2-4E89-83D4-51CE960827AF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {482082AB-E028-4D51-8E78-C8421FECD80D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {48AC5771-798E-4967-A253-08F639B8672F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4AD5B03C-5DDF-456A-A86E-9DBAB9E0C783} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4B80C0B7-3841-4402-8A35-8F140DEBB329} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4BE2DE82-A74F-49CC-8E59-D5A190B27052} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit)
Task: {4EFDB7EF-C22E-4E14-9B1F-0B9477066CF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {53804CC7-040D-41D9-8124-EE3BFF9876A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5531C872-2A2E-49CE-82A0-C89394579389} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {586E6951-737B-46DF-BCC9-07EB512FB155} - System32\Tasks\HPCeeScheduleForAdmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {63F352EB-9E56-4E19-B1F6-A29FAB47A90D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {68C3EA6B-C923-4303-A6BA-7190C2C65890} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)
Task: {6A83927D-56A3-40B7-B01B-FAF5F7EF205D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {71198CBD-7705-45F0-BAEA-45147F5FD095} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2968790452-4219215743-1767289616-1000UA1d23918ecec8dac => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {76664A09-58F4-4C6B-B4EA-ED815C7BB73F} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {7688DDED-C3D2-462A-BD1D-8BF675EC94B3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77715545-B1C6-4FA3-B5DE-6918FE242214} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7882695F-49DB-44EC-843A-65C8E2987569} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7B8E3FA5-7FD1-4FDD-82CE-D6F6EA04FF8C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7C165431-1306-4201-A703-9AAEF4A61902} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7E089419-CD77-4314-B5CE-62E4D111B6D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7FC9959A-A3AB-481E-80D4-169CEAF6E9A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-01] (Microsoft Corporation)
Task: {80666E7F-433A-4E9F-8205-F3AB851A19CA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {808662E9-A349-4EBD-99D5-2097C1FF2353} - \ASC11_PerformanceMonitor -> No File <==== ATTENTION
Task: {856A0EC1-0104-424C-A31E-D5DAC4E687EE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {8765ABA1-B0A9-464A-90D0-8FC97FB47411} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {8A11BDFE-6070-4B7A-97BD-A8E7889D5A04} - System32\Tasks\{2C852C0E-2FCF-45AF-BD1F-0EBB77B36A60} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Desktop\Drivers 8470p\sp62339 - Broadcomm wireless LAN driver and utility (international).exe" -d "C:\Users\Admin\Desktop\Drivers 8470p"
Task: {8BB0FA50-9698-4FE9-B2F0-2C22D2012529} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {8EA16220-E2DB-434C-9E80-2AED3BA5B80A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {98A0251C-455B-409A-BF33-A9BF12515D6A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E3DDB12-F8D7-4243-BAC3-7862E959EC4D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9F0D4E3E-E4DE-4D76-ACE7-9FEEC7D3C701} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A6B63B63-B689-4CED-884F-40CA8CE3B6FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A9940BDB-0AF6-4328-A3EE-77C4D9BAB6E4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA1F0465-FE18-4A63-86AA-EADD197E2692} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B036DF53-7452-4219-90D7-585495209F5A} - System32\Tasks\TinyTakeUpgrade => C:\Program Files (x86)\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-01-23] ()
Task: {B1BAE1A5-6EFF-4913-BA5D-BE678275653B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B52A7872-E15E-4061-A057-7F1CB1DC1D57} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {BB9B952E-6D50-4C1B-9E06-E6E2A3AAFA31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BDA8F288-5840-4AD1-8A9D-0AB880FA6E2D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2968790452-4219215743-1767289616-1000Core1d23918ece5608b => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {BE45291C-BEA0-4108-AA94-230A85320E6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {BE604A22-2705-4762-9BEA-46939FAB33CD} - System32\Tasks\{5C3753FF-8402-4EE5-B903-318DBDEFE91F} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Desktop\Drivers 8470p\sp61626 - Intel my wifi and wireless drivers for ms windows 7 (international).exe" -d "C:\Users\Admin\Desktop\Drivers 8470p"
Task: {BF18B809-B978-4EBB-8CD5-FDE43B90C7F0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C3326226-F077-4AB2-9449-CAD9B2EE2FC1} - \ASC11_SkipUac_Admin -> No File <==== ATTENTION
Task: {CB3DDAE6-A03D-45A4-AB97-04CB2ACB7166} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D932D98D-8B26-44B0-B628-0F8C472B8B01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {DB78558E-7F18-419E-9B7F-4D658F9EC8EE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DFE1AF85-AB10-4EC7-BADE-FFBF851F0E53} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)
Task: {E41D85FD-BF05-46D8-A551-033551AF089E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {E8A6393E-F448-482E-B40C-603C5C3D399E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA0005D1-D151-4DE1-ADEE-734FB9282377} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {F753FAF9-B15E-404B-9D5E-AD8871448245} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FF2DCD26-E995-418F-8A64-B540F53C8E4E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2968790452-4219215743-1767289616-1000Core1d23918ece5608b.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2968790452-4219215743-1767289616-1000UA1d23918ecec8dac.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Admin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2010-08-19 02:52 - 2010-08-19 02:52 - 000229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2017-07-26 01:58 - 2017-07-26 01:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2017-11-28 09:55 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-28 09:55 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-08 08:37 - 2017-11-08 08:37 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-07 20:42 - 2017-03-07 20:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-15 12:53 - 2016-11-22 23:40 - 006039952 _____ () C:\Program Files (x86)\TimeDoctorPro\timedoctorpro.exe
2017-03-18 14:59 - 2017-03-18 20:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2013-12-19 13:57 - 2013-12-19 13:57 - 000158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2016-02-08 12:05 - 2015-01-09 18:46 - 000517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2017-01-20 13:15 - 2016-06-21 19:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-01-20 13:15 - 2016-06-21 19:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-01-20 13:15 - 2016-06-21 19:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-08-02 08:21 - 2015-12-23 18:31 - 000625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-11-28 07:40 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-11-28 07:40 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-11-28 07:40 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-11-28 07:40 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-27 08:34 - 2016-01-11 17:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2016-12-27 08:34 - 2016-01-11 17:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2017-03-15 12:53 - 2016-11-22 23:37 - 000030208 _____ () C:\Program Files (x86)\TimeDoctorPro\QtSolutions_SingleApplication-2.6.dll
2017-03-15 12:53 - 2016-05-27 08:48 - 002064384 _____ () C:\Program Files (x86)\TimeDoctorPro\opencv_imgproc2413.dll
2017-03-15 12:53 - 2016-05-27 08:47 - 002207744 _____ () C:\Program Files (x86)\TimeDoctorPro\opencv_core2413.dll
2017-03-15 12:53 - 2016-05-27 08:48 - 000836096 _____ () C:\Program Files (x86)\TimeDoctorPro\opencv_highgui2413.dll
2017-03-15 12:53 - 2016-11-22 23:37 - 000501248 _____ () C:\Program Files (x86)\TimeDoctorPro\sqldrivers\qsqlcipher.dll
2017-11-15 13:09 - 2017-11-13 04:26 - 000725312 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-11-15 13:09 - 2017-11-13 04:26 - 002075456 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-11-15 13:09 - 2017-11-13 04:26 - 000100296 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000018888 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\select.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000020800 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000035792 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000694224 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000021848 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000130512 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 001856848 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000022864 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000145864 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000116688 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-11-15 13:09 - 2017-11-13 04:26 - 000105928 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000022864 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000040248 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000024528 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000043472 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000062784 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000392656 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-11-15 13:09 - 2017-11-13 04:26 - 000020936 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000124880 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000116176 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000392512 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000026456 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000024016 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000175560 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000030160 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000026056 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000048592 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000057808 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000021824 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000023368 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000066392 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000025432 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000022856 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 001796920 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000084424 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\sip.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 001956152 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 003859264 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000155464 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000521024 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000050496 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000042304 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000131384 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000218944 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000204096 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000060880 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000054608 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000024016 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000022864 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000100688 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000028616 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000022360 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000021848 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000022360 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000027488 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000349128 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000101184 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-11-15 13:09 - 2017-11-13 04:29 - 000023896 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000025424 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000036296 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\librsync.dll
2017-11-15 13:09 - 2017-11-13 04:28 - 000032600 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-11-15 13:09 - 2017-11-13 04:26 - 000293392 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-11-15 13:09 - 2017-11-13 04:28 - 000181056 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-11-15 13:09 - 2017-11-13 04:29 - 000030536 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000024368 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libEGL.DLL
2017-11-15 13:09 - 2017-11-13 04:28 - 001638200 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-11-15 13:09 - 2017-11-13 04:29 - 000026456 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000545080 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000359224 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-11-15 13:09 - 2017-11-13 04:28 - 000038208 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-12-01 19:22 - 2017-12-01 19:22 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ClientTelemetry.dll
2016-02-08 12:05 - 2015-03-27 15:39 - 000182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2016-02-08 12:05 - 2015-01-09 18:46 - 000145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2016-02-08 12:05 - 2014-10-16 10:26 - 000622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2017-01-20 13:15 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-01-20 13:15 - 2016-09-26 13:59 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2013-12-14 23:48 - 2013-12-16 06:52 - 001200088 ____N () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:7961E5EF242CFC51 [1]
AlternateDataStreams: C:\Windows:CM_da9d31e00c781fdfd84b215d205d5f90fc44f8ff275ddfa6ee17645736872f2c [66]
AlternateDataStreams: C:\Windows:CM_eb999e4359bf08e29598952ae7a5e8effa258c799cf884d96cdfc2af90311a93 [32]
AlternateDataStreams: C:\Users\All Users:7961E5EF242CFC51 [1]
AlternateDataStreams: C:\Users\Admin\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Admin\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Admin\Downloads\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Admin\Documents\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\ProgramData\Application Data:7961E5EF242CFC51 [1]
AlternateDataStreams: C:\ProgramData\PACE:32D9DF48616BB321 [217]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [132]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2017-08-30 19:50 - 000001591 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-80-2636429284-1409549652-43199981-1799884323-1242493567\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: conmon => 2
MSCONFIG\Services: DanteDiscovery => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioBurnLauncher => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: vcsFPService => 2
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EPSONC54C09 (K100) => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIG2L.EXE /FU "C:\Users\Admin\AppData\Local\Temp\E_S4A3E.tmp" /EF "HKCU"
MSCONFIG\startupreg: Forte Control => C:\Program Files\Focusrite\Forte Control\Forte Control.exe -silent
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\StartupApproved\StartupFolder: => "Google Chrome.lnk"
HKU\S-1-5-21-2968790452-4219215743-1767289616-1000\...\StartupApproved\Run: => "ISUSPM"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8AC9BBE7-186D-4CD1-A046-DDF24C96AA7B}] => (Block) LPort=445
FirewallRules: [{ECE0FAF8-6EE1-4C9E-9AD8-54BBBBD3D492}] => (Block) LPort=445
FirewallRules: [{AD568CAB-04D8-4541-898F-D3338FDF650A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{064C6D9B-BE1A-46CE-95F4-4E04D346C1E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{69FE98B2-4B0E-473F-B0FD-78BCEF45B6A7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{579E458E-6F99-4D52-96F1-9776674C634E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{52D729E4-F7C4-474D-9777-0C20F5EB757B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E20E172-50BA-4586-BEBF-763107BB1D51}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B63B498-2EEB-4290-8578-E985BF0CAB41}] => (Allow) C:\Program Files\Steinberg\Cubase 9\Cubase9.exe
FirewallRules: [{2E66DB76-5B18-46B0-929D-35644BDD1EC2}] => (Allow) LPort=51113
FirewallRules: [{DE40CB6F-48D6-4432-B5D4-6888B6991C07}] => (Allow) LPort=51112
FirewallRules: [{86380B33-CB3F-4C24-BD33-CA3B256CAFA3}] => (Allow) LPort=51111
FirewallRules: [{0758238F-43DC-441D-9DD7-018923E90442}] => (Allow) C:\Program Files\Steinberg\Cubase 8.5\Cubase8.5.exe
FirewallRules: [UDP Query User{57592AF0-C01C-4C59-ABE2-1C52C84E7844}C:\program files\steinberg\cubase le ai elements 8\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 8\components\vstbridgeapp.exe
FirewallRules: [TCP Query User{77BB1421-B20C-4D32-AA37-F863D92C431F}C:\program files\steinberg\cubase le ai elements 8\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 8\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{FE812C5F-DA66-4F3D-A67D-E4B8CDFB8CBA}C:\program files\steinberg\cubase le ai elements 8\cubase le ai elements 8.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 8\cubase le ai elements 8.exe
FirewallRules: [TCP Query User{F462049F-AAB5-43D7-BE63-0300F7661498}C:\program files\steinberg\cubase le ai elements 8\cubase le ai elements 8.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 8\cubase le ai elements 8.exe
FirewallRules: [{A0799A1E-D7C8-43D3-B432-DBA68EF9C99E}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C00DBA33-70E7-43F2-9112-DA577030B201}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{578F843D-9580-42E4-A34D-6844FF168012}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{900B3330-4ADB-4E37-9EC3-632947848F6B}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{34719CC2-A2B9-41F1-BA00-F3F6A9609290}] => (Allow) C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{BB89F6D4-85EE-4633-9397-D1442EA38EAF}] => (Allow) C:\Program Files (x86)\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{FC601AAA-1968-48D1-8BA6-0922AED925E4}] => (Allow) C:\Program Files (x86)\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{33CDD1A4-0461-4086-91F3-39E72AB4D071}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B13A5FA9-9B25-4771-9BD9-90F5C046CF93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7BEEFF5-6FB4-4801-AE17-763FA46A0C25}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E5777F26-688E-40CF-9B9E-391481FB5072}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{C176819F-9A11-4A1A-9159-8C8DF67C2EEE}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [TCP Query User{A2DF584B-D840-4083-AD31-8707DE3EA97F}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{CF3C2681-DA1F-4361-A5D1-757B9113C15E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{A876F497-EF3C-4469-B548-94A25825A161}] => (Allow) LPort=51113
FirewallRules: [{3CE28DA7-BCA1-4505-9B95-28B02D11E224}] => (Allow) LPort=51112
FirewallRules: [{835B1E0D-A972-42D5-9945-479AE163E939}] => (Allow) LPort=51111
FirewallRules: [{46817390-5A37-4760-953D-2847F1759315}] => (Allow) LPort=5353
FirewallRules: [{E5632AF7-1D55-4E33-95D6-9E660C145E89}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{7F4AD0AC-E2EE-4D31-96AA-419C229AF446}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{042A1A03-C5E8-4FA1-AC95-49BA5FD936D3}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{77456388-4CD7-40AB-9FDB-C0D2883D0B2B}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A58A7D41-E54B-411A-9A19-CA51B3CB3F9E}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{3A16AAB9-7654-477F-A437-92B9CF08FBB7}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{E991C47C-EA29-4F32-A2FA-E8D21FFB205F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{AFE124CD-015F-4B78-AB1F-51CF14783858}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A9B5A771-E191-459D-99F8-8E29209059F6}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{B05BFA9A-0D24-42E9-9E3B-FA8784D996D0}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A5F2901B-5DE5-4040-A280-75AFB2D3BCD7}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C5A03923-E25F-4E61-8B57-9540D9A89653}] => (Allow) D:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{CEC365BA-E91F-45C9-A4F9-FD84253F56A1}] => (Allow) D:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{DACE223D-E8A3-42C0-BCBE-F68EFCBE7549}] => (Allow) D:\SteamLibrary\SteamApps\common\Batman Arkham City GOTY\RunLauncher.bat
FirewallRules: [{6926FBDF-4EAE-4987-B1A3-A3C85372AA8A}] => (Allow) D:\SteamLibrary\SteamApps\common\Batman Arkham City GOTY\RunLauncher.bat
FirewallRules: [TCP Query User{A04DA872-3099-4291-B9D2-6F9E4A0D6735}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F1433FC4-E2FC-4A18-8675-EDAFCE907639}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{25A0C8BF-9D02-4B30-842A-E38C64E3785D}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{224D87E9-24D5-4FFD-9B79-05B2E70F1F81}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{AF11A7A0-997C-42A7-8294-D679625CF4F5}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FC143A6F-6B23-4A95-A323-E90D39248B2C}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{57702AA7-9BE5-48E6-81DA-00F9FF4E6F7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A59E6EB-AEE0-492D-A995-1960E2351BA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{75616989-3058-4C9B-92B0-EB32A68A3725}C:\program files\steinberg\cubase 7.5\cubase7.5.exe] => (Allow) C:\program files\steinberg\cubase 7.5\cubase7.5.exe
FirewallRules: [UDP Query User{43629D6E-3F29-4C97-8351-3314C82B5345}C:\program files\steinberg\cubase 7.5\cubase7.5.exe] => (Allow) C:\program files\steinberg\cubase 7.5\cubase7.5.exe
FirewallRules: [TCP Query User{4884B01B-2863-4869-8244-98D0DDABB8BC}C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{BC3A127C-0911-466E-B96D-56B61645F728}C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe
FirewallRules: [TCP Query User{05AE18A1-6508-4662-92BF-BD8C16064D84}C:\program files\steinberg\cubase 7.5\cubase7.5.exe] => (Allow) C:\program files\steinberg\cubase 7.5\cubase7.5.exe
FirewallRules: [UDP Query User{EEB66337-F123-4873-AE79-6D23FB411E69}C:\program files\steinberg\cubase 7.5\cubase7.5.exe] => (Allow) C:\program files\steinberg\cubase 7.5\cubase7.5.exe
FirewallRules: [TCP Query User{8ADB0F11-DF88-4157-88E6-BDD4A9CAF13B}C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{8A0CDB2A-47FF-4B8B-876A-AB6B0371B6FE}C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7.5\components\vstbridgeapp.exe
FirewallRules: [{5885E3DF-69F0-4844-BC4B-CCB017E902F9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{4664D074-AF80-4610-A91A-AC581DABC7B9}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{013BA9A1-1A76-4D78-BE16-6721D2DE6051}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{B8EFAB7E-B6D5-4FF1-B69C-114CCBDC3266}] => (Allow) LPort=8751
FirewallRules: [{415FBF53-8DF0-4E48-95E9-410459F76CF1}] => (Allow) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [{44A898E1-30EE-4242-A046-ADD19EEC2D12}] => (Allow) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [TCP Query User{CC6D4633-430D-4586-8ECA-C0E9233CFA86}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [UDP Query User{7D6C3A66-67B7-4139-B4CE-1338AFC85074}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [TCP Query User{CB9C806E-0672-472E-AD15-F8833DCB6ACF}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [UDP Query User{02447A6B-EF49-49BA-9CD5-A2A5AF426349}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [TCP Query User{44F7463B-4ABB-4609-AD66-4CED479E7439}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => (Allow) C:\program files (x86)\audinate\dante controller\dantecontroller.exe
FirewallRules: [UDP Query User{D46A973E-B68C-4FC7-A2A2-5C372EBBA4D3}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => (Allow) C:\program files (x86)\audinate\dante controller\dantecontroller.exe
FirewallRules: [TCP Query User{B72FEDE2-F3E3-40B8-AD63-C19156F45AA9}C:\program files\steinberg\cubase 8.5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 8.5\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{C5647FDB-59BA-42EE-B93C-C2F1216B3C24}C:\program files\steinberg\cubase 8.5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 8.5\components\vstbridgeapp.exe
FirewallRules: [TCP Query User{26B723CD-22CD-411B-BE13-310CEE946866}C:\program files\steinberg\nuendo 7\nuendo7.exe] => (Allow) C:\program files\steinberg\nuendo 7\nuendo7.exe
FirewallRules: [UDP Query User{159214A0-E1C3-492A-B9C7-BD68C8D7422E}C:\program files\steinberg\nuendo 7\nuendo7.exe] => (Allow) C:\program files\steinberg\nuendo 7\nuendo7.exe
FirewallRules: [TCP Query User{1078EBAF-1AFA-4FA4-8E98-87B9DA31AF55}C:\program files\steinberg\nuendo 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\nuendo 7\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{974A6052-19BC-4192-B2BC-E6864809B63F}C:\program files\steinberg\nuendo 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\nuendo 7\components\vstbridgeapp.exe
FirewallRules: [{3A5A7377-6F86-48E4-801A-A839484C458C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30635C9E-2B8B-4515-914A-B2DC60C79C0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A40518E6-744D-47B0-8343-3AFE50262ED8}C:\program files\steinberg\cubase 8.5\cubase8.5.exe] => (Allow) C:\program files\steinberg\cubase 8.5\cubase8.5.exe
FirewallRules: [UDP Query User{E2937CA8-2236-4406-A4FF-BC5C5BD6AF2D}C:\program files\steinberg\cubase 8.5\cubase8.5.exe] => (Allow) C:\program files\steinberg\cubase 8.5\cubase8.5.exe
FirewallRules: [TCP Query User{74AC273E-0CAF-4207-8631-7B04CE75BDB8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{148484C6-E16A-46AB-BDC3-4AFA4F8DE35D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{5E0A3687-C2C0-4CCC-9247-08C829A4A2DB}] => (Allow) C:\Program Files (x86)\Audiokinetic\Wwise 2016.1.1.5823\Authoring\Win32\Release\bin\Wwise.exe
FirewallRules: [{B81011C0-6195-4840-8930-84F0AF915493}] => (Allow) C:\Program Files (x86)\Audiokinetic\Wwise 2016.1.1.5823\Authoring\Win32\Release\bin\Wwise.exe
FirewallRules: [{5A52E01D-4551-4F2E-A7BC-525F21C392F2}] => (Allow) C:\Program Files (x86)\Audiokinetic\Wwise 2016.1.1.5823\Authoring\x64\Release\bin\Wwise.exe
FirewallRules: [{0A5EA424-C4AB-4BA1-84F9-1710631EFC03}] => (Allow) C:\Program Files (x86)\Audiokinetic\Wwise 2016.1.1.5823\Authoring\x64\Release\bin\Wwise.exe
FirewallRules: [TCP Query User{B4365730-CD3A-4E70-8BFA-94E6B27DF307}C:\+user files\wwise projects\wwise lessons\cube\win32\profile\bin\cube.exe] => (Allow) C:\+user files\wwise projects\wwise lessons\cube\win32\profile\bin\cube.exe
FirewallRules: [UDP Query User{C7F81480-E654-415C-9CF2-13A7574E3CDD}C:\+user files\wwise projects\wwise lessons\cube\win32\profile\bin\cube.exe] => (Allow) C:\+user files\wwise projects\wwise lessons\cube\win32\profile\bin\cube.exe
FirewallRules: [TCP Query User{98DC1A98-9251-4044-9FE3-76D3EB7F842E}C:\program files (x86)\audiokinetic\wwise 2016.1.1.5823\limbo\playgame\limbo.exe] => (Allow) C:\program files (x86)\audiokinetic\wwise 2016.1.1.5823\limbo\playgame\limbo.exe
FirewallRules: [UDP Query User{4BECFE38-624B-4453-8847-B6A3F08A26CB}C:\program files (x86)\audiokinetic\wwise 2016.1.1.5823\limbo\playgame\limbo.exe] => (Allow) C:\program files (x86)\audiokinetic\wwise 2016.1.1.5823\limbo\playgame\limbo.exe
FirewallRules: [{9DCE06F2-242F-401D-9569-99A5886C4937}] => (Allow) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [{5BAEED7A-44F3-4125-B8D9-58481A1F7B41}] => (Allow) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [{B3C2C849-765B-4894-B48E-D34E589A2D67}] => (Allow) LPort=8800
FirewallRules: [{76D43242-BEF9-4213-A743-D29DD5827C1A}] => (Allow) LPort=8002
FirewallRules: [{BAE6CD03-55E0-4531-B2A1-E9809E9580CD}] => (Allow) LPort=14600
FirewallRules: [{163FBF88-97A1-4E00-9D51-85EA19681925}] => (Allow) LPort=8751
FirewallRules: [{1F447935-D1EA-427B-AEB5-F31B1FF09FDE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C56861DA-6649-4D20-8186-88D55070AAC9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4C2F02BA-BD4A-4AF6-80F0-2CE04C221572}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7AFE82EC-BBF6-4BA6-AD6D-7A7648172EF5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B25E2C18-B96C-4FED-A45E-0972D50F4700}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{E5A3AF67-B4B8-468A-81E1-E267BC7D2D4D}C:\program files\steinberg\nuendo 8\nuendo8.exe] => (Allow) C:\program files\steinberg\nuendo 8\nuendo8.exe
FirewallRules: [UDP Query User{6B16EF8E-D000-48CD-8615-CB15994585D5}C:\program files\steinberg\nuendo 8\nuendo8.exe] => (Allow) C:\program files\steinberg\nuendo 8\nuendo8.exe
FirewallRules: [{F7033C26-3885-400F-A8C7-2C0E085CDF61}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC87EE38-0062-447A-94CB-65BEE3359DDA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7C8D8F16-1B9D-4ABD-A1A7-81EBB495FA11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CE4EF253-7C20-432D-B91C-23989858832D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{FC0B9BD5-B6A3-4A8B-B252-0BF700D6B06B}C:\program files\steinberg\cubase 9.5\cubase9.5.exe] => (Allow) C:\program files\steinberg\cubase 9.5\cubase9.5.exe
FirewallRules: [UDP Query User{EF1210E4-ECBE-4342-9B75-F0DE678658D3}C:\program files\steinberg\cubase 9.5\cubase9.5.exe] => (Allow) C:\program files\steinberg\cubase 9.5\cubase9.5.exe
FirewallRules: [{8F08DD0D-A33C-459F-9C66-37A3B3797F06}] => (Allow) C:\Program Files\Steinberg\VST Connect Performer\VST Connect Performer.exe
FirewallRules: [{52B7138A-93C1-436D-BBA2-71B492BDC37E}] => (Allow) LPort=51111
FirewallRules: [{3315B6D2-AAEA-4F28-B428-97740922DA11}] => (Allow) LPort=51112
FirewallRules: [{78B340BF-7890-4CCF-A03F-5C832F0EEFA3}] => (Allow) LPort=51113
FirewallRules: [{0DD56085-CF74-44A9-9297-398479EFF533}] => (Allow) LPort=51117
FirewallRules: [{CB2712ED-59B3-4B2E-963B-DA38303EAB2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BB4DAE48-0962-4BD4-800B-2E3162A9F2E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5EAD301D-E03D-4BF6-A05B-C28330C7CA5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{695C8B60-F934-4D9D-A707-A37CA868F2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
04-12-2017 17:17:08 Removed Avid Pro Tools First.
04-12-2017 18:07:39 AA11
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (12/04/2017 06:39:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3354
Faulting application start time: 0x01d36d617790e457
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: c9deaa6c-3761-4547-96db-346d612074e8
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (12/04/2017 06:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3354
Faulting application start time: 0x01d36d617790e457
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 19a2d5ce-51f6-47c2-ab7e-24ba251aed81
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (12/04/2017 06:30:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 20.10.10.10.in-addr.arpa. PTR Elitebook8470p.local.
Error: (12/04/2017 06:30:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.10.10.20:5353   24 20.10.10.10.in-addr.arpa. PTR Elitebook8470p-2.local.
Error: (12/04/2017 06:07:51 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
Error: (12/04/2017 06:07:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation
Context:
   Current State: DoSnapshotSet
Error: (12/04/2017 06:04:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation
Context:
   Current State: DoSnapshotSet
Error: (12/04/2017 05:33:15 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Elitebook8470p)
Description: Application or service 'Dragon Service' could not be restarted.
Error: (12/04/2017 05:30:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation
Context:
   Current State: DoSnapshotSet
Error: (12/04/2017 05:23:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation
Context:
   Current State: DoSnapshotSet

System errors:
=============
Error: (12/04/2017 06:30:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/04/2017 06:30:52 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (12/04/2017 06:30:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/04/2017 06:30:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.
Error: (12/04/2017 06:30:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (12/04/2017 06:30:50 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
Error: (12/04/2017 06:30:18 PM) (Source: DCOM) (EventID: 10010) (User: Elitebook8470p)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (12/04/2017 06:27:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/04/2017 06:27:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (12/04/2017 06:27:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2017-12-04 18:39:25.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
  Date: 2017-12-04 18:39:20.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:39:20.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:39:18.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:39:18.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:39:10.965
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:39:10.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:39:10.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:39:10.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-04 18:37:01.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 32%
Total physical RAM: 12221.51 MB
Available physical RAM: 8295.15 MB
Total Virtual: 17597.51 MB
Available Virtual: 12931.13 MB
==================== Drives ================================
Drive c: (Audio) (Fixed) (Total:220.63 GB) (Free:28.53 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
Drive f: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:517.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: A292623A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=851 MB) - (Type=27)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 69A3A1F7)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================


#15 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 06 December 2017 - 12:28 AM

Hi hesca,

Good job posting the logs. :thumbup2: I see you removed the AdAware Av product which should help your performance.

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove this program, please use Revo Uninstaller to remove it.
If you wish to keep it, please do not use it until your computer is cleaned.

Regarding your removal of the cracked software. Your latest FRST logs show that these programs are still installed. If you did uninstall them AFTER your ran the FRST scan, then please perform another FRST scan and post the logs.

Otherwise:

  • Please use Revo Uninstaller to uninstall all of the cracked software.
  • Perform another FRST Scan
  • Copy and paste FRST.txt and Addition.txt into your next reply to me

Next:

  • Right Click CKScanner.exe and select, Run as administrator
  • Give permission if necessary, and click Search For Files
  • After a very short time, when the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved. Please run the program only once
  • Double-click the CKFiles.txt icon on your desktop
  • Copy and paste the contents of the logfile into your next reply to me

I have a question. Can I reinstall Google Chrome now? Its the one thing I would need to test if the fixes worked.

I would hold off until all the cracked software is removed.

In summary I need the following:

  • Whether or not you removed the BitTorrent program
  • Confirmation that you removed all of the cracked software
  • FRST.txt
  • Addition.txt
  • CKFiles.txt

Let me know if you have any questions.

polskamachina


Member of the Bleeping Computer A.I.I. early response team!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users