Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 works fine in safe mode, freezes/hangs in normal mode after login.


  • This topic is locked This topic is locked
1 reply to this topic

#1 DonnieBrasco

DonnieBrasco

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 17 February 2018 - 10:41 AM

Had a few problem the past few days with my computer. I've tried disabling all startup services but it still freezes. I was getting a few BSODS but managed to solve them. If I bootup windows and wait at the login screen it doesn't freeze. It freezes a couple of minutes after logging in.

 

FRST LOG: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by Henry (administrator) on HENRY-PC (17-02-2018 15:32:10)
Running from D:\Kali
Loaded Profiles: Henry (Available Profiles: Henry & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\MountPoints2: {22196bb5-64bb-11e3-9bc0-74d02b9e4e87} - E:\setup.exe
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\MountPoints2: {b8dbb90a-e809-11e3-9e75-74d02b9e4e87} - F:\Password.exe
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\MountPoints2: {c967a02f-a08e-11e2-934b-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\THEMAT~1.SCR [2585088 2016-06-01] (The Matrix Trilogy Screensaver Development Team)
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2B7CF82F-4C5C-490B-96E4-963F8E5EC2DD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2B7CF82F-4C5C-490B-96E4-963F8E5EC2DD}: [DhcpNameServer] 77.244.128.44 77.244.128.45
Tcpip\..\Interfaces\{80600D39-FAD2-454E-A2F0-16D941F9998F}: [NameServer] 192.168.0.12
Tcpip\..\Interfaces\{B010732C-84FF-4C74-8C5F-BDDF3F04EFF8}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF DefaultProfile: biqorgex.default-1452387697667
FF ProfilePath: C:\Users\Henry\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\dyjgumrt.default [2014-05-05]
FF Homepage: OpenVPN Technologies\OpenVPN Client\Profiles\dyjgumrt.default -> resource://webapp/openvpn.html
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\biqorgex.default-1452387697667 [2018-02-15]
FF Homepage: Mozilla\Firefox\Profiles\biqorgex.default-1452387697667 -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Hide BookmarksBar) - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\biqorgex.default-1452387697667\Extensions\{311ece6e-ea6a-442f-a02a-a362e561d892}.xpi [2016-01-10] [Legacy]
FF Extension: (No Name) - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\biqorgex.default-1452387697667\extensions\amcontextmenu@loucypher [not found]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-04-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Henry\AppData\Roaming\rcru\plugins\nprcplugin.dll [2014-01-15] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3050935602-3282754538-1966401586-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Henry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3050935602-3282754538-1966401586-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Henry\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3050935602-3282754538-1966401586-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Henry\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3050935602-3282754538-1966401586-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Henry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> History
CHR Profile: C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default [2018-02-17]
CHR Extension: (Super Netflix) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2018-01-09]
CHR Extension: (BetterTTV) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-22]
CHR Extension: (Docs) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-29]
CHR Extension: (Tampermonkey) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-10]
CHR Extension: (timeStats) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2017-08-02]
CHR Extension: (Google Docs Offline) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-24]
CHR Extension: (AdBlock) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-17]
CHR Extension: (Amazon™ Sort - Number of Reviews) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepimngelnnmpbpklphhbbmalefoploi [2017-11-10]
CHR Extension: (Imagus) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2018-02-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-29]
CHR Extension: (The Great Suspender) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-14]
CHR Extension: (Linkclump) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2018-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Fast Video Downloader) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-07-02]
CHR Extension: (Better History) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-14]
CHR Profile: C:\Users\Henry\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-12]
CHR HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Henry\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-24]
StartMenuInternet: Google Chrome Canary.KVRH4F3W4KVCDIGSPAC4NPUZHQ - C:\Users\Henry\AppData\Local\Google\Chrome SxS\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-11] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-14] ()
S2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek)
S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek)
S2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-15] ()
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
S3 cleanhlp; D:\Run\cleanhlp64.sys [57024 2013-08-27] (Emsisoft GmbH)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-12-17] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S1 MpKsl09b33517; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl09b33517.sys [58120 2018-02-15] (Microsoft Corporation)
S1 MpKsl0afa2ddc; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl0afa2ddc.sys [58120 2018-02-15] (Microsoft Corporation)
S1 MpKsl16dc484a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl16dc484a.sys [58120 2018-02-15] () [File not signed]
S1 MpKsl2d9b1ebd; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl2d9b1ebd.sys [58120 2018-02-15] () [File not signed]
S1 MpKsl3f107d2b; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl3f107d2b.sys [58120 2018-02-17] (Microsoft Corporation)
S1 MpKsl51e99bbc; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl51e99bbc.sys [58120 2018-02-15] (Microsoft Corporation)
S1 MpKsl63453f21; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl63453f21.sys [58120 2018-02-15] (Microsoft Corporation)
S1 MpKsl9200823b; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl9200823b.sys [58120 2018-02-15] () [File not signed]
S1 MpKsl9e29f990; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsl9e29f990.sys [58120 2018-02-15] (Microsoft Corporation)
S1 MpKslaa4f419f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKslaa4f419f.sys [58120 2018-02-17] (Microsoft Corporation)
S1 MpKslc36425fe; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKslc36425fe.sys [58120 2018-02-17] (Microsoft Corporation)
S1 MpKsle1261815; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKsle1261815.sys [58120 2018-02-15] (Microsoft Corporation)
S1 MpKslf057cbe1; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKslf057cbe1.sys [58120 2018-02-15] () [File not signed]
S1 MpKslfd798fe3; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32FD944C-5E2D-4B4B-B4D4-0F96C802932E}\MpKslfd798fe3.sys [58120 2018-02-15] () [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-13] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5086464 2016-04-06] (Realtek Semiconductor Corporation )
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-11] (Razer, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [35520 2012-12-21] (The OpenVPN Project)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-28] (Oracle Corporation)
S3 cpuz136; \??\C:\Users\Henry\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S3 cpuz137; \??\C:\Users\Henry\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== ATTENTION
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 speccy; \??\C:\Users\Henry\AppData\Local\Temp\82908e85-00bf-493f-9411-22d41d3ca77d [X] <==== ATTENTION
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-17 15:31 - 2018-02-17 15:32 - 000000000 ____D C:\FRST
2018-02-15 20:22 - 2018-02-15 20:22 - 000026148 _____ C:\Users\Henry\Desktop\cc_20180215_202159.reg
2018-02-15 19:43 - 2018-02-15 19:43 - 000273544 _____ C:\Windows\Minidump\021518-42572-01.dmp
2018-02-15 19:42 - 2018-02-15 19:42 - 000003544 ____N C:\bootsqm.dat
2018-02-15 16:23 - 2018-02-15 16:23 - 000000000 __SHD C:\found.001
2018-02-15 15:23 - 2018-02-17 15:22 - 000518938 _____ C:\Windows\ntbtlog.txt
2018-02-15 15:06 - 2018-02-15 15:06 - 000525582 _____ C:\Users\Henry\Desktop\cc_20180215_150611.reg
2018-02-15 15:03 - 2018-02-15 15:03 - 000000000 _____ C:\Users\Henry\AppData\Local\{E7F6461F-E30E-4766-86D8-23F6DEC7BA4C}
2018-02-15 04:47 - 2018-02-15 04:48 - 000000000 ____D C:\Windows\rescache
2018-02-14 12:32 - 2018-02-10 19:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 12:32 - 2018-02-10 19:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 12:32 - 2018-02-10 08:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 12:32 - 2018-02-10 07:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 12:32 - 2018-02-10 07:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 12:32 - 2018-02-10 07:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 12:32 - 2018-02-10 07:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 12:32 - 2018-02-10 07:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 12:32 - 2018-02-10 07:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 12:32 - 2018-02-10 06:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 12:32 - 2018-02-10 06:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 12:32 - 2018-02-10 06:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 12:32 - 2018-02-10 06:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 12:32 - 2018-02-10 06:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 12:32 - 2018-02-10 06:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 12:32 - 2018-02-10 05:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 12:32 - 2018-02-10 05:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 12:32 - 2018-02-10 05:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 12:32 - 2018-02-10 05:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 12:32 - 2018-02-10 05:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 12:32 - 2018-02-10 05:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 12:32 - 2018-02-10 05:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 12:32 - 2018-02-10 05:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 12:32 - 2018-02-10 05:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 12:32 - 2018-02-10 05:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 12:32 - 2018-02-10 05:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 12:32 - 2018-01-12 16:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 12:32 - 2018-01-12 16:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 12:32 - 2018-01-12 16:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 12:32 - 2018-01-12 16:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 12:32 - 2018-01-12 16:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 12:32 - 2018-01-12 16:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 12:32 - 2018-01-12 16:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 12:32 - 2018-01-12 16:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 12:32 - 2018-01-12 16:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 12:32 - 2018-01-12 16:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 12:32 - 2018-01-12 16:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 12:32 - 2018-01-12 16:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 12:32 - 2018-01-12 16:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 12:32 - 2018-01-12 16:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 12:32 - 2018-01-12 16:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 12:32 - 2018-01-12 16:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 12:32 - 2018-01-12 16:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 12:32 - 2018-01-12 16:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 12:32 - 2018-01-12 16:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 12:32 - 2018-01-12 16:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 12:32 - 2018-01-12 16:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 12:32 - 2018-01-12 16:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 12:32 - 2018-01-12 16:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 12:32 - 2018-01-12 16:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 12:32 - 2018-01-12 16:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 12:32 - 2018-01-12 16:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 12:32 - 2018-01-12 16:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 12:32 - 2018-01-12 16:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 12:32 - 2018-01-11 16:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 12:32 - 2018-01-11 16:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 12:32 - 2018-01-11 16:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 12:32 - 2018-01-05 16:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 12:32 - 2018-01-05 16:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 12:32 - 2018-01-05 16:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 12:32 - 2018-01-05 16:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 12:32 - 2018-01-05 16:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 12:32 - 2017-12-05 17:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 12:32 - 2017-12-05 17:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 12:32 - 2017-12-05 17:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 12:32 - 2017-12-05 17:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 12:32 - 2017-12-05 17:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 12:32 - 2017-12-05 16:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 12:31 - 2018-02-10 07:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 12:31 - 2018-02-10 07:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 12:31 - 2018-02-10 07:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 12:31 - 2018-02-10 07:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 12:31 - 2018-02-10 07:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 12:31 - 2018-02-10 07:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 12:31 - 2018-02-10 07:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 12:31 - 2018-02-10 07:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 12:31 - 2018-02-10 07:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 12:31 - 2018-02-10 07:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 12:31 - 2018-02-10 07:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 12:31 - 2018-02-10 06:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 12:31 - 2018-02-10 06:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 12:31 - 2018-02-10 06:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 12:31 - 2018-02-10 06:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 12:31 - 2018-02-10 06:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 12:31 - 2018-02-10 06:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 12:31 - 2018-02-10 06:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 12:31 - 2018-02-10 06:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 12:31 - 2018-02-10 06:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 12:31 - 2018-02-10 06:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 12:31 - 2018-02-10 06:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 12:31 - 2018-02-10 06:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 12:31 - 2018-02-10 06:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 12:31 - 2018-02-10 05:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 12:31 - 2018-02-10 05:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 12:31 - 2018-02-10 05:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 12:31 - 2018-02-10 05:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 12:31 - 2018-02-10 05:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 12:31 - 2018-02-10 05:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 12:31 - 2018-02-10 05:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 12:31 - 2018-02-10 05:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 12:31 - 2018-02-10 05:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 12:31 - 2018-02-10 05:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 12:31 - 2018-02-10 05:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 12:31 - 2018-02-10 05:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 12:31 - 2018-02-10 05:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 12:31 - 2018-02-10 05:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 12:31 - 2018-02-10 05:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 12:31 - 2018-02-10 05:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 12:31 - 2018-02-10 05:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 12:31 - 2018-02-10 05:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 12:31 - 2018-01-21 23:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 12:31 - 2018-01-21 23:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 12:31 - 2018-01-19 14:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 12:31 - 2018-01-19 14:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 12:31 - 2018-01-19 14:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 12:31 - 2018-01-19 14:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 12:31 - 2018-01-19 14:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 12:31 - 2018-01-19 14:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 12:31 - 2018-01-19 14:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 12:31 - 2018-01-19 14:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 16:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 12:31 - 2018-01-12 16:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 12:31 - 2018-01-12 16:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 12:31 - 2018-01-12 16:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 12:31 - 2018-01-12 16:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 12:31 - 2018-01-12 16:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 12:31 - 2018-01-12 15:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 12:31 - 2018-01-12 15:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 12:31 - 2018-01-12 15:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 12:31 - 2018-01-12 15:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 12:31 - 2018-01-12 15:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 12:31 - 2018-01-12 15:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 15:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 15:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 12:31 - 2018-01-12 15:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 12:31 - 2018-01-05 16:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 12:31 - 2018-01-05 16:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 12:31 - 2018-01-05 16:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 12:31 - 2018-01-05 16:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 12:31 - 2018-01-05 16:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 12:31 - 2018-01-05 16:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 12:31 - 2018-01-05 15:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 12:31 - 2017-12-05 17:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 12:31 - 2017-12-05 17:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 12:31 - 2017-12-05 17:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 12:31 - 2017-12-05 17:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 12:31 - 2017-12-05 17:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 12:31 - 2017-12-05 17:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-13 21:25 - 2018-02-13 01:23 - 000000238 ___SH C:\Users\Public\Libraries.ini
2018-02-13 21:03 - 2018-02-13 21:03 - 000000000 ____D C:\Users\Henry\AppData\Local\FortniteGame
2018-02-11 17:17 - 2018-02-11 17:40 - 000000000 ____D C:\ProgramData\Epic
2018-02-11 17:17 - 2018-02-11 17:17 - 000000909 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-02-11 17:17 - 2018-02-11 17:17 - 000000909 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-02-11 17:17 - 2018-02-11 17:17 - 000000000 ____D C:\Users\Henry\AppData\Local\UnrealEngineLauncher
2018-02-11 17:17 - 2018-02-11 17:17 - 000000000 ____D C:\Users\Henry\AppData\Local\EpicGamesLauncher
2018-02-09 00:17 - 2018-02-09 00:17 - 000000000 ____D C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-04 17:05 - 2018-02-09 01:18 - 000000000 ____D C:\Users\Henry\AppData\LocalLow\Mozilla
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-17 15:20 - 2009-07-14 04:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-17 15:20 - 2009-07-14 04:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-17 15:14 - 2015-06-20 12:29 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000UA.job
2018-02-17 15:09 - 2009-07-14 05:13 - 000007122 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-17 15:05 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-17 14:47 - 2017-03-04 09:48 - 000000000 ____D C:\Users\Henry\AppData\Local\LogMeIn Hamachi
2018-02-15 19:43 - 2013-08-04 22:47 - 000000000 ____D C:\Windows\Minidump
2018-02-15 15:46 - 2017-04-02 03:22 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-02-15 15:44 - 2013-08-04 15:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-15 15:26 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2018-02-15 15:08 - 2009-07-14 05:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-02-15 15:05 - 2016-04-29 11:29 - 000000000 ____D C:\Users\Henry\AppData\Roaming\uTorrent
2018-02-15 15:05 - 2013-08-29 10:42 - 000000000 ____D C:\Users\Henry\AppData\Local\CrashDumps
2018-02-15 04:40 - 2014-04-30 18:35 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000UA.job
2018-02-15 03:22 - 2009-07-14 04:45 - 000453688 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-15 03:20 - 2014-12-11 16:32 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-15 03:05 - 2013-09-26 20:58 - 000000000 ____D C:\Windows\system32\MRT
2018-02-15 03:03 - 2017-10-11 02:03 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-15 03:03 - 2013-09-26 20:58 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-15 02:52 - 2013-08-14 21:12 - 000000000 ____D C:\Users\Henry\AppData\Roaming\Spotify
2018-02-15 02:00 - 2013-08-15 10:16 - 000000000 ____D C:\Users\Henry\AppData\Local\Adobe
2018-02-15 01:53 - 2013-08-04 16:34 - 000000388 _____ C:\Windows\Tasks\update-S-1-5-21-3050935602-3282754538-1966401586-1000.job
2018-02-15 01:18 - 2013-08-04 16:34 - 000000388 _____ C:\Windows\Tasks\update-sys.job
2018-02-14 20:14 - 2015-06-20 12:29 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000Core.job
2018-02-14 19:40 - 2014-04-30 18:35 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000Core.job
2018-02-14 18:52 - 2016-12-23 01:46 - 000000000 ____D C:\Users\Henry\AppData\Roaming\discord
2018-02-14 16:10 - 2014-03-07 20:55 - 000002455 _____ C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2018-02-14 16:09 - 2013-08-14 21:12 - 000000000 ____D C:\Users\Henry\AppData\Local\Spotify
2018-02-14 05:06 - 2014-03-15 23:30 - 000000000 ____D C:\Users\Henry\.VirtualBox
2018-02-14 01:37 - 2013-04-08 21:05 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-13 21:03 - 2017-04-02 02:52 - 000000000 ____D C:\Users\Henry\AppData\Local\UnrealEngine
2018-02-11 17:40 - 2014-05-26 12:28 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-09 00:17 - 2015-02-22 01:19 - 000000000 ____D C:\Users\Henry\AppData\Roaming\Dropbox
2018-02-07 09:46 - 2014-02-25 19:41 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 09:46 - 2014-02-25 19:41 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 09:46 - 2014-02-25 19:41 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 09:46 - 2013-08-09 21:26 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 09:46 - 2013-08-09 21:26 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-07 03:34 - 2014-02-19 20:15 - 000000000 ____D C:\Windows\pss
2018-01-31 05:05 - 2013-12-11 20:26 - 000000000 ____D C:\Users\Henry\AppData\Roaming\vlc
2018-01-23 18:58 - 2010-11-21 03:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-18 01:24 - 2016-12-23 01:46 - 000002164 _____ C:\Users\Henry\Desktop\Discord.lnk
2018-01-18 01:24 - 2016-12-23 01:45 - 000000000 ____D C:\Users\Henry\AppData\Local\Discord
 
==================== Files in the root of some directories =======
 
2013-09-04 17:43 - 2016-03-20 22:30 - 000000132 _____ () C:\Users\Henry\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-12-22 00:20 - 2016-12-22 00:20 - 000140288 _____ () C:\Users\Henry\AppData\Roaming\Installer.dat
2016-03-23 10:41 - 2016-03-23 10:41 - 000001456 _____ () C:\Users\Henry\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-25 23:07 - 2013-12-09 16:56 - 000005120 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-30 01:27 - 2015-07-05 00:03 - 000000600 _____ () C:\Users\Henry\AppData\Local\PUTTY.RND
2013-12-30 02:25 - 2017-10-03 00:47 - 000007607 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2013-08-04 16:34 - 2013-08-04 16:34 - 000000003 _____ () C:\Users\Henry\AppData\Local\updater.log
2013-08-04 16:34 - 2017-05-07 00:47 - 000000425 _____ () C:\Users\Henry\AppData\Local\UserProducts.xml
2015-10-09 20:46 - 2015-10-09 20:46 - 000000000 _____ () C:\Users\Henry\AppData\Local\{3B5DA415-2CA8-479E-99AC-FC3E95467566}
2018-02-15 15:03 - 2018-02-15 15:03 - 000000000 _____ () C:\Users\Henry\AppData\Local\{E7F6461F-E30E-4766-86D8-23F6DEC7BA4C}
 
Some files in TEMP:
====================
2018-02-17 14:47 - 2018-02-17 14:47 - 001457664 _____ (CPUID) C:\Users\Henry\AppData\Local\Temp\speccycpuid.dll
2018-02-15 15:11 - 2012-02-13 20:41 - 000314784 _____ () C:\Users\Henry\AppData\Local\Temp\Uninstaller-2540.exe
2018-02-15 15:11 - 2012-02-13 20:41 - 000314784 _____ () C:\Users\Henry\AppData\Local\Temp\Uninstaller-2756.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-07 06:26
 

 

==================== End of FRST.txt ============================
 
Addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Henry (17-02-2018 15:32:30)
Running from D:\Kali
Windows 7 Home Premium Service Pack 1 (X64) (2013-04-08 21:00:27)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3050935602-3282754538-1966401586-500 - Administrator - Disabled)
fbwuser (S-1-5-21-3050935602-3282754538-1966401586-1011 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-3050935602-3282754538-1966401586-501 - Limited - Disabled)
Henry (S-1-5-21-3050935602-3282754538-1966401586-1000 - Administrator - Enabled) => C:\Users\Henry
HomeGroupUser$ (S-1-5-21-3050935602-3282754538-1966401586-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Discount Search (HKLM-x32\...\{BC77935F-24FC-492F-914F-2BD8CDC277B9}) (Version: 1.0.0 - Amazon Discount Search)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BBC iPlayer Downloads (HKLM-x32\...\{D4DBE0A6-4984-4A1C-8911-388BC9AB533B}) (Version: 1.13.1 - BBC)
Bitcoin (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
calibre 64bit (HKLM\...\{6AD98955-017B-4E0A-A0F6-2619E83B4A24}) (Version: 2.43.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{5181A89F-09DD-E67D-46F8-C49E025FBFD2}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{37312517-1DD8-48E3-DC08-789E901A9020}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{31ACE608-9780-2E6C-A657-D4738BBE7DAD}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{D7888ADE-31D6-A417-8321-04CCF570BA35}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{A2D7A75C-02A6-FC84-967D-B9894393971E}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{8D97FC65-8356-E742-D0F0-72B1FF8743D5}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{68A252A3-6775-0955-452F-10F6C2DA6111}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{ABAD4EB3-DF39-E1EF-BF30-B4E62E8F6A66}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{9F12D721-8755-C3F7-25CD-DC3E7D72CDF4}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E56983F1-03EF-85BC-86CA-2E5A6A6FD4FE}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{43EA9A21-C95E-6DF9-9892-9283B2CFAF89}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{49D2F54E-D0A0-A447-B9D0-7A479D12A106}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{FC4539F0-4063-5F68-0EB0-6B0FAD3A438B}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{2F05B3F3-9195-573C-6D8A-A978AFBDB1D6}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{7720E621-9FA2-505C-6E6D-A81A245659A6}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{E14554F1-13B4-BF54-1A1C-1A5D3BBD187E}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{AF7D189E-B7D5-DA70-3B76-74011BD2C72C}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{8628C260-8FE6-3A83-723C-3B980B57F2D2}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BD750833-856E-0F37-DFEA-FC35B76C699C}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E9AE0D04-4F2D-901B-DA30-B8CC43270E89}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{F315CF1D-1B8F-7BE3-7EBB-E236D07E7E97}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CCGLauncher version 0.0.0.7 (HKLM-x32\...\{78D51CE5-799C-4FCA-9635-6F61E19EA5E3}_is1) (Version: 0.0.0.7 - Custom Combat Gaming)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.83 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.83 - CPUID, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.5.1 - oldsch00l)
Discord (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
Dropbox (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
EasyVPN 1.0.0.1 (HKLM-x32\...\EasyVPN 1.0.0.1) (Version: 1.0.0.1 - SecretsLine)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
f.lux (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Flux) (Version:  - f.lux Software LLC)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlashBack Pro 5 (HKLM-x32\...\FlashBack Pro 5) (Version: 5.25.0.4229 - Blueberry Software (UK) Ltd.)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Geekbench 3 (HKLM-x32\...\Geekbench 3) (Version:  - Primate Labs Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Google Chrome SxS) (Version: 66.0.3347.0 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HexChat (x64) (HKLM\...\HexChat (x64)_is1) (Version: 2.9.6 - HexChat)
IceChat 7.70 (Build 20101031) (HKLM-x32\...\IceChat_is1) (Version: 7.70 - IceChat Networks)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{2F5D7825-7460-43B1-B467-7F9737557108}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Litecoin (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Litecoin) (Version: 0.8.6.2 - Litecoin project)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Microsoft .NET Compact Framework 2.0 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5239 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Ncrack 0.2ALPHA (HKLM-x32\...\Ncrack) (Version:  - )
Nmap 5.51 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Oracle VM VirtualBox 5.1.22 (HKLM\...\{8D5E4D4D-5E0C-4448-B018-5DDEF1E208D9}) (Version: 5.1.22 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{030F4BB3-F3C3-4A74-905C-44672D1ECB76}) (Version: 0.47.284 - Overwolf)
Palringo (HKLM-x32\...\Palringo) (Version:  - Palringo Limited)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.0.9 - Pinger Inc.) Hidden
Pinger (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Pinger 1.1.0.9) (Version: 1.1.0.9 - Pinger Inc.)
PlanetSide 2 (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
PremiumSoft Navicat Premium 11.0 (HKLM-x32\...\PremiumSoft Navicat Premium_is1) (Version: 11.0.7 - PremiumSoft CyberTech Ltd.)
Python 2.7 (64-bit) (HKLM\...\{20c31435-2a0a-4580-be8b-ac06fc243ca5}) (Version: 2.7.150 - Python Software Foundation)
Python 3.4.1 (HKLM-x32\...\{DF32BB9E-3ED8-36B5-A649-E8C845C5F3A2}) (Version: 3.4.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.2-1.0.11364.75 - raidcall.com)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0285 - REALTEK Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Serato DJ  (HKLM-x32\...\{B3747D9F-437E-4770-8EFC-09A665FBCAED}) (Version: 1.9.5.1695 - Serato) Hidden
Serato DJ  (HKLM-x32\...\{e056a9a5-9111-42d9-a614-40a8360c685b}) (Version: 1.9.5.1695 - )
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\Spotify) (Version: 1.0.73.345.g6c9971ef - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text 2.0.1 (HKLM-x32\...\Sublime Text 2_is1) (Version:  - )
TeamSpeak 3 Client (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Matrix Trilogy Screensaver (HKLM-x32\...\The Matrix Trilogy Screensaver) (Version: 0.60 - Jan Ringoš)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.6.0 - Tweaking.com)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Unity Web Player (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WhoCrashed 4.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version:  - )
XSplit (HKLM-x32\...\{DAA18A0D-A57C-4611-B135-46EA06990E7D}) (Version: 1.2.1303.0101 - SplitMediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Henry\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Henry\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll [2013-08-06] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll [2013-08-06] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-02-10] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll [2013-08-06] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll [2013-08-06] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3050935602-3282754538-1966401586-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3050935602-3282754538-1966401586-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3050935602-3282754538-1966401586-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Henry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00379434-69C5-40F6-AA63-E49E2371C2E2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {0651046B-A934-4C22-9C5D-A4ED253C2198} - System32\Tasks\{CA029024-8A94-4E7C-8D4E-5700139116E2} => C:\Windows\system32\pcalua.exe -a D:\InstallIW4M.exe -d D:\
Task: {075B5910-5C56-4EC6-8F55-6AF915B2FDFF} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {0AF9BDF3-B16A-4AE2-B7BA-1D9A0EAEE8E5} - System32\Tasks\{4A0387B3-D6B8-4C06-A1A4-12343A04932B} => C:\Windows\system32\pcalua.exe -a C:\Users\Henry\Downloads\vcs_web.exe -d C:\Users\Henry\Downloads
Task: {0FB6AC24-EA38-4A5E-BC1E-B9F080F91979} - System32\Tasks\{3A9C6635-86E7-4820-96D0-A91BC1B810E3} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.0.0.100/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {12E80FB6-4661-4F0A-A62E-6B0D29F25184} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {1B59A36D-F1CB-48F3-955E-7FE0D52F5D7C} - System32\Tasks\AdobeAAMUpdater-1.0-Henry-PC-Henry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {37EE3679-B00B-4434-9D16-4AE5CCCF60EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {417CBAE9-C5AA-4E2D-9620-3D0FF254D46C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000UA => C:\Users\Henry\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {4646D12A-B358-4D5C-969F-0D2A9B4C18B0} - System32\Tasks\{730B00DA-0EDC-455B-BFD9-A4C745CE319E} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.18.0.105/en/go/help.faq.installer?LastError=1603
Task: {5AC76455-583F-4A90-81C3-A976FAB25D9C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000Core => C:\Users\Henry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-19] (Dropbox, Inc.)
Task: {5B4129CF-AA31-448C-9C6C-8018D60816D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {69578674-C3CB-40E4-A76E-F397611ABF58} - System32\Tasks\update-S-1-5-21-3050935602-3282754538-1966401586-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {6D21BC02-EE71-480B-A359-7D6118ECE929} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {6D6DF03A-10E1-4431-918B-6C0FD8CC5333} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000Core => C:\Users\Henry\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8DEDABE8-18D0-4C38-8659-A9F7FFFAF72A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {94569399-837C-49B1-BA27-C1CA73F735E5} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {9D5F2C41-4B0A-438C-95BE-3602EEC2F479} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000UA => C:\Users\Henry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-19] (Dropbox, Inc.)
Task: {AE0DB5E9-0906-466B-B96A-1438B97D6EBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B5A6A481-FCA0-492E-B457-DBF1C8B113A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B93DCC02-6EF0-45EE-9150-88E4A0C8B97E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000Core => C:\Users\Henry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-30] (Facebook Inc.)
Task: {C6D10EEF-6D91-401F-A25E-D5EFBFD9088D} - System32\Tasks\{B4A98495-E3AF-4959-BD47-B7D024C61D40} => C:\Windows\system32\pcalua.exe -a C:\Users\Henry\Desktop\oooo\TL-WN823N_V1_Utility_140918\Setup.exe -d C:\Users\Henry\Desktop\oooo\TL-WN823N_V1_Utility_140918
Task: {F362000D-D4B4-4B2A-88D6-08F22892B2D8} - System32\Tasks\{8B08E7AF-69FC-498C-B70F-944A466740DC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Henry\Downloads\easy-vpn (1).exe" -d C:\Users\Henry\Downloads
Task: {FBCF2E83-3CFA-4ADB-B1F5-17BCE92D13E8} - System32\Tasks\{BFA159AF-ABD9-4B88-AA62-BFEB1AC6E506} => C:\Windows\system32\pcalua.exe -a "C:\Users\Henry\AppData\Local\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\Henry\Downloads -c "C:\Users\Henry\Downloads\soundboard-0.9.8.4b-win32.ts3_plugin"
Task: {FF518B04-FA41-43CB-82E4-13B2720B231B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000UA => C:\Users\Henry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-30] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000Core.job => C:\Users\Henry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000UA.job => C:\Users\Henry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000Core.job => C:\Users\Henry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3050935602-3282754538-1966401586-1000UA.job => C:\Users\Henry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3050935602-3282754538-1966401586-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-29 10:25 - 2015-03-29 10:25 - 000043480 _____ () D:\Downloads\FileZilla FTP Client\fzshellext_64.dll
2018-02-14 01:37 - 2018-02-13 04:25 - 002918744 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\swiftshader\libglesv2.dll
2018-02-14 01:37 - 2018-02-13 04:25 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7864 more sites.
 
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\...\123simsen.com -> www.123simsen.com
 
There are 7864 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-06-05 02:05 - 2013-08-07 01:26 - 000450636 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15461 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3050935602-3282754538-1966401586-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 192.168.0.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\Windows\pss\OpenVPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Henry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Henry\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: avichannel => "C:\Program Files (x86)\Evaer\videochannel.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: Discord => C:\Users\Henry\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Henry\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: f.lux => "C:\Users\Henry\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: Facebook Update => "C:\Users\Henry\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => C:\Users\Henry\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Lightshot => C:\Users\Henry\AppData\Local\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LOLReplay Recorder => "D:\lolreplay\LOLRecorder.exe" -minimize
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pinger => "C:\Program Files (x86)\Pinger\Pinger.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Henry\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "D:\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8FDF4899-780D-42E5-9454-511C5CBA80D4}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D64373C0-51FC-4B93-A5AF-B88869E36FAE}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D5D0DB48-C192-4E79-B19E-E046836E1874}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B7A7E0C6-F8FF-4C67-9634-43A9BF73C522}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1D9D3AEB-F014-4805-8C77-4DDDCBCC545F}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F7DA625-CCF0-498A-9C1E-BD81E283BD6A}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C945C8F7-8B87-4A97-9DE3-D5748DE96573}D:\torrents\games\mw2\modern warfare 2 aiw pre-final\iw4mp.exe] => (Allow) D:\torrents\games\mw2\modern warfare 2 aiw pre-final\iw4mp.exe
FirewallRules: [UDP Query User{09EE2FD6-A37B-47B6-B157-F2C9DE470EE2}D:\torrents\games\mw2\modern warfare 2 aiw pre-final\iw4mp.exe] => (Allow) D:\torrents\games\mw2\modern warfare 2 aiw pre-final\iw4mp.exe
FirewallRules: [TCP Query User{CA34098C-B523-434F-A96E-BB81F3C90037}D:\torrents\games\mw2\modern warfare 2 aiw pre-final\bootstrap\iw4mp.exe] => (Allow) D:\torrents\games\mw2\modern warfare 2 aiw pre-final\bootstrap\iw4mp.exe
FirewallRules: [UDP Query User{71AEBAD3-5E06-4D8D-B5F9-E7DFC9C88310}D:\torrents\games\mw2\modern warfare 2 aiw pre-final\bootstrap\iw4mp.exe] => (Allow) D:\torrents\games\mw2\modern warfare 2 aiw pre-final\bootstrap\iw4mp.exe
FirewallRules: [TCP Query User{145479D6-3597-4587-B217-2F1D9CD86902}C:\users\henry\appdata\local\iw4m\iw4m.dat] => (Allow) C:\users\henry\appdata\local\iw4m\iw4m.dat
FirewallRules: [UDP Query User{71E45B77-562A-4001-A860-2B8FE6A64D36}C:\users\henry\appdata\local\iw4m\iw4m.dat] => (Allow) C:\users\henry\appdata\local\iw4m\iw4m.dat
FirewallRules: [{749A45FD-0F73-4A6A-965E-738B2793E95A}] => (Allow) D:\Steam\SteamApps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{77D54721-52B5-485C-9C30-2BB0A5987DBD}] => (Allow) D:\Steam\SteamApps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{4F9941E1-AD2A-4F32-BA4B-C4FC99A148DE}] => (Allow) D:\Steam\SteamApps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{86F6433F-89D8-4C22-AB14-0C4475AA5076}] => (Allow) D:\Steam\SteamApps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{5DE07DBB-ABFE-4A3E-986F-9D48431D361C}] => (Allow) D:\Steam\SteamApps\common\Burnout™ Paradise The Ultimate Box\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{C3C8E0A0-07B9-4F73-9697-06C8912A5B68}] => (Allow) D:\Steam\SteamApps\common\Burnout™ Paradise The Ultimate Box\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{9362DE14-A917-4AAB-A95E-CB45FAB310F2}] => (Allow) D:\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{FD64294C-5F18-477E-BFE8-D59F6D6273A6}] => (Allow) D:\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{27EE82FB-70DB-4D3C-BE1A-D5B3E9FD04FE}] => (Allow) D:\Steam\SteamApps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{318392DA-547A-4A9A-AAC9-85FDD82D8643}] => (Allow) D:\Steam\SteamApps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [TCP Query User{50C1DFBC-6D0F-4B19-8356-231C9610EA8F}C:\users\henry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\henry\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ADFFFC26-D7AD-4192-9431-4A30819722D9}C:\users\henry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\henry\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C58E40EE-8CA0-450D-8E70-7313D393A033}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BA7D1DB9-8963-45C3-8232-EE33A5EF130A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{12DFBE2B-B042-4917-ADD2-5AD1ECD8B589}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A4ADD94F-359E-46B2-BBBB-82C6AC618965}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{48A2985B-0160-40E9-A428-F2B9623F0F72}D:\mirc\mirc.exe] => (Allow) D:\mirc\mirc.exe
FirewallRules: [UDP Query User{9A82828F-66D5-4AB5-AFE9-A9C00A53B97C}D:\mirc\mirc.exe] => (Allow) D:\mirc\mirc.exe
FirewallRules: [{18D47D70-7B23-4639-B8C8-2150703B6D49}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1E43ECFA-3F43-4C37-99FF-6F7F0DB3B647}] => (Allow) LPort=2869
FirewallRules: [{440F7DBC-D328-4ED3-A4BA-6B97EE7F0050}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{C6E20790-2F23-4135-A33D-441B76634659}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{2029E540-E832-4C82-A347-9F36CCC96341}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{CA8E26E1-F41B-4253-8184-ED4682820B1B}D:\downloads\planets2\planetside2.exe] => (Allow) D:\downloads\planets2\planetside2.exe
FirewallRules: [UDP Query User{C933FAB9-9F26-4E2F-8B09-A96AE0DD68F0}D:\downloads\planets2\planetside2.exe] => (Allow) D:\downloads\planets2\planetside2.exe
FirewallRules: [TCP Query User{2DEE02D7-E259-4A4F-AFC6-0583E32AD7B1}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{4CC1C07F-5ECA-4707-A90C-33559BDA1388}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{C7596C0E-F62E-4952-A490-9109433C8A98}D:\omnicoin\omnicoin\omnicoin-qt.exe] => (Allow) D:\omnicoin\omnicoin\omnicoin-qt.exe
FirewallRules: [UDP Query User{DCEB8925-5E5E-43D2-9521-BD82A04F951F}D:\omnicoin\omnicoin\omnicoin-qt.exe] => (Allow) D:\omnicoin\omnicoin\omnicoin-qt.exe
FirewallRules: [{F0F4A651-641B-4FD1-A5DB-C066E5F520CD}] => (Allow) D:\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{D35D1D0B-52F6-45CB-99A3-B3D566EA5C51}] => (Allow) D:\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{CD79976F-A225-4A03-A9EA-5FD14E844594}] => (Allow) LPort=8317
FirewallRules: [{F3582E34-7568-4DC2-897C-513FAE3E912C}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{068539F1-BDFD-45BB-A09C-989A186D51DF}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{93553F54-4C38-4553-BC56-EF2E6F1000BB}] => (Allow) D:\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{761FB2BE-1B06-4662-AA67-BC2DEFF42CC9}] => (Allow) D:\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{EA925980-5955-498E-A5F3-75B8CBF27514}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{5252E48A-B3A0-485D-BB04-E0A73007AFE0}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [TCP Query User{4055A801-4822-4243-AF5C-B029E2A6AC21}C:\users\henry\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\henry\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{21A18EBA-A71F-4A32-966A-A436B7168978}C:\users\henry\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\henry\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{B7A9E41F-BC65-45DF-8B66-42E2CBA0DF1A}C:\users\henry\downloads\listen.exe] => (Allow) C:\users\henry\downloads\listen.exe
FirewallRules: [UDP Query User{FDB06F15-44CD-4F18-B932-F7648D546925}C:\users\henry\downloads\listen.exe] => (Allow) C:\users\henry\downloads\listen.exe
FirewallRules: [{3211472F-5A5C-4473-A359-05B11C6241FF}] => (Block) C:\users\henry\downloads\listen.exe
FirewallRules: [{EDFEF44B-C9FD-4B37-8A98-C1DE41C12860}] => (Block) C:\users\henry\downloads\listen.exe
FirewallRules: [{45F272A8-45CB-4B27-BB5C-2DFF61FA897A}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F78C7C3E-5B47-4A31-8AC9-DEF9AB867284}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{75BFD411-FD93-4E3C-849A-2D36E166D7D2}C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{34042579-798E-490A-9FEC-1EFC2F9733B4}C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{1D008672-CF02-40E3-B50A-4F8889324672}C:\users\henry\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\henry\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D3F08AB5-F653-42C3-AA9E-3808F4CCC99B}C:\users\henry\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\henry\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BD5B50CF-D74F-4ADB-8FA1-0750B651E4D0}C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe] => (Allow) C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe
FirewallRules: [UDP Query User{5A5B98E3-5C8C-4F02-B772-B9ADE83A1478}C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe] => (Allow) C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe
FirewallRules: [{4109576A-48CC-46E5-B6AF-2DD76FEDEC43}] => (Block) LPort=32535
FirewallRules: [{C474F055-8CB5-4675-A021-173E48F0E616}] => (Block) LPort=32535
FirewallRules: [{5E77FF37-A3FD-4077-AB07-597E10DC4176}] => (Block) LPort=40031
FirewallRules: [{F6C296B9-A22D-420F-A043-6BA4A8357F03}] => (Block) LPort=40031
FirewallRules: [{C9077CF9-7815-4C11-BF2C-610EEDBA5D74}] => (Block) LPort=32535
FirewallRules: [{9671D6B5-BCE1-4C19-8B7C-47DDE4F22336}] => (Block) LPort=32535
FirewallRules: [{72DEF053-E901-4629-BF5E-287815E61CA7}] => (Block) LPort=40031
FirewallRules: [{7385BE23-C404-4112-9F8B-E70CD3D942CE}] => (Block) LPort=40031
FirewallRules: [TCP Query User{6905CDA4-9A64-4EF2-856C-5FE2039375B5}C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{2A3E7D7E-B050-432E-AEBD-489BB8A314FF}C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\henry\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{D531CBA3-1FE4-4594-B267-C049B99B7980}] => (Allow) C:\Users\Henry\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{ABCA6EE0-64E1-49A7-BF2C-2061B499FBB1}] => (Allow) C:\Users\Henry\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E6C7481A-149B-43A3-AF81-F49D46988009}] => (Allow) D:\Games\hearthstone\Battle.net\Battle.net.exe
FirewallRules: [{7843FF2A-CBB3-49E4-ADA6-13016FA82B6D}] => (Allow) D:\Games\hearthstone\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{C36E1C13-E136-4E8A-9F13-0ECE07F5302B}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [UDP Query User{A58A6476-0573-444E-A6CF-6DC7C6CB7A69}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [TCP Query User{1A382962-B208-479D-B0CE-9FFFECC5F4F4}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe
FirewallRules: [UDP Query User{F6A80950-3F07-4339-9379-89170F6E6C13}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe
FirewallRules: [TCP Query User{2CBADF5F-5904-483D-A2DB-7EA11325EE29}D:\mirc\mirc.exe] => (Block) D:\mirc\mirc.exe
FirewallRules: [UDP Query User{B66FAA21-E244-4891-837C-E53DE604B603}D:\mirc\mirc.exe] => (Block) D:\mirc\mirc.exe
FirewallRules: [TCP Query User{CA7705CD-DFAA-4BD2-AAFF-54C0BAC2E46C}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{617FCB4D-4033-4B20-AD8D-C51B1DBDDBA5}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{848B72CD-F527-4845-8D71-7B765FC6622F}C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe] => (Allow) C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe
FirewallRules: [UDP Query User{7F2F6BB8-D60E-472F-A5ED-D59996965CA9}C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe] => (Allow) C:\users\henry\desktop\omnicoin wallet\omnicoin-qt.exe
FirewallRules: [{9E94C3A4-6466-44D9-BED6-E2164C8DC29E}] => (Allow) D:\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{0EEF7562-27D3-45A1-A0C3-BC5C9FAE6448}] => (Allow) D:\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{D2CCE4D2-1727-4075-AEA3-2F972A73AD0A}] => (Allow) D:\Steam\SteamApps\common\Edge of Space\launcher.exe
FirewallRules: [{ECF92D7C-2748-4965-A7B7-2551186232C9}] => (Allow) D:\Steam\SteamApps\common\Edge of Space\launcher.exe
FirewallRules: [{C3FEDA10-70C8-4521-8BCF-C30EC0934507}] => (Allow) C:\Users\Henry\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{DBB0AB7E-F612-47B4-BDF6-93FEC9F22713}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{409BECC7-A485-4382-A3C1-3F5D9AD004C6}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{000FCE9F-1049-4243-86E9-F07100774EDC}] => (Allow) D:\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{D8E67B5A-F094-4C64-A498-F06916F07E09}] => (Allow) D:\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{97FADE57-EABE-43DC-AB68-33D47E5920F0}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{05CC981D-B551-4450-A477-2C50E02D532F}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{3EF8175E-41E9-42EA-9276-8B4FCC5DCE30}] => (Allow) C:\Users\Henry\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{599B6DB7-BD93-4F3C-8EB3-E76389D94EA5}] => (Allow) C:\Users\Henry\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5792EA9F-955D-42E4-9BA2-F24E98C09993}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{EFE2D7E9-4F11-42C5-8D5C-0D3F67D5D0EC}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [{A14E8BBC-F8DC-4030-8AD1-85912630C5E9}] => (Allow) D:\Steam\SteamApps\common\Yet Another Zombie Defense\YetAnotherZombieDefense.exe
FirewallRules: [{AF1E5E08-62DB-404D-B2C6-C4E1977CB707}] => (Allow) D:\Steam\SteamApps\common\Yet Another Zombie Defense\YetAnotherZombieDefense.exe
FirewallRules: [{2ADAC917-DB3F-4996-90FE-50EDC3825C5E}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{24012CB1-2613-4CBE-9922-902C407201BA}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{FB1693ED-09A9-446E-9367-A9200BD5A946}D:\newdownloads\omnicoin\omnicoin-qt_windows_x86_64\omnicoin-qt.exe] => (Allow) D:\newdownloads\omnicoin\omnicoin-qt_windows_x86_64\omnicoin-qt.exe
FirewallRules: [UDP Query User{B1B4A401-AF73-4AA1-8159-858EFA0597C4}D:\newdownloads\omnicoin\omnicoin-qt_windows_x86_64\omnicoin-qt.exe] => (Allow) D:\newdownloads\omnicoin\omnicoin-qt_windows_x86_64\omnicoin-qt.exe
FirewallRules: [{0FEEE38B-BDF6-4E42-AC37-EE63D9805119}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{13F28B69-B244-4F03-9BB5-6E0DA7D95DF1}] => (Allow) D:\Steam\SteamApps\common\Squishy\bin\squishy.exe
FirewallRules: [{7C295F63-3AB8-4A3F-93D7-CF63061C75BC}] => (Allow) D:\Steam\SteamApps\common\Squishy\bin\squishy.exe
FirewallRules: [{1AE0FF2A-BAD6-4BC1-84EA-68CEC5978CCE}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3FA3171-2C5A-4CC2-8AA5-0B57528AD265}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{056AECFC-47B5-42EC-BCAF-B35055500D87}D:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe] => (Allow) D:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe
FirewallRules: [UDP Query User{5D79BDFF-A9E3-40F5-A3C4-19653B053AE6}D:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe] => (Allow) D:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe
FirewallRules: [{5459E176-48E1-4E91-B422-79CA9C931BCB}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{AD329598-85BA-4902-8064-88C0FA58D739}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{4EF1A23F-C166-4240-94F5-DF35D7618080}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A9C77AC6-6897-4B36-8ADC-EEF0869C9F1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B435CC08-0553-4C07-A660-C8518F785C0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F472B243-8868-4F6A-B84F-AF8557CD860C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EA36B0E3-4B3D-4EAD-82E7-A63AFB1B9AC0}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{99FF6AFE-9784-4271-9AA5-4ED480DF74AF}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BB18D004-467A-44DD-9B2C-A18D52D43B88}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{482CE000-2C18-4146-BD81-E23CBD6FC464}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC0E03A7-366E-4514-982E-72EA65073E91}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBDC6090-3B38-4B65-9783-D4FDAD17C551}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{3A00C583-583B-4C90-9737-2EE22FE0B5B9}C:\users\henry\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\henry\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{777FE3CD-6003-4250-B1A1-9409E03806E0}C:\users\henry\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\henry\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E93BC69B-E31A-4AD6-A335-BB5BE882A5AB}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{34F5C037-636C-43F3-8A2C-2022D0998BE6}] => (Allow) C:\Users\Henry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C9481186-0320-4BDD-B661-76F33AD047F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7593A878-EFC2-48D9-8847-8B096D53D09E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{DC99B629-6B24-4CAE-8A28-6A111A96CD00}] => (Allow) C:\Users\Henry\AppData\Local\Google\Chrome SxS\Application\chrome.exe
FirewallRules: [TCP Query User{E7E99023-7FEF-42B6-842D-7F3A07024394}C:\users\henry\desktop\pokemanz\console\necrobot2.exe] => (Allow) C:\users\henry\desktop\pokemanz\console\necrobot2.exe
FirewallRules: [UDP Query User{4DAFBE7F-5612-4384-85E5-DA600E4BAE75}C:\users\henry\desktop\pokemanz\console\necrobot2.exe] => (Allow) C:\users\henry\desktop\pokemanz\console\necrobot2.exe
FirewallRules: [{2028122D-17B7-4190-B501-A8CF51009086}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{6A53AE9A-3DA6-42E8-B095-10DD1115BC7A}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{11DF1919-A458-4ADD-9F28-19355F8AF178}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4C7C73DA-982B-4EB1-B7C5-061C6E55EF0C}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{2C766D46-8842-4725-B0B4-7BF7235F460E}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{3964C5D8-C02B-4749-9D11-21FA1BADA375}D:\downloads\serato\music\chilla\processing\processing-3.3\java\bin\java.exe] => (Allow) D:\downloads\serato\music\chilla\processing\processing-3.3\java\bin\java.exe
FirewallRules: [UDP Query User{4D267D61-11A4-4472-9E1F-548EB4064A6F}D:\downloads\serato\music\chilla\processing\processing-3.3\java\bin\java.exe] => (Allow) D:\downloads\serato\music\chilla\processing\processing-3.3\java\bin\java.exe
FirewallRules: [TCP Query User{07BF5367-8D6D-47A0-82CA-A4360B754F1C}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{48DC62F2-B4C7-4D56-8170-C227D48EF31C}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8530AA53-171C-431B-98D9-F0F1F15237E3}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\RtWlan.exe
FirewallRules: [{2925701B-986B-4309-98DA-2A495CA7FA8D}] => (Allow) LPort=1542
FirewallRules: [{F4DF5ACD-B4FA-4BD3-B3CB-ABE35E0E20E1}] => (Allow) LPort=1542
FirewallRules: [{84C7E691-8FCF-4A84-95D3-AC891632C9D0}] => (Allow) LPort=53
FirewallRules: [{C3745AA4-7B07-42CE-B360-A091FB73FD1E}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~1\Rtldhcp.exe
FirewallRules: [{9BF7DB5D-7727-45A7-BC59-998FF7BDE11D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{50C947E5-278A-43AC-921F-87E5A6E02B4D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{DD31D78F-5156-4FC5-AE3D-71DFF6A2193C}] => (Allow) LPort=53
FirewallRules: [{16AFD134-2A32-4E24-A04E-EED141BA0E51}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{8462EA87-C823-4448-A566-B81ABE00BE8C}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{CAC83B82-18AC-49AC-B23B-E119B99C4933}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{538388DF-6707-4642-97C0-5F8A4587F7EA}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{B609BAD7-3DB5-42AB-971A-89D04141B6F0}] => (Allow) D:\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5A6106BC-1A17-436A-9545-3B7C94AFEFCA}] => (Allow) D:\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{1435FD11-17BD-49BB-B7CF-445BF8F36178}D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3C9E9BEA-4C83-4713-8364-670D7A2FB4B2}D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{407721EE-0EDB-4AF2-8965-E67373A35BAF}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{CD24B25A-C3C2-4354-9F6F-8A90EB7C3356}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{B6596337-CB94-4762-949F-0103A23172DC}D:\fortnite\new\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\new\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{5D1DCB53-604B-4A18-B69C-637F7BF6ABD7}D:\fortnite\new\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\new\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{E1577B8C-A327-4A21-B9D4-143C0DA74014}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: AMDA00 Interface
Description: AMDA00 Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2018 03:09:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/17/2018 03:09:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/17/2018 03:06:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/17/2018 03:05:39 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/17/2018 03:05:39 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/17/2018 03:05:39 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/17/2018 03:05:39 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (02/17/2018 03:05:38 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (02/17/2018 03:32:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.261.1216.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
Source Path: Default URL
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14500.5
 
Error code: 0x8007043c
 
Error description: This service cannot be started in Safe Mode
 
Error: (02/17/2018 03:32:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (02/17/2018 03:32:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/17/2018 03:32:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/17/2018 03:32:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/17/2018 03:31:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/17/2018 03:31:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/17/2018 03:31:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
Windows Defender:
===================================
Date: 2013-08-27 01:52:57.857
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Medium
Category:Adware
Path Found:containerfile:D:\BloodlineChampionsInstaller.exe;file:D:\BloodlineChampionsInstaller.exe->(inno#006023)->(nsis-3-OCSetupHlp.dll)
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:
 
Date: 2013-08-26 11:35:19.111
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Medium
Category:Adware
Path Found:containerfile:D:\BloodlineChampionsInstaller.exe;file:D:\BloodlineChampionsInstaller.exe->(inno#006023)->(nsis-3-OCSetupHlp.dll)
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:
 
Date: 2013-08-25 22:35:34.212
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Medium
Category:Adware
Path Found:containerfile:D:\BloodlineChampionsInstaller.exe;file:D:\BloodlineChampionsInstaller.exe->(inno#006023)->(nsis-3-OCSetupHlp.dll);process:pid:7564;process:pid:8060
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:
 
CodeIntegrity:
===================================
 
Date: 2015-08-12 03:51:22.561
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2015-08-12 03:49:09.589
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2015-08-12 03:43:25.881
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2015-08-12 03:42:14.088
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2015-08-11 03:43:41.651
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2015-08-11 03:42:46.634
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2015-08-10 23:40:06.900
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2015-08-10 23:39:42.151
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8131.35 MB
Available physical RAM: 5979.03 MB
Total Virtual: 16260.86 MB
Available Virtual: 14147.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:0.88 GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.51 GB) (Free:238.96 GB) NTFS
 
\\?\Volume{c967a02b-a08e-11e2-934b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: FE628615)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E8D504E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 PM

Posted 17 February 2018 - 01:45 PM

Duplicate. The topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users