Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Shutdown or Reboot from Windows following infection


  • This topic is locked This topic is locked
30 replies to this topic

#1 Mugsy323

Mugsy323

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 08 March 2018 - 03:29 PM

(Argh! After typing a lengthy post, attempting to Preview it before submitting wiped it out!)
 
Last weekend, I got stung by a nasty virus. I believe it has been removed but the damage remains:
 
1) I can not Shutdown/Reboot from Windows. Windows exits and the screen goes black, but the computer never powers off (lights & fans stay on, though my optical mouse goes off.) I must Hard off/restart using the buttons on my PC to complete the process. Everything works fine from Safe Mode and Linux (dual boot Ubuntu from another drive) so this is NOT a hardware or BIOS issue. And Yes, I've checked my Power Profile.
 
2) I use Firefox, so I only just now discovered that attempting to Sign In to the BleepingComputer Forums using Chrome redirects me to the "BestBuy" website, so I think Chrome was compromised too (though Firefox & Internet Explorer seem to be fine.)
 
The virus modified about a dozen Windows Services, but after reviewing the "Event Viewer" error logs, I was able to fix all but two: "Event ID 36887 - Schannel Error 70" & "40". I have no idea what those are, and nothing I've read online was any help, but the EV says those errors predate the infection, so they probably are not related to why I can't Shutdown/Reboot my PC.
 
I ran the System File Checker and it found one error: "C:\Windows\System32\termsrv.dll" was broken and could not be fixed due to a "hash mismatch" error in the Registry. Another user with that problem on another site reported success running "SFCFix", which "repaired" my damaged Registry entry so SFC was able to "fix" it (no more errors, but I can't confirm anything was actually "fixed". My Shutdown/Reboot problem remains.)
 
I've run multiple AV & Malware checks, but they all say everything is fine. I'm stumped. Attached are my FRST logs. TIA.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Ambrosia (administrator) on MUGSY-DESKTOP (08-03-2018 13:00:51)
Running from D:\Install
Loaded Profiles: Ambrosia (Available Profiles: Mugsy & Ambrosia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: "C:\Program Files (x86)\Mozilla\Firefox\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) D:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\VistaSrv.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Schneider Electric) D:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() D:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hauppauge Computer Works) D:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe
(Schneider Electric) D:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(VMware, Inc.) D:\Program Files (x86)\VMware\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hauppauge Computer Works) D:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\Stardock\WindowBlinds\wbvista.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SoftPerfect Research) D:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Esumsoft) C:\Program Files (x86)\POP Peeper\POPPeeper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Nenad Hrg SoftwareOK) C:\Program Files\DesktopOK_x64.exe
(Hauppauge Computer Works) D:\Program Files (x86)\WinTV\Ir.exe
(Hauppauge Computer Works, Inc.) D:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(ITSamples.com) C:\Program Files\NetworkIndicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(cyberlink) D:\Program Files (x86)\CyberLink\Shared files\brs.exe
() D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Schneider Electric) D:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Farbar) D:\Install\BleepingComputer-FRST64-Farbar Recovery Scan Tool.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UMonit] => C:\windows\SysWOW64\UMonit64.exe [61744 2015-10-21] ()
HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2016-03-15] (Realtek Semiconductor)
HKLM\...\Run: [RAMDiskForWorkstations] => D:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [5063376 2014-11-03] (SoftPerfect Research)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-04] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Display] => D:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [BDRegion] => d:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-03-01] (cyberlink)
HKLM-x32\...\RunOnce: [EasyTune] => D:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2014-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => d:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\WINDOW~1\fast64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [POP Peeper] => C:\Program Files (x86)\POP Peeper\POPPeeper.exe [2773168 2017-12-01] (Esumsoft)
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [EPSONE134F5 (Artisan 720) on WiFi] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [EPSON Artisan 720 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [EPSON Artisan 720 over http] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYA.EXE [224768 2010-01-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [DesktopOK] => C:\Program Files\DesktopOK_x64.exe [354304 2014-02-11] (Nenad Hrg SoftwareOK)
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Run: [DAEMON Tools Lite Automount] => "D:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\MountPoints2: {468fed39-3895-11e5-9d29-005056c00008} - H:\SETUP.EXE
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\MountPoints2: {843faa25-5873-11e5-93d6-001986000546} - H:\TLBootstrap_WPP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-09-02]
ShortcutTarget: APC UPS Status.lnk -> D:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2017-11-18]
ShortcutTarget: AutoStart IR.lnk -> D:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2017-11-18]
ShortcutTarget: WinTV Recording Status.lnk -> D:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Ambrosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetworkIndicator.lnk [2015-08-01]
ShortcutTarget: NetworkIndicator.lnk -> C:\Program Files\NetworkIndicator.exe (ITSamples.com)
Startup: C:\Users\Mugsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CacheCleanup2,6.lnk [2017-04-07]
ShortcutTarget: CacheCleanup2,6.lnk -> D:\code\CacheCleanup\CacheCleanup app\bin\Debug\CacheCleanup.exe (Outlaw Web Designs)
Startup: C:\Users\Mugsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-09-30]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Mugsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2017-10-04]
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\Program Files\T-Clock 2010\x64\tClock.exe (Stoic Joker's Network)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A984ED31-3E66-4EB3-9577-4C934ACE8020}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C503B035-60F1-402C-ABBE-9D9423A101AE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002 -> {A0FD6D0B-D954-49BB-9FD5-E4AEE3A4D136} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\Uninstaller\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-23] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-23] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-12] (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default [2018-03-08]
FF Homepage: Mozilla\Firefox\Profiles\yn7k7xt3.default -> hxxp://www.msnbc.com/rachel-maddow-show
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\ALone-live@ya.ru.xpi [2018-03-08] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2018-03-08] [Legacy]
FF Extension: (Ghostery) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\firefox@ghostery.com.xpi [2017-09-11]
FF Extension: (MEGA EXTENSION) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\firefox@mega.co.nz.xpi [2015-08-14] [Legacy]
FF Extension: (HTML5 Video Everywhere!) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\html5-video-everywhere@lejenome.me.xpi [2017-09-11] [Legacy]
FF Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\iobitascsurfingprotection@iobit.com [2015-06-23] [Legacy] [not signed]
FF Extension: (One Click Proxy) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-12-29] [Legacy]
FF Extension: (No Flash) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\jid1-cplLTTY501TB2Q@jetpack.xpi [2017-09-11] [Legacy]
FF Extension: (Redirector) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\redirector@einaregilsson.com.xpi [2017-09-11]
FF Extension: (Menu Wizard) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\s3menu@wizard.xpi [2017-09-11] [Legacy]
FF Extension: (selectivecookiedelete) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\selectivecookiedelete@siju.mathew [2018-03-08] [Legacy]
FF Extension: (Video WithOut Flash) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\vwof@drev.com.xpi [2017-09-11] [Legacy]
FF Extension: (Avast Online Security) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\wrc@avast.com.xpi [2017-11-10]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-03-08]
FF Extension: (FlashGot) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2018-03-08] [Legacy]
FF Extension: (Stylish) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2018-03-08] [Legacy]
FF Extension: (InFormEnter+) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2018-03-08]
FF Extension: (Download Status Bar) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2017-09-11] [Legacy]
FF Extension: (Shorten URL (bit.ly)) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi [2015-08-10] [Legacy]
FF Extension: (Cookies Manager+) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-09-11] [Legacy]
FF Extension: (Web Developer) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2018-03-08]
FF Extension: (Block site) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2017-09-11] [Legacy]
FF Extension: (Bitdefender QuickScan) - C:\Users\Ambrosia\AppData\Roaming\Mozilla\Firefox\Profiles\yn7k7xt3.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-09-11] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla\Firefox\plugins\npyaxmpb.dll [2007-03-09] (Yahoo! Inc.)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\Firefox\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ocjjmndnbgolapgjhbombaldcmgnidkp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService11; D:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1058080 2017-12-11] (IObit)
R2 APC Data Service; D:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; D:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-04] (AVAST Software)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-04] (AVAST Software)
S3 CLHNServiceForPowerDVD; D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-08-06] ()
S4 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [254520 2017-07-27] (Connectify)
S3 CyberLink PowerDVD 11.0 Monitor Service; D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2014-02-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2014-02-12] (CyberLink)
R2 EaseUS Agent; D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2017-08-30] (CHENGDU YIWO Tech Development Co., Ltd)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 gadjservice; d:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 HauppaugeTVServer; D:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [581632 2013-05-15] (Hauppauge Computer Works) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-07-10] (Olof Lagerkvist)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 IObitUnSvr; D:\Program Files (x86)\IObit\Uninstaller\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-29] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-13] (Microsoft Corporation) [File not signed]
R2 TermService; C:\windows\SysWOW64\termsrv.dll [680960 2011-02-25] (Microsoft Corporation) [File not signed]
R2 VMAuthdService; D:\Program Files (x86)\VMware\vmware-authd.exe [96232 2018-01-08] (VMware, Inc.)
R2 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\VistaSrv.exe [337144 2009-06-04] (Stardock Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] () [File not signed]
S3 AndnetBus; C:\windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
R1 AppleCharger; C:\windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-04] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-04] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-04] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-04] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-04] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-04] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-04] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-04] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-04] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-04] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-04] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-04] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-04] (AVAST Software)
R3 ATIDACXX; C:\windows\System32\drivers\atidacxx.sys [20224 2005-12-08] (ATI Technologies Inc.)
R3 ATIDDCXX; C:\windows\System32\drivers\atiddcxx.sys [15104 2005-12-08] (ATI Technologies Inc.)
R3 ATIDTUXX; C:\windows\System32\drivers\atidtuxx.sys [89472 2005-12-08] (ATI Technologies Inc.)
R3 ATIDVCXX; C:\windows\System32\drivers\atidvcxx.sys [287488 2005-12-08] (ATI Technologies Inc.)
R3 ATIDXBXX; C:\windows\System32\drivers\atidxbxx.sys [15232 2005-12-08] (ATI Technologies Inc.)
R2 AWEAlloc; C:\windows\System32\DRIVERS\awealloc.sys [20536 2014-06-03] (Olof Lagerkvist)
S3 bcbtums; C:\windows\System32\drivers\bcbtums.sys [172760 2014-09-20] (Broadcom Corporation.)
S3 BthAudioHF; C:\windows\System32\DRIVERS\BthAudioHF.sys [52224 2009-12-21] (CSR, plc) [File not signed]
R1 cfywlan1; C:\windows\System32\DRIVERS\cfywlan1.sys [36736 2017-04-15] (Connectify)
R1 cnnctfy3; C:\windows\System32\DRIVERS\cnnctfy3.sys [43872 2017-04-15] (Connectify)
S3 cpuz137; D:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R3 cpuz143; C:\windows\temp\cpuz143\cpuz143_x64.sys [48960 2018-03-08] (CPUID)
S3 csr_a2dp; C:\windows\System32\drivers\bthav.sys [78848 2009-12-21] (CSR, plc) [File not signed]
S3 dtlitescsibus; C:\windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-27] (Disc Soft Ltd)
S3 dtliteusbbus; C:\windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-03-21] (Disc Soft Ltd)
R3 e1dexpress; C:\windows\System32\DRIVERS\e1d62x64.sys [536560 2018-03-03] (Intel Corporation)
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [53240 2016-12-06] ()
R3 GeneStor; C:\windows\System32\DRIVERS\GeneStor.sys [215608 2016-08-22] (GenesysLogic)
R1 GsRamDsk; C:\windows\System32\DRIVERS\GsRamDsk.sys [55288 2014-08-13] ()
S3 GVTDrv64; C:\windows\GVTDrv64.sys [30528 2017-06-10] ()
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [31712 2018-03-03] (Intel Corporation)
R2 ImDisk; C:\windows\System32\DRIVERS\imdisk.sys [42560 2014-07-10] (Olof Lagerkvist)
R3 iobit_monitor_server; D:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2016-12-21] (IObit)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R3 IUFileFilter; D:\Program Files (x86)\IObit\Uninstaller\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; D:\Program Files (x86)\IObit\Uninstaller\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [22416 2018-01-11] (IObit.com)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [201296 2018-03-03] (Intel Corporation)
R2 ntk_PowerDVD; D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2013-08-06] (Cyberlink Corp.)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2013-04-19] ()
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [50624 2018-03-03] (NVIDIA Corporation)
S3 RAMDiskVE; C:\windows\System32\Drivers\RAMDiskVE.sys [73040 2012-09-06] (Dataram, Inc.)
S3 RtlWlanu; C:\windows\System32\DRIVERS\rtwlanu.sys [3409112 2016-03-10] (Realtek Semiconductor Corporation )
R0 SmartDefragDriver; C:\windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [51808 2018-03-03] (Synaptics Incorporated)
R1 SPVDPort; C:\windows\System32\DRIVERS\spvdbus.sys [92152 2014-09-04] ()
R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [340984 2014-09-04] ()
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
R1 UsbCharger; C:\windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 VBoxNetAdp; C:\windows\System32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [146624 2018-02-26] (Oracle Corporation)
R0 vsock; C:\windows\System32\DRIVERS\vsock.sys [93248 2017-09-05] (VMware, Inc.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [32456 2014-02-12] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\D:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 esihdrv; \??\C:\Users\Mugsy\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
S3 EUBAKUP0; \??\C:\windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\windows\system32\drivers\EUFDDISK0.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-08 13:00 - 2018-03-08 13:00 - 000043338 _____ C:\sfcdetails.txt
2018-03-08 13:00 - 2018-03-08 13:00 - 000000000 ____D C:\FRST
2018-03-08 12:55 - 2018-03-08 12:55 - 000262616 _____ C:\TDSSKiller.3.1.0.16_08.03.2018_12.55.31_log.txt
2018-03-08 12:53 - 2018-03-08 12:53 - 000000366 _____ C:\TDSSKiller.3.1.0.12_08.03.2018_12.53.43_log.txt
2018-03-08 12:52 - 2018-03-08 12:53 - 000000000 ____D C:\Users\Ambrosia\AppData\LocalLow\Mozilla
2018-03-08 12:52 - 2018-03-08 12:52 - 000000366 _____ C:\TDSSKiller.3.1.0.12_08.03.2018_12.52.22_log.txt
2018-03-08 12:09 - 2018-03-08 12:09 - 000000000 ____D C:\SFCFix
2018-03-08 11:40 - 2018-03-08 12:09 - 000000000 ____D C:\Users\Mugsy\AppData\Local\niemiro
2018-03-08 06:08 - 2018-03-08 06:08 - 000000688 _____ C:\windows\Tasks\McAfee Cleanup.job
2018-03-06 15:48 - 2018-03-06 16:38 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-06 15:48 - 2018-03-06 15:48 - 000000000 ____D C:\ProgramData\MB2Migration
2018-03-06 15:47 - 2018-03-06 15:47 - 000030722 _____ C:\ProgramData\agent.uninstall.1520372872.bdinstall.bin
2018-03-06 15:46 - 2018-03-06 15:46 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-03-06 15:43 - 2018-03-06 15:43 - 000048807 _____ C:\ProgramData\agent.1520372623.bdinstall.bin
2018-03-06 12:28 - 2018-03-06 12:28 - 001086165 _____ C:\Users\Mugsy\AppData\Local\census.cache
2018-03-06 12:27 - 2018-03-06 12:27 - 000535491 _____ C:\Users\Mugsy\AppData\Local\ars.cache
2018-03-06 11:58 - 2018-03-06 11:58 - 000000010 _____ C:\Users\Mugsy\AppData\Local\sponge.last.runtime.cache
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\windows\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\Users\Mugsy\AppData\Local\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\ProgramData\Trend Micro
2018-03-06 11:51 - 2018-03-06 11:51 - 000000036 _____ C:\Users\Mugsy\AppData\Local\housecall.guid.cache
2018-03-06 11:51 - 2017-10-17 10:40 - 000334488 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2018-03-06 08:43 - 2018-03-06 10:39 - 001273488 _____ C:\windows\ntbtlog.txt
2018-03-04 12:06 - 2018-03-04 12:06 - 000000017 _____ C:\Users\Mugsy\AppData\Local\resmon.resmoncfg
2018-03-04 07:48 - 2018-03-04 06:55 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-03-03 11:07 - 2018-03-03 11:07 - 000000000 ____D C:\Users\Ambrosia\AppData\Local\Disc_Soft_Ltd
2018-03-03 11:00 - 2018-01-11 01:25 - 000041512 _____ C:\windows\system32\Drivers\semav6msr64.sys
2018-03-03 10:52 - 2018-03-03 10:52 - 001804688 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2018-03-03 10:52 - 2018-03-03 10:52 - 000051808 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys
2018-03-03 10:47 - 2018-03-03 10:47 - 000226760 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys
2018-03-03 10:47 - 2018-03-03 10:47 - 000045600 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll
2018-03-03 10:46 - 2018-03-03 10:46 - 000050624 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2018-03-03 10:31 - 2018-03-03 10:31 - 040269624 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 035278136 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 035179080 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 027856456 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 019796008 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 019677112 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 017303112 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2018-03-03 10:31 - 2018-03-03 10:31 - 016450056 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 013430632 _____ (NVIDIA Corporation) C:\windows\system32\nvptxJitCompiler.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 012842984 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 011015584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvptxJitCompiler.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 010900248 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 003902448 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 003432944 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 001975184 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6439065.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 001674544 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6439065.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 001469952 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorA.sys
2018-03-03 10:31 - 2018-03-03 10:31 - 001134952 _____ (NVIDIA Corporation) C:\windows\system32\nvfatbinaryLoader.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 001125688 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 001054512 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000988144 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000939504 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000885680 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvfatbinaryLoader.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000824848 _____ (Intel Corporation) C:\windows\system32\Drivers\iusb3xhc.sys
2018-03-03 10:31 - 2018-03-03 10:31 - 000616240 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000528312 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000506672 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000447424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000407064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000171896 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000154208 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000149736 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000132072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2018-03-03 10:31 - 2018-03-03 10:31 - 000031712 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorF.sys
2018-03-03 10:31 - 2018-03-03 10:31 - 000000669 _____ C:\windows\SysWOW64\nv-vk32.json
2018-03-03 10:31 - 2018-03-03 10:31 - 000000669 _____ C:\windows\system32\nv-vk64.json
2018-03-03 10:31 - 2018-03-03 10:31 - 000000000 ____D C:\windows\system32\Drivers\NVIDIA Corporation
2018-03-03 10:30 - 2018-03-03 10:30 - 000201296 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys
2018-03-03 10:23 - 2018-03-03 10:23 - 000536560 _____ (Intel Corporation) C:\windows\system32\Drivers\e1d62x64.sys
2018-03-03 10:23 - 2018-03-03 10:23 - 000100336 _____ (Intel Corporation) C:\windows\system32\NicInstD.dll
2018-03-03 10:23 - 2018-03-03 10:23 - 000089584 _____ (Intel Corporation) C:\windows\system32\e1dmsg.dll
2018-03-03 10:23 - 2018-03-03 10:23 - 000003130 _____ C:\windows\system32\e1d62x64.din
2018-03-03 08:15 - 2018-03-03 08:28 - 000000000 ____D C:\Program Files\Oracle
2018-03-02 12:57 - 2018-03-02 12:57 - 000000000 ____D C:\windows\SysWOW64\directx
2018-03-02 08:18 - 2018-03-02 08:18 - 000000463 _____ C:\Users\Mugsy\Desktop\Goebbels learned PR from us.txt
2018-03-01 21:10 - 2018-03-01 21:10 - 000000680 _____ C:\Users\Mugsy\Desktop\2nd Amendment.txt
2018-02-28 08:08 - 2018-02-28 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBrain
2018-02-28 08:08 - 2018-02-28 08:08 - 000000000 ____D C:\Archive
2018-02-26 16:45 - 2018-02-26 16:45 - 000213632 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetLwf.sys
2018-02-26 16:45 - 2018-02-26 16:45 - 000203328 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetAdp6.sys
2018-02-26 16:45 - 2018-02-26 16:45 - 000146624 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSB.sys
2018-02-26 08:42 - 2018-02-26 08:42 - 000000784 _____ C:\Users\Public\Desktop\VMware Workstation 14 Player.lnk
2018-02-26 08:42 - 2018-01-08 02:14 - 000402408 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe
2018-02-26 08:42 - 2018-01-08 02:14 - 000367080 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe
2018-02-26 08:42 - 2018-01-08 02:14 - 000134104 _____ (VMware, Inc.) C:\windows\system32\vnetinst.dll
2018-02-26 08:42 - 2018-01-08 02:14 - 000046040 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnet.sys
2018-02-26 08:42 - 2018-01-08 02:14 - 000043992 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys
2018-02-26 08:42 - 2018-01-08 02:02 - 000096176 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys
2018-02-26 08:42 - 2017-11-07 12:11 - 000082896 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys
2018-02-26 08:42 - 2017-09-05 04:54 - 000093248 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys
2018-02-26 08:42 - 2017-09-05 04:54 - 000069104 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll
2018-02-26 08:42 - 2017-09-05 04:54 - 000065008 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll
2018-02-25 13:25 - 2018-02-25 13:27 - 007914600 _____ (Tim Kosse) C:\Users\Mugsy\Downloads\FileZilla_3.31.0_win64-setup.exe
2018-02-24 11:43 - 2018-03-02 16:13 - 000000000 ____D C:\Users\Mugsy\Documents\Brains
2018-02-24 11:43 - 2018-02-24 11:46 - 000000000 ____D C:\Users\Mugsy\AppData\Local\TheBrain
2018-02-24 11:42 - 2018-02-28 08:08 - 000002535 _____ C:\Users\Public\Desktop\TheBrain 9.lnk
2018-02-24 11:42 - 2018-02-24 11:42 - 000000000 ____D C:\Program Files (x86)\TheBrain
2018-02-24 07:20 - 2018-02-24 07:20 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-02-23 18:06 - 2018-03-04 06:55 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-02-23 15:00 - 2018-02-23 15:01 - 000000302 _____ C:\Users\Mugsy\Documents\Default Body
2018-02-20 18:05 - 2018-02-22 11:02 - 000002191 _____ C:\Users\Mugsy\Desktop\amazing dissonance.txt
2018-02-16 15:44 - 2018-02-16 15:44 - 000001167 _____ C:\Users\Mugsy\Desktop\EasyVideo Download.lnk
2018-02-16 15:21 - 2018-02-16 15:46 - 000000000 ____D C:\Users\Mugsy\dwhelper
2018-02-13 15:21 - 2018-01-12 10:46 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-02-13 15:21 - 2018-01-12 10:44 - 005581544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-02-13 15:21 - 2018-01-12 10:44 - 001894120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-02-13 15:21 - 2018-01-12 10:44 - 000708328 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-02-13 15:21 - 2018-01-12 10:44 - 000377064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2018-02-13 15:21 - 2018-01-12 10:44 - 000371432 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2018-02-13 15:21 - 2018-01-12 10:44 - 000287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-02-13 15:21 - 2018-01-12 10:44 - 000262376 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-02-13 15:21 - 2018-01-12 10:44 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-02-13 15:21 - 2018-01-12 10:44 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-02-13 15:21 - 2018-01-12 10:40 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000484864 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:33 - 001665384 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-02-13 15:21 - 2018-01-12 10:29 - 004014312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-02-13 15:21 - 2018-01-12 10:29 - 003959016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-02-13 15:21 - 2018-01-12 10:27 - 004834816 _____ (Microsoft Corporation) C:\windows\system32\xpsrchvw.exe
2018-02-13 15:21 - 2018-01-12 10:27 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 10:16 - 003405824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xpsrchvw.exe
2018-02-13 15:21 - 2018-01-12 10:16 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2018-02-13 15:21 - 2018-01-12 10:16 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2018-02-13 15:21 - 2018-01-12 10:15 - 000032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2018-02-13 15:21 - 2018-01-12 10:11 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-02-13 15:21 - 2018-01-12 10:11 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-02-13 15:21 - 2018-01-12 10:11 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-02-13 15:21 - 2018-01-12 10:10 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-02-13 15:21 - 2018-01-12 10:07 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-02-13 15:21 - 2018-01-12 10:06 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-02-13 15:21 - 2018-01-12 10:03 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-02-13 15:21 - 2018-01-12 10:02 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-02-13 15:21 - 2018-01-12 10:02 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-02-13 15:21 - 2018-01-12 10:02 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-02-13 15:21 - 2018-01-12 10:01 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-02-13 15:21 - 2018-01-12 10:01 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-02-13 15:21 - 2018-01-12 09:57 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-02-13 15:21 - 2018-01-12 09:57 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-02-13 15:21 - 2018-01-12 09:57 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-02-13 15:21 - 2018-01-12 09:57 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-02-13 15:21 - 2018-01-12 09:57 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-02-13 15:21 - 2018-01-12 09:56 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 09:56 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 09:56 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-13 15:21 - 2018-01-12 09:56 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-13 15:21 - 2018-01-11 10:41 - 001133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2018-02-13 15:21 - 2018-01-11 10:22 - 000805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2018-02-13 15:21 - 2018-01-11 10:09 - 003224064 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-02-13 15:21 - 2018-01-05 10:31 - 000151552 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-02-13 15:21 - 2018-01-05 10:31 - 000041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2018-02-13 15:21 - 2018-01-05 10:30 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-02-13 15:21 - 2018-01-05 10:30 - 000046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2018-02-13 15:21 - 2018-01-05 10:30 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2018-02-13 15:21 - 2018-01-05 10:25 - 000383720 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2018-02-13 15:21 - 2018-01-05 10:14 - 000309480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2018-02-13 15:21 - 2018-01-05 10:11 - 000111104 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-02-13 15:21 - 2018-01-05 10:11 - 000071168 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-02-13 15:21 - 2018-01-05 10:11 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2018-02-13 15:21 - 2018-01-05 10:11 - 000010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2018-02-13 15:21 - 2018-01-05 09:50 - 000034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2018-02-13 15:21 - 2017-12-31 20:21 - 001680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2018-02-13 15:21 - 2017-12-31 20:21 - 000948968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-02-13 15:21 - 2017-12-31 20:21 - 000288488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fltMgr.sys
2018-02-13 15:21 - 2017-12-31 20:21 - 000213736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdyboost.sys
2018-02-13 15:21 - 2017-12-31 20:21 - 000114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2018-02-13 15:21 - 2017-12-31 20:18 - 014183936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 002066432 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 002004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 001942016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 001867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 001741312 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 001110528 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000977408 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000961024 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000863232 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2018-02-13 15:21 - 2017-12-31 20:18 - 000842752 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000828928 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000749568 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000705024 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2018-02-13 15:21 - 2017-12-31 20:18 - 000512000 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000473600 _____ (Microsoft Corporation) C:\windows\system32\taskcomp.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000439296 _____ (Microsoft Corporation) C:\windows\system32\p2psvc.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000366592 _____ (Microsoft Corporation) C:\windows\system32\wcncsvc.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000327168 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2018-02-13 15:21 - 2017-12-31 20:18 - 000303104 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000264704 _____ (Microsoft Corporation) C:\windows\system32\P2P.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000223232 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000120320 _____ (Microsoft Corporation) C:\windows\system32\WcnApi.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\icfupgd.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000101376 _____ (Microsoft Corporation) C:\windows\system32\fdWCN.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000095744 _____ (Microsoft Corporation) C:\windows\system32\rascfg.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\rasdiag.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000070656 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\ndptsp.tsp
2018-02-13 15:21 - 2017-12-31 20:18 - 000047104 _____ (Microsoft Corporation) C:\windows\system32\kmddsp.tsp
2018-02-13 15:21 - 2017-12-31 20:18 - 000041472 _____ (Microsoft Corporation) C:\windows\system32\rasmxs.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000039424 _____ (Microsoft Corporation) C:\windows\system32\traffic.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000029696 _____ (Microsoft Corporation) C:\windows\system32\rasser.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000024576 _____ (Microsoft Corporation) C:\windows\system32\WcnEapPeerProxy.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000024064 _____ (Microsoft Corporation) C:\windows\system32\WcnEapAuthProxy.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\wfapigp.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000016896 _____ (Microsoft Corporation) C:\windows\system32\wshqos.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wshnetbs.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2018-02-13 15:21 - 2017-12-31 20:18 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2018-02-13 15:21 - 2017-12-31 20:04 - 000559616 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2018-02-13 15:21 - 2017-12-31 20:00 - 012880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 001417728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 001390080 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000463360 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000304640 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskcomp.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000276992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wcncsvc.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000217600 _____ (Microsoft Corporation) C:\windows\SysWOW64\P2P.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2018-02-13 15:21 - 2017-12-31 20:00 - 000162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\fdWCN.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\rascfg.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasdiag.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\ndptsp.tsp
2018-02-13 15:21 - 2017-12-31 20:00 - 000033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\traffic.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2018-02-13 15:21 - 2017-12-31 20:00 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2018-02-13 15:21 - 2017-12-31 19:59 - 001806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-02-13 15:21 - 2017-12-31 19:59 - 000309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-02-13 15:21 - 2017-12-31 19:55 - 000131584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pacer.sys
2018-02-13 15:21 - 2017-12-31 19:55 - 000088576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2018-02-13 15:21 - 2017-12-31 19:55 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2018-02-13 15:21 - 2017-12-31 19:55 - 000045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbios.sys
2018-02-13 15:21 - 2017-12-31 19:55 - 000024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys
2018-02-13 15:21 - 2017-12-31 19:54 - 000077312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2018-02-13 15:21 - 2017-12-31 19:50 - 000455680 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2018-02-13 15:21 - 2017-12-31 19:43 - 000086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcnApi.dll
2018-02-13 15:21 - 2017-12-31 19:43 - 000038912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kmddsp.tsp
2018-02-13 15:21 - 2017-12-31 19:43 - 000033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasmxs.dll
2018-02-13 15:21 - 2017-12-31 19:43 - 000022528 _____ (Microsoft Corporation) C:\windows\SysWOW64\rasser.dll
2018-02-13 15:21 - 2017-12-31 19:43 - 000020480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcnEapPeerProxy.dll
2018-02-13 15:21 - 2017-12-31 19:43 - 000019968 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcnEapAuthProxy.dll
2018-02-13 15:21 - 2017-12-31 19:43 - 000018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfapigp.dll
2018-02-13 15:21 - 2017-12-31 19:43 - 000013824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshqos.dll
2018-02-13 15:21 - 2017-12-31 19:42 - 000460288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2018-02-13 15:21 - 2017-12-31 19:42 - 000406016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2018-02-13 15:21 - 2017-12-31 19:42 - 000168448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2018-02-13 15:21 - 2017-12-31 19:41 - 000754176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2018-02-13 15:21 - 2017-12-31 19:41 - 000106496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2018-02-13 15:21 - 2017-12-31 19:41 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2018-02-13 15:21 - 2017-12-21 00:27 - 000634312 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-02-13 15:21 - 2017-12-05 11:36 - 001484288 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000625664 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000250880 _____ (Microsoft Corporation) C:\windows\system32\icm32.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000218112 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\TabSvc.dll
2018-02-13 15:21 - 2017-12-05 11:36 - 000040960 _____ (Microsoft Corporation) C:\windows\system32\WcsPlugInService.dll
2018-02-13 15:21 - 2017-12-05 11:08 - 001176576 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2018-02-13 15:21 - 2017-12-05 11:08 - 000481792 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2018-02-13 15:21 - 2017-12-05 11:08 - 000215040 _____ (Microsoft Corporation) C:\windows\SysWOW64\icm32.dll
2018-02-13 15:21 - 2017-12-05 11:08 - 000179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2018-02-13 15:21 - 2017-12-05 11:08 - 000145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2018-02-13 15:21 - 2017-12-05 11:08 - 000135168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2018-02-13 15:21 - 2017-12-05 11:08 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2018-02-13 15:21 - 2017-12-05 10:04 - 000404992 _____ (Microsoft Corporation) C:\windows\system32\wisptis.exe
2018-02-13 15:21 - 2017-12-05 09:49 - 000032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcsPlugInService.dll
2018-02-11 20:31 - 2017-12-27 15:41 - 000001197 _____ C:\Users\Mugsy\Desktop\txx_encode.lnk
2018-02-11 20:31 - 2017-12-27 15:41 - 000001197 _____ C:\Users\Mugsy\Desktop\txx_decode.lnk
2018-02-11 20:29 - 2018-01-03 17:04 - 000002095 _____ C:\Users\Mugsy\Desktop\LiveTV.lnk
2018-02-11 19:15 - 2017-11-07 10:31 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2018-02-11 19:15 - 2017-11-07 10:13 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2018-02-11 19:15 - 2017-11-04 09:31 - 000194048 _____ (Microsoft Corporation) C:\windows\system32\itircl.dll
2018-02-11 19:15 - 2017-11-04 09:31 - 000170496 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2018-02-11 19:15 - 2017-11-04 09:10 - 000158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\itircl.dll
2018-02-11 19:15 - 2017-11-04 09:10 - 000142336 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2018-02-11 19:15 - 2017-11-02 10:55 - 000281600 _____ (Microsoft Corporation) C:\windows\system32\iprtrmgr.dll
2018-02-11 19:15 - 2017-11-02 10:55 - 000138240 _____ (Microsoft Corporation) C:\windows\system32\rtm.dll
2018-02-11 19:15 - 2017-11-02 10:55 - 000097792 _____ (Microsoft Corporation) C:\windows\system32\mprdim.dll
2018-02-11 19:15 - 2017-11-02 10:55 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\iprtprio.dll
2018-02-11 19:15 - 2017-11-02 09:11 - 000271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\iprtrmgr.dll
2018-02-11 19:15 - 2017-11-02 09:11 - 000115200 _____ (Microsoft Corporation) C:\windows\SysWOW64\rtm.dll
2018-02-11 19:15 - 2017-11-02 09:11 - 000075264 _____ (Microsoft Corporation) C:\windows\SysWOW64\mprdim.dll
2018-02-11 19:15 - 2017-11-02 08:56 - 000008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iprtprio.dll
2018-02-11 19:15 - 2017-10-16 17:04 - 001001984 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2018-02-11 19:15 - 2017-10-16 16:46 - 000953344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2018-02-11 19:15 - 2017-10-11 18:20 - 000317440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-08 13:00 - 2015-01-06 16:11 - 000000000 ____D C:\Users\Ambrosia\AppData\Roaming\Skype
2018-03-08 12:57 - 2015-08-03 14:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-08 12:57 - 2014-08-13 18:47 - 000026192 _____ (Windows ® Server 2003 DDK provider) C:\windows\gdrv.sys
2018-03-08 12:56 - 2015-07-30 04:53 - 000000000 ____D C:\Users\Ambrosia\AppData\Roaming\POP Peeper
2018-03-08 12:56 - 2014-12-13 08:28 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\Skype
2018-03-08 12:52 - 2014-07-16 18:17 - 000000000 ____D C:\Users\Ambrosia\AppData\Roaming\Mozilla
2018-03-08 12:50 - 2017-03-21 18:10 - 000000000 ____D C:\Users\Mugsy\AppData\LocalLow\Mozilla
2018-03-08 12:22 - 2009-07-13 22:45 - 000022784 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-08 12:22 - 2009-07-13 22:45 - 000022784 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-08 12:20 - 2009-07-13 23:13 - 000826828 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-08 12:20 - 2009-07-13 21:20 - 000000000 ____D C:\windows\inf
2018-03-08 12:14 - 2013-11-19 12:08 - 000000000 ____D C:\ProgramData\VMware
2018-03-08 12:14 - 2009-07-13 23:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-08 12:14 - 2009-07-13 21:20 - 000000000 ____D C:\windows\registration
2018-03-08 12:13 - 2014-09-03 12:27 - 000088111 _____ C:\windows\SysWOW64\PCPELog.txt
2018-03-08 12:07 - 2016-03-17 05:13 - 000000000 ____D C:\.Trash-1000
2018-03-08 08:48 - 2014-06-09 06:44 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\POP Peeper
2018-03-08 06:46 - 2013-11-16 19:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-07 05:45 - 2017-11-21 08:54 - 000001164 _____ C:\Users\Public\Desktop\Advanced SystemCare 11.lnk
2018-03-06 22:18 - 2015-01-07 15:28 - 000000000 ____D C:\Users\Public\AppData\Local\OysterMug
2018-03-06 22:00 - 2014-06-11 18:35 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\tixati
2018-03-06 18:19 - 2016-03-29 16:50 - 000002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-06 16:38 - 2014-04-15 15:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-06 07:02 - 2014-06-13 05:24 - 000000000 ____D C:\Users\Mugsy\AppData\Local\VMware
2018-03-06 06:55 - 2014-06-13 05:24 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\VMware
2018-03-05 20:30 - 2013-11-19 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtualization
2018-03-05 20:28 - 2015-08-03 14:15 - 000000000 ____D C:\Users\Mugsy
2018-03-05 20:26 - 2017-11-27 12:20 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\Notepad++
2018-03-05 20:26 - 2015-08-03 17:03 - 000000000 ____D C:\windows\Minidump
2018-03-05 20:26 - 2015-08-03 14:15 - 000000000 ____D C:\Users\Ambrosia
2018-03-05 20:26 - 2014-06-09 15:16 - 000000000 ____D C:\Users\Mugsy\AppData\LocalLow\IObit
2018-03-05 20:26 - 2014-06-09 15:15 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\IObit
2018-03-05 20:26 - 2014-06-09 05:13 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\Q-Dir
2018-03-05 20:26 - 2013-11-16 10:15 - 000000000 ____D C:\ProgramData\IObit
2018-03-05 20:26 - 2013-11-15 15:15 - 000000000 ____D C:\ProgramData\ProductData
2018-03-05 20:26 - 2009-07-13 21:20 - 000000000 ____D C:\windows\system32\Msdtc
2018-03-05 16:09 - 2017-03-25 06:05 - 000000000 ____D C:\Users\Mugsy\Documents\Visual Studio 2017
2018-03-05 09:29 - 2014-09-22 07:13 - 000000000 ____D C:\Users\Mugsy\AppData\Local\CrashDumps
2018-03-05 09:29 - 2014-06-09 06:42 - 000000000 ___RD C:\Users\Mugsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2018-03-05 09:29 - 2013-11-14 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2018-03-05 09:09 - 2014-06-11 04:39 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2018-03-04 23:18 - 2014-06-09 08:21 - 000000000 ____D C:\Users\Mugsy\AppData\Roaming\FileZilla
2018-03-04 10:39 - 2013-11-16 21:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-04 07:46 - 2015-08-14 09:01 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-04 06:55 - 2017-11-10 07:12 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-04 06:55 - 2017-03-21 12:49 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-04 06:55 - 2017-03-21 12:49 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-04 06:55 - 2017-03-21 12:49 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-04 06:55 - 2017-03-21 12:49 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-04 06:55 - 2015-08-14 09:01 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-03-04 06:55 - 2015-08-14 09:01 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-04 06:55 - 2015-08-14 09:01 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-04 06:55 - 2015-08-14 09:01 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-04 06:55 - 2015-08-14 09:01 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-04 06:55 - 2015-08-14 09:01 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-04 06:55 - 2015-08-14 09:01 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-03 11:30 - 2014-08-15 04:44 - 000000000 ____D C:\windows\pss
2018-03-03 11:25 - 2014-06-08 06:25 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-03 11:25 - 2014-06-08 06:00 - 000000000 ____D C:\Program Files\Intel
2018-03-03 11:24 - 2014-06-08 06:13 - 000000000 ____D C:\ProgramData\Intel
2018-03-03 11:18 - 2017-10-05 05:16 - 000352919 _____ C:\windows\Minidump\030318-5413-01.dmp
2018-03-03 11:07 - 2015-07-30 04:51 - 000000000 ____D C:\Users\Ambrosia\AppData\Roaming\DAEMON Tools Lite
2018-03-03 11:06 - 2017-07-24 05:07 - 000000000 ___RD C:\Users\Ambrosia\Virtual Machines
2018-03-03 10:47 - 2017-11-09 05:01 - 001682288 _____ (NVIDIA Corporation) C:\windows\system32\nvhdagenco6420103.dll
2018-03-03 10:32 - 2017-12-09 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-03-03 10:32 - 2015-08-03 14:14 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-03 10:31 - 2017-03-21 15:26 - 022573984 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2018-03-03 10:31 - 2017-03-21 15:26 - 018730328 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2018-03-03 10:31 - 2017-03-21 15:26 - 015408072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2018-03-03 10:31 - 2017-03-21 15:26 - 004375648 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2018-03-03 10:31 - 2017-03-21 15:26 - 003874728 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2018-03-03 10:31 - 2017-03-21 15:26 - 000492048 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2018-03-03 10:31 - 2017-03-21 15:26 - 000045386 _____ C:\windows\system32\nvinfo.pb
2018-03-03 08:28 - 2015-08-18 12:35 - 000000000 ____D C:\Users\Mugsy\.VirtualBox
2018-03-02 16:37 - 2014-04-01 04:40 - 000017142 _____ C:\Program Files\DesktopOK.ini
2018-03-02 09:52 - 2017-09-18 09:51 - 000000000 ____D C:\Users\Mugsy\AppData\LocalLow\Illusion
2018-02-26 08:42 - 2015-08-03 14:35 - 000841580 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-02-26 05:54 - 2017-09-19 07:35 - 000001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2018-02-26 05:54 - 2014-11-24 20:50 - 000001176 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-02-18 07:19 - 2017-08-06 06:04 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-02-18 07:19 - 2017-08-06 06:04 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-18 07:19 - 2014-06-09 08:09 - 000000000 ____D C:\windows\system32\Macromed
2018-02-18 07:18 - 2014-07-15 13:48 - 000000000 ____D C:\Users\Mugsy\AppData\Local\Adobe
2018-02-18 07:18 - 2014-06-09 08:09 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-02-18 06:17 - 2014-03-20 19:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-15 18:29 - 2009-07-13 21:20 - 000000000 ____D C:\windows\rescache
2018-02-15 06:58 - 2017-03-21 15:35 - 000000000 ____D C:\Users\Mugsy\AppData\Local\NVIDIA
2018-02-14 06:32 - 2017-07-15 07:24 - 000000000 ___RD C:\Users\Mugsy\Virtual Machines
2018-02-14 06:31 - 2009-07-13 22:45 - 001038328 _____ C:\windows\system32\FNTCACHE.DAT
2018-02-14 06:28 - 2014-06-09 20:12 - 000000000 ____D C:\windows\system32\MRT
2018-02-14 06:26 - 2017-10-12 04:37 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-02-14 06:26 - 2015-08-03 15:21 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-02-12 12:42 - 2015-08-27 12:47 - 000097344 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-02-12 12:42 - 2015-07-30 09:11 - 000000000 ____D C:\Program Files (x86)\Java
2018-02-12 09:00 - 2017-03-22 10:34 - 000004186 _____ C:\windows\System32\Tasks\Streaming Talk Radio
2018-02-12 07:33 - 2009-07-13 21:20 - 000000000 ____D C:\windows\SysWOW64\Setup
2018-02-12 07:33 - 2009-07-13 21:20 - 000000000 ____D C:\windows\system32\Setup

==================== Files in the root of some directories =======

2014-04-01 04:40 - 2018-03-02 16:37 - 000017142 _____ () C:\Program Files\DesktopOK.ini
2011-05-02 16:19 - 2014-02-11 19:51 - 000354304 _____ (Nenad Hrg SoftwareOK) C:\Program Files\DesktopOK_x64.exe
2010-10-25 18:41 - 2013-11-14 12:01 - 000344064 _____ (ITSamples.com) C:\Program Files\NetworkIndicator.exe
2012-12-19 21:24 - 2014-07-14 13:24 - 000061440 _____ (Ayoma) C:\Program Files (x86)\Ayoma Folder Kisser.exe
2015-08-05 20:26 - 2015-08-05 20:27 - 000000029 _____ () C:\Program Files (x86)\Common Files\appop.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2018-02-27 16:05

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Ambrosia (08-03-2018 13:01:04)
Running from D:\Install
Windows 7 Home Premium Service Pack 1 (X64) (2015-08-03 20:30:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2748314351-3383516761-2200278533-500 - Administrator - Disabled)
Ambrosia (S-1-5-21-2748314351-3383516761-2200278533-1002 - Administrator - Enabled) => C:\Users\Ambrosia
Guest (S-1-5-21-2748314351-3383516761-2200278533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2748314351-3383516761-2200278533-1010 - Limited - Enabled)
Mugsy (S-1-5-21-2748314351-3383516761-2200278533-1000 - Administrator - Enabled) => C:\Users\Mugsy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B13.0703.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B13.0703.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
1Click DVD Copy Pro 5.0.1.4 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version: - LG Software Innovations)
3DMark (HKLM\...\{5B6A2B8B-2310-4404-A137-29163C554B7A}) (Version: 1.2.362.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{38f32cea-14ce-4349-882e-8779bcd45e5c}) (Version: 1.2.362.0 - Futuremark)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.5 - Futuremark Corporation)
3DMark03 (HKLM-x32\...\{FF35F637-72B9-43BE-A281-06EB2854393A}) (Version: 3.6.2 - Futuremark Corporation)
3DMark05 (HKLM-x32\...\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}) (Version: 1.3.2 - Futuremark Corporation)
3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.0 - Futuremark Corporation)
7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
AC-3 ACM Codec x64 2.2 (HKLM\...\AC3ACM) (Version: 2.2 - fccHandler)
Active@ File Recovery 14 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 14 - LSoft Technologies Inc)
Active@ Partition Recovery 12 (HKLM\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 12 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CC 2015 (32 Bit) (HKLM-x32\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Advanced Installer 11.2.1 (HKLM-x32\...\{3846E16D-FF3B-4B16-B08F-5A42C736AB65}) (Version: 11.2.1 - Caphyon)
Advanced Installer 12.4.1 (HKLM-x32\...\{9E2D1AC4-11C8-4764-83B8-ADE62BC5E629}) (Version: 12.4.1 - Caphyon)
Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.0.3 - IObit)
Aliens vs Predator D3D11 Benchmark V1.03 (HKLM-x32\...\{CC72E6E8-CFFF-43B4-A9BE-C227C088EE95}) (Version: 1.03.0000 - Rebellion)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0414 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0414 - Gigabyte)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Mover (x64) (HKLM\...\Application Mover (x64)_is1) (Version: 4.3 - Funduc Software Inc.)
Application Verifier x64 External Package (HKLM\...\{01C2C51F-B0CF-BB5E-A010-E927D44F7720}) (Version: 10.1.15063.137 - Microsoft) Hidden
Artificial Girl 3 (HKLM-x32\...\{82B3FA5A-7B4F-446D-B6A0-9CE9C361979E}) (Version: 1.50 - Illusion Software)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Avira UnErase Personal (HKLM-x32\...\Avira UnErase Personal) (Version: - )
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
BUSB B13.0508.1 (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.00.0000 - GIGABYTE)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Chicken Invaders 5 - Cluck of the Dark Side (HKLM-x32\...\Chicken Invaders 5 - Cluck of the Dark Side1.1) (Version: 1.1 - Foxy Games)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Connectify 2017 (HKLM\...\Connectify) (Version: 2017.4.5.38776 - Connectify)
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version: - )
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version: - )
CrystalDiskInfo 6.1.14 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.14 - Crystal Dew World)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.5012.58 - CyberLink Corp.)
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo (HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Diablo) (Version: - )
Diablo No-CD Loader (HKLM-x32\...\{1AAB4E62-4985-4AB4-B82F-6A27E2F6BCE9}_is1) (Version: 1.2.1 - RealityRipple Software)
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.2.0 - IObit)
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD43 Plug-in v1.0.0.5 (HKLM-x32\...\DVD43 Plug-in_is1) (Version: - )
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
EaseUS Todo Backup Home 10.6 Trial (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 10.6 - CHENGDU YIWO Tech Development Co., Ltd)
Easy2Convert PNG to DDS 2.2 (HKLM-x32\...\{C8F8021F-32E0-455B-921A-1C9E2552BE52}_is1) (Version: 2.2 - Easy2Convert Software)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.15.0626 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.15.0626 - GIGABYTE)
Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
EPSON Artisan 720 Series Printer Uninstall (HKLM\...\EPSON Artisan 720 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSpeak version 1.48.04 (HKLM-x32\...\eSpeak_is1) (Version: - )
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version: - )
FaceGen Customizer 1.3 (HKLM-x32\...\{67A7DEEA-AFA8-457B-A4DC-7433B5ED3672}) (Version: 1.3.1 - Singular Inversions)
FaceGen Modeller 3.5 (HKLM-x32\...\{378C3E39-DECB-48BB-8BE1-B42791B3E625}) (Version: 3.5.3 - Singular Inversions Inc.)
FileSearchEX (HKLM-x32\...\FileSearchEX) (Version: 1.0.9.4 - GOFF Concepts LLC)
FileZilla Client 3.31.0 (HKLM-x32\...\FileZilla Client) (Version: 3.31.0 - Tim Kosse)
FinalRecovery 1.22 (HKLM-x32\...\FinalRecovery_is1) (Version: - )
Free Video Call Recorder for Skype version 1.2.28.525 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.28.525 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Future Pinball (HKLM-x32\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley)
Futuremark SystemInfo (HKLM-x32\...\{85F94959-7098-4B55-9F39-27D880FE5BA1}) (Version: 5.1.620.0 - Futuremark)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.10.0.95 - NVIDIA Corporation) Hidden
GFXBench GL (HKLM-x32\...\GFXBench GL) (Version: 4.0.13 - Kishonti Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.146 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GrabIt 1.7.3 Beta (build 1010) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.31161 (CD 2.8a) - Hauppauge Computer Works)
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
ILLUSION プレイクラブ (HKLM-x32\...\{EDA7A566-434A-4784-AE98-74AFA46A2485}) (Version: 1.00.0000 - ILLUSION)
ImageMagick 7.0.7-0 Q16 (32-bit) (2017-09-03) (HKLM-x32\...\ImageMagick 7.0.7 Q16 (32-bit)_is1) (Version: 7.0.7 - ImageMagick Studio LLC)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{49bc1e38-39b4-4728-9e75-cbe67ba9a329}) (Version: 10.1.1.42 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.3.72.0 (HKLM\...\PROSetDX) (Version: 18.3.72.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.3.0.13 - IObit)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{0275DC52-C83E-3142-D2EF-70877F885663}) (Version: 10.0.26624 - Microsoft) Hidden
K-Lite Codec Pack 10.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
KWorld ATSC BDA Drivers (HKLM-x32\...\KWorld ATSC BDA Drivers_is1) (Version: - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
Leawo Blu-ray Player version 1.9.5.0 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.9.5.0 - Leawo Software)
LG Mobile Drivers (HKLM-x32\...\{C3C008A7-D4A5-4E19-B0D6-72043D6EFE34}) (Version: 4.2.0 - LG Electronics)
LibreOffice 5.2.5.1 (HKLM-x32\...\{79CD8EA1-DEB1-4582-9E41-8634223BDCD4}) (Version: 5.2.5.1 - The Document Foundation)
LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.0 - Hermann Schinagl)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
MadOnion.com/3DMark2001 SE (HKLM-x32\...\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}) (Version: - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
MediaCoder x64 0.8.37.5770 (HKLM\...\MediaCoder x64) (Version: 0.8.37.5770 - Mediatronic)
MediaInfo 0.7.70 (HKLM\...\MediaInfo) (Version: 0.7.70 - MediaArea.net)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microangelo 5.5 (HKLM-x32\...\Microangelo 5.0) (Version: - )
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30642.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
MKVToolNix 8.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.4.0 - Moritz Bunkus)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Channel Logos (HKLM\...\{89D880D9-0525-4D01-AA3A-48B91F35E27A}) (Version: 2.06 - My Channel Logos)
My ViewPad (HKLM-x32\...\My ViewPad_is1) (Version: 4.1 - fCoder Group, Inc.)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NTFS Undelete v0.93 (HKLM-x32\...\NTFS Undelete_is1) (Version: 0.93 - Atola Technology)
NTLite v1.0.0.3477 (HKLM\...\NTLite_is1) (Version: 1.0.0.3477 - Dino Nuhagic)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.)
OutfitSwapper2 (HKLM-x32\...\{B45224B0-00EC-4F69-9B93-16A36595A691}) (Version: 2.0.0 - OysterMug Productions)
OutRun2006 Coast 2 Coast (HKLM-x32\...\{839911F0-D9CB-400F-AE78-5D8264F38C42}) (Version: 1.00.0000 - Sega)
OysterMug's Voiceset Creator (HKLM-x32\...\{30C94C3E-85E8-4019-9BD5-36D72239CBA1}) (Version: 2.0.0 - OysterMug Productions)
OysterMug's Voiceset Installer (HKLM-x32\...\{74ED1C46-8ADE-4F50-8B0E-D60ECB405023}) (Version: 3.0 - OysterMug Productions)
Paint Shop Pro 6.0 (CD-ROM) (HKLM-x32\...\Paint Shop Pro 6.0) (Version: - )
Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
PCMark 8 (HKLM\...\{1C105B2F-E38F-4CE4-97F7-D5F9381AC85F}) (Version: 2.7.613.0 - Futuremark) Hidden
PCMark 8 (HKLM-x32\...\{ffbe2963-bbe7-49f1-9c32-6fe7e17e5200}) (Version: 2.7.613.0 - Futuremark)
PCMark Vantage (HKLM-x32\...\{F241EC95-C81A-466E-8006-6B0B364B07A0}) (Version: 1.0.3.1 - Futuremark Corporation)
Pixsta (HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Pokki_83453a3d886e527a470b5bb8291dd338de4b1e44) (Version: 2.5.3.5 - Pokki)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki Download Helper (HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
POP Peeper (HKLM-x32\...\POP Peeper) (Version: - Esumsoft)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAMDisk (HKLM-x32\...\{E04FD66D-ADDD-48A0-B766-4111945C09D4}) (Version: 4.0.0 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.15.1112 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.15.1112 - GIGABYTE)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Smart Recovery 2 B13.0627.1 (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0001 - GIGABYTE)
SoftPerfect RAM Disk 3.4.6 (HKLM\...\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1) (Version: - SoftPerfect Research)
Sonic Foundry Soft Encode 1.0 - Dolby Digital 5.1 (HKLM-x32\...\SFTENCDD) (Version: - )
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPER © v2014.build.61+Recorder (2014/06/19) version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.61+Recorder - eRightSoft)
SUPER © v2014.build.63+Recorder (2014/11/27) version v2014.buil (HKLM-x32\...\{8E2A19E2-96BF-8659-4DA7-5C06C90719A4}_is1) (Version: v2014.build.63+Recorder - eRightSoft)
SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
SUPER © v2015.build.65+Recorder (2015/05/31) version v2015.buil (HKLM-x32\...\{8E2A29F2-96BF-8859-4DB7-5C16C91728A4}_is1) (Version: v2015.build.65+Recorder - eRightSoft)
SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM-x32\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
TheBrain (HKLM-x32\...\{23452184-94d1-4796-9f54-ea306a24d135}) (Version: 9.0.250.0 - TheBrain Technologies LP)
TheBrain (HKLM-x32\...\{57D19AF9-97F6-434D-8730-2738C93BD666}) (Version: 9.0.250.0 - TheBrain Technologies LP) Hidden
Tixati (HKLM-x32\...\tixati) (Version: - )
TMPGEnc 4.0 XPress (HKLM-x32\...\{AB212B59-FF45-4C18-B369-F630CB268DAF}) (Version: 4.2.3.193 - Pegasys, Inc.)
TMPGEnc Authoring Works 4 (HKLM-x32\...\{424F15BF-FDF0-4D22-B6FA-054BF7E562AD}) (Version: 4.1.4.51 - Pegasys Inc.)
TypeScript Power Tool (HKLM-x32\...\{5207E91E-2B03-42C0-89D0-F7B2082993C6}) (Version: 2.1.7.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
UB435-Q BDA Drivers (HKLM-x32\...\TVEpaDrv) (Version: - )
Ulead ArtTexture.Plugin 1.0 (HKLM-x32\...\Ulead ArtTexture.Plugin 1.0) (Version: - )
Ulead COOL 3D 2 (HKLM-x32\...\Ulead COOL 3D 2) (Version: - )
Ulead COOL 3D 3.5 (HKLM-x32\...\{BA1BE991-D723-41BE-AD16-42EAFDA794EA}) (Version: - Ulead Systems)
Ulead FantasyWarp.Plugin 1.0 (HKLM-x32\...\Ulead FantasyWarp.Plugin 1.0) (Version: - )
Ulead Particle.Plugin 1.0 (HKLM-x32\...\Ulead Particle.Plugin 1.0) (Version: - )
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6AFD985C-21B7-8F2D-86B2-19A0563A1195}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 20.1 - Ubisoft)
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Verizon Wireless Software Upgrade Assistant - Samsung (HKLM-x32\...\{515E3495-61EC-477C-A089-D73BB51E1BEF}) (Version: 1.14.1109 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}) (Version: 1.13.0103 - SAMSUNG)
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
Visual Install Pack (HKLM-x32\...\{549CC831-2542-47F2-A855-2F41E50EF015}) (Version: 81.21 - Phoenixx)
VMware Player (HKLM\...\{2068E4B9-5A6D-41E3-8B50-CC2ECD49309B}) (Version: 14.1.1 - VMware, Inc.)
VPLauncher V3.02 (HKLM-x32\...\VPLauncher V3.02) (Version: - )
VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version: - )
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WebGrab+Plus (HKLM-x32\...\{AEDBC508-8A29-453C-9C3C-A72728F2AD31}) (Version: 1.1.1 - ServerCare)
WG-Dependencies (HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\4cae215cafa50d85) (Version: 1.0.0.0 - WG-Dependencies)
WicReset version 5.0.0.25 (HKLM-x32\...\{20379D3A-321B-4830-96A6-37183B713AE8}_is1) (Version: 5.0.0.25 - WWW.WIC.SUPPORT)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{FAD0F79E-5EA4-542B-76A3-46093E52C1F5}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WindowBlinds (HKLM-x32\...\WindowBlinds) (Version: 7.41.1 - Stardock Corporation)
Windows 7 Logon Background Changer (HKLM-x32\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows SDK AddOn (HKLM-x32\...\{3BE62AA1-60B9-42EA-99BC-1A46B31C7E0C}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.795 (HKLM-x32\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{4B51AEB6-6809-14FF-9BED-0CA4562E7C29}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{357D0CD4-8B72-8D65-7015-81DFB2BF9150}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C7EDFCB3-6341-A239-4626-499461403BC1}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{AC7E3FD3-018B-5DD8-2C2B-3AE87B283E48}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{35CC86CF-B9E6-6E9D-7DFF-F2C4A7668A57}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E2F78B92-04DE-5350-14C0-7C281BF87D9E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{311BF490-B346-3B34-80BD-B892C4835026}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{2F157523-39A0-B488-8BD7-60B25186B5EB}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{81A0EC8C-9462-BC98-0E5C-301DD7A46792}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{AF110624-9E71-3F58-0992-C12DBEE79BA7}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8F542B99-CF59-6042-48B8-549B60E66232}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D089A695-49F0-D3B2-0EBF-2BBC33A05CD6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (HKLM-x32\...\{91F4F520-25FB-AB44-610A-B8D53C4BF25D}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (HKLM-x32\...\{1C47EFF0-EDFE-BBA3-0BB5-8345E002C0D8}) (Version: 10.0.26624 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ambrosia\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ambrosia\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ambrosia\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ambrosia\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ambrosia\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files (x86)\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => D:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\Uninstaller\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => D:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\windows\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => D:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => D:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\Program Files (x86)\VMware\vmdkShellExt.dll [2018-01-08] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\Program Files (x86)\VMware\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files (x86)\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => D:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\Uninstaller\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => D:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files (x86)\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => D:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\Uninstaller\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\windows\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1ECB5286-2871-48B0-866D-7D0CEDA4D11E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\windows\system32\Wat\WatAdminSvc.exe
Task: {33B51826-D547-45C7-913D-A61DA3217353} - \03Wed-2000 -> No File <==== ATTENTION
Task: {3EB8F838-B835-423D-B28A-282886E1FD4C} - System32\Tasks\01-Sun-Fox News Sunday => C:\windows\ehome\ehshell.exe [2009-07-13] (Microsoft Corporation)
Task: {40C5BDC0-928A-4B4B-BFF2-2CD4F58622F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe
Task: {427D9C53-89D7-4142-88A2-6E8DB2F11C84} - System32\Tasks\Take medicine
Task: {43246D98-5C20-44D4-AC86-6F5FB1EE6894} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe
Task: {58E8D7CB-CFB4-4071-845C-8391F43477F3} - \00Daily-News at 5pm -> No File <==== ATTENTION
Task: {60B4F74D-C9F3-4518-A0A1-C3083978936D} - \07Sun-0800-Sunday News shows -> No File <==== ATTENTION
Task: {736AB8C4-4F9A-469C-BB8A-E320CA323646} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe
Task: {73C0B607-E7E8-4209-895A-D2668E78C1E6} - System32\Tasks\00-1700-Daily-Evening news => C:\windows\ehome\ehshell.exe [2009-07-13] (Microsoft Corporation)
Task: {755AC35F-4A1F-4ACA-BF90-0F2789394E14} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {755AC35F-4A1F-4ACA-BF90-0F2789394E14} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {7680523C-B378-4FD9-AAA9-0CCAA5551119} - System32\Tasks\ASC10_PerformanceMonitor => D:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-12-07] (IObit)
Task: {7DE7F314-11C5-4C39-9E22-7C5C2635D215} - System32\Tasks\Pay rent
Task: {9F55C31F-16AF-4FBE-9293-2C9698C2D0F1} - \02Tues-1900 -> No File <==== ATTENTION
Task: {A26B524C-D51B-4977-A066-C74E33D16E04} - System32\Tasks\ASC10_SkipUac_Mugsy => D:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-12-12] (IObit)
Task: {A5AD535D-8F68-44B1-830A-547670DED9B6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe
Task: {B6609B2E-D2B2-4461-84A2-BB85E08B9867} - \04Thu-2000 -> No File <==== ATTENTION
Task: {BAD31203-7479-4A16-A489-E79C1E58EDAF} - System32\Tasks\Streaming Talk Radio => "C:\Program Files (x86)\Mozilla\Firefox\firefox.exe" hxxps://livestream.com/accounts/6869543/events/2699439/player?width=640&height=360&enableInfoAndActivity=true&defaultDrawer=&autoPlay=true&mute=false
Task: {D1A22A4E-E8E6-4352-8AEA-F2EE80E23FCE} - \01Mon-1900 -> No File <==== ATTENTION
Task: {DAFEF182-022E-4CF2-9714-62A35DD17EBC} - System32\Tasks\Politics Nation Sunday => "C:\Program Files (x86)\Mozilla\Firefox\firefox.exe" hxxp://tvpc.us/Channel.php?ChannelID=62554
Task: {E0F8AE53-B35F-4E63-A16F-4B427BEA9034} - \07Sun-0700-Up on MSNBC -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Driver Booster Scheduler.job => D:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: C:\windows\Tasks\Driver Booster SkipUAC (Ambrosia).job => D:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d1aafe10a507f0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\McAfee Cleanup.job => C:\Users\Mugsy\AppData\Local\Temp\MCPR\mccleanup.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Ambrosia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3736aa74fc16699b\Google Chrome.lnk -> E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2015-04-14 14:27 - 2015-04-14 14:27 - 000016896 _____ () d:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2014-06-08 06:40 - 2011-09-29 11:09 - 000100656 _____ () C:\Program Files (x86)\Stardock\WindowBlinds\WBVista.exe
2017-06-07 14:09 - 2017-06-07 14:09 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2004-09-30 12:15 - 2004-09-30 12:15 - 000192000 _____ () D:\Program Files\LinkShellExtension\RockallDLL.dll
2018-02-23 03:44 - 2018-02-23 03:44 - 000076456 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-08-28 18:43 - 2017-08-28 18:43 - 000230064 _____ () D:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-07-31 18:22 - 2015-10-21 06:55 - 000061744 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-08-15 15:41 - 2014-09-04 13:15 - 000097784 _____ () D:\Program Files\SoftPerfect RAM Disk\vvlib.dll
2017-10-05 07:28 - 2017-08-30 11:29 - 000260752 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2018-03-04 06:55 - 2018-03-04 06:55 - 000287960 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 000280280 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-08 11:48 - 2018-03-08 11:48 - 005826192 _____ () D:\Program Files\AVAST Software\Avast\defs\18030812\algo.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 000756952 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 000172760 _____ () D:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 000964824 _____ () D:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 000475352 _____ () D:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 000339672 _____ () D:\Program Files\AVAST Software\Avast\streamback_avast.dll
2014-11-06 08:33 - 2011-11-04 01:28 - 000260096 _____ () D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\sqlite3.dll
2017-10-05 07:28 - 2017-02-21 16:19 - 000083136 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2017-07-17 07:29 - 2016-03-07 17:08 - 001291264 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2017-07-17 07:29 - 2004-10-05 02:08 - 000055808 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000019648 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000090816 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000024768 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000188608 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2017-10-05 07:28 - 2017-08-30 11:25 - 000183440 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000163520 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll
2017-10-05 07:28 - 2017-08-30 11:27 - 000055952 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000018112 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2017-10-05 07:28 - 2017-08-30 11:25 - 000061072 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2017-10-05 07:28 - 2017-09-04 16:39 - 000699024 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\EuActiveOnline.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000487568 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL
2017-10-05 07:28 - 2017-08-30 11:26 - 000021648 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\fsclog.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000085648 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000032912 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000070800 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000160400 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000296592 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000078528 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000305808 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000210112 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000026304 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000074432 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000142016 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2017-10-05 07:28 - 2017-09-11 13:28 - 000085136 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000844944 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000195776 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000414400 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000162448 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000029376 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000114368 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000026816 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000022720 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000034448 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000054464 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000066240 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2017-10-05 07:28 - 2017-08-30 11:25 - 000026768 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2017-10-05 07:28 - 2017-08-30 11:26 - 000072848 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000221376 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000079040 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2017-10-05 07:28 - 2017-08-30 11:25 - 000021648 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000138432 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000021696 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2017-10-05 07:28 - 2017-08-30 11:27 - 000074896 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlExBrowser.dll
2017-10-05 07:28 - 2017-08-30 11:27 - 000585872 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlSMOCPlusPlus.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000045248 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2017-10-05 07:28 - 2017-08-30 11:25 - 000367760 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2017-10-05 07:28 - 2017-08-30 11:25 - 000141456 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000149184 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000052416 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000064192 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2017-07-17 07:29 - 2016-12-06 01:43 - 000091840 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000058560 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2017-11-18 09:58 - 2011-08-23 10:04 - 000057344 _____ () D:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2017-11-18 09:58 - 2013-05-15 13:15 - 000025600 _____ () D:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2018-01-08 02:05 - 2018-01-08 02:05 - 000087016 _____ () D:\Program Files (x86)\VMware\zlib1.dll
2017-04-22 08:53 - 2016-06-14 14:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-06-07 14:07 - 2017-06-07 14:07 - 000569856 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2004-09-30 11:09 - 2004-09-30 11:09 - 000155648 _____ () D:\Program Files\LinkShellExtension\32\RockallDLL.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 067126928 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-04 06:55 - 2018-03-04 06:55 - 000275160 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-08-28 14:23 - 2014-08-28 14:23 - 000142416 _____ () C:\Program Files (x86)\POP Peeper\zip.dll
2014-07-06 20:19 - 2014-07-06 20:19 - 000354896 _____ () C:\Program Files (x86)\POP Peeper\sqlite3.dll
2013-01-16 10:58 - 2013-01-16 10:58 - 002408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2013-01-16 10:58 - 2013-01-16 10:58 - 008626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2013-01-16 10:58 - 2013-01-16 10:58 - 000212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 002144104 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 007955304 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 000341352 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 000028008 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 000127336 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2017-07-17 07:29 - 2016-12-06 01:44 - 000210112 _____ () D:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\System32:{4B9A1497-0817-47C4-9612-D5A1C53ACF57} [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\123simsen.com -> www.123simsen.com

There are 7852 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2017-03-21 19:40 - 000001131 _____ C:\windows\system32\Drivers\etc\hosts

65.55.186.113 data.tvdownload.microsoft.com
72.246.56.59 cdn.epg.tvdownload.microsoft.com
65.55.5.170 data.tvdownload.microsoft.com
2.16.216.176 cdn.epg.tvdownload.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ambrosia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Connectify => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvastUI.exe => "D:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: Connectify Hotspot => C:\Program Files (x86)\Connectify\Connectify.exe autorun
MSCONFIG\startupreg: WINCINEMAMGR =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{138A8CFB-8523-4076-AB1E-1B66AF31DFCD}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{A81B81C7-F976-4FD6-86FC-266F1561CFA6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A1BBACDE-372F-494A-85FD-77F0BA8CCB9D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{2ADCACDB-BB33-424B-A1B4-BE00E6FCE71F}D:\program files (x86)\tixati\tixati.exe] => (Allow) D:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{6FDD830B-58B9-482D-BA83-4B1A41D06812}D:\program files (x86)\tixati\tixati.exe] => (Allow) D:\program files (x86)\tixati\tixati.exe
FirewallRules: [{280DE45E-E607-4424-90FB-43C212B8ACFD}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10\PowerDVD10.exe
FirewallRules: [{CD8560F4-B779-4B89-8518-C65C08589DEE}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{13FB303A-B350-4CAF-B3F3-FAFA430BF437}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{68905393-4545-4E94-BBAA-3DE54C80E379}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{45FA9ABD-0E8B-4198-A43E-1837388EB1A3}D:\program files (x86)\tixati\tixati.exe] => (Allow) D:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{6DC7FB1C-5760-4AF1-986B-862FB5CB799A}D:\program files (x86)\tixati\tixati.exe] => (Allow) D:\program files (x86)\tixati\tixati.exe
FirewallRules: [{B6DEF8DF-E468-485D-8472-18F8541E4EEE}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6BC19F64-FD2E-4E31-A107-49808B6501D0}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E77BA3C8-014D-4B85-A6C4-7E6EFEF05CAD}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2CB98F0C-C1EF-414E-AA32-5E517F33C6B4}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAEC27C3-3A35-488C-BB95-0A8DCFC77616}] => (Allow) D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\bin\x86\Repackager.exe
FirewallRules: [{8DD9A744-12CB-4635-9B36-F78C89D12FCC}] => (Allow) D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\bin\x64\Repackager.exe
FirewallRules: [TCP Query User{496D00E0-201B-422A-93CA-94101DE60557}D:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe] => (Allow) D:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe
FirewallRules: [UDP Query User{5B12AA37-2622-4856-9C48-4E37EB85D452}D:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe] => (Allow) D:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe
FirewallRules: [{48D5302D-029E-49E6-9C87-14591F2425FD}] => (Block) D:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe
FirewallRules: [{FB204D51-E0C4-4185-A713-BF14D8FFE1D8}] => (Block) D:\program files (x86)\sega\outrun2006 coast 2 coast\or2006c2c.exe
FirewallRules: [{76B690F0-40EC-490A-BF52-A30DD7C62679}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe
FirewallRules: [{9E942587-C729-497D-B0A0-0507B6AD8521}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\PowerDVD11.exe
FirewallRules: [{B3046042-ECC0-4492-9E2B-D2F2D14F2F4C}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\PDVD11Serv.exe
FirewallRules: [{426905F9-DEBD-4671-AD56-09186145A393}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
FirewallRules: [{A43D908A-0A15-4388-AEE7-75562EA20C38}] => (Allow) D:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{B8D9D226-22FC-4901-A63F-D162C2A092C7}D:\program files (x86)\winamp\winamp.exe] => (Allow) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{B7EF0699-B0AF-4113-AFE6-DA6040701068}D:\program files (x86)\winamp\winamp.exe] => (Allow) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [{2DD4317F-491B-4337-A75A-B039961CACA2}] => (Block) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [{2052CE11-96C4-4A3F-88B2-00BF6D8DE245}] => (Block) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [{597D3B9F-DB84-4757-ADB1-27D3BFF2FD26}] => (Allow) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe
FirewallRules: [{2B7B2DA5-B951-4423-9C12-9E33421537B3}] => (Allow) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe
FirewallRules: [{3983DA2B-3CE6-4DF6-8150-E393EFB92F14}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{71E896F3-21F8-46B3-981A-BF8A0D7976FE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{F6803287-91C1-4937-9E9F-0BDAD28BA389}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Resident Evil 6 Benchmark Tool\RE6.exe
FirewallRules: [{454D6708-6FCE-4411-8993-4637AD5B8C22}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Resident Evil 6 Benchmark Tool\RE6.exe
FirewallRules: [TCP Query User{092979A1-CC5F-412E-9286-23265A01952E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{22808292-DF38-4C6A-A639-CC91DA223A63}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{01BC68B8-FEEA-4B1F-91E9-C6D3324C6684}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{A88A07F7-C91C-49C4-A9F8-006B383CB507}] => (Allow) %SystemRoot%\ehome\ehsched.exe
FirewallRules: [{298D1074-25DF-44AF-9F36-6BB463D42329}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{22240707-6675-4944-9AE1-160FCB9E9574}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{027C0E9A-7CF4-473A-92DD-CF0497FAA3F4}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{EF872641-F886-497B-AED9-B6939B53838F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{1E21C2F0-B305-42FB-AD8A-A73B0A380027}C:\users\mugsy\appdata\local\join.me\join.me.exe] => (Allow) C:\users\mugsy\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{6FF0AF0C-F71E-4740-A490-0D453F23F117}C:\users\mugsy\appdata\local\join.me\join.me.exe] => (Allow) C:\users\mugsy\appdata\local\join.me\join.me.exe
FirewallRules: [{4CD03800-1731-4878-972A-DE1784DC1874}] => (Block) C:\users\mugsy\appdata\local\join.me\join.me.exe
FirewallRules: [{B47C9E39-6407-461A-9A67-80402B5E2781}] => (Block) C:\users\mugsy\appdata\local\join.me\join.me.exe
FirewallRules: [{3BFB5B3C-6ED0-46E0-B53D-8CD0E4C710F6}] => (Allow) D:\Program Files (x86)\Adobe\Adobe Photoshop CC 2015 (32 Bit)\Photoshop.exe
FirewallRules: [{D1518A05-0003-4E13-AA56-5F14E0D283A7}] => (Allow) D:\Program Files (x86)\Adobe\Adobe Photoshop CC 2015 (32 Bit)\Photoshop.exe
FirewallRules: [{B3994B3F-49DD-431B-AA8B-60D5D729E205}] => (Allow) D:\Program Files (x86)\Adobe\Adobe Photoshop CC 2015 (32 Bit)\Photoshop.exe
FirewallRules: [{CD0AC748-A52E-4D8D-83BE-0D3389F541A0}] => (Allow) D:\Program Files (x86)\Adobe\Adobe Photoshop CC 2015 (32 Bit)\Photoshop.exe
FirewallRules: [{CE9C2A46-DCFE-4592-8BF7-853A6D5A7769}] => (Allow) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe
FirewallRules: [{D35D2213-5A85-4E26-820D-4F719969C655}] => (Allow) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe
FirewallRules: [{2380FFE2-A721-4664-A984-A3DE8D378534}] => (Allow) D:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{08DA0761-D455-478C-8937-7A333A165A01}] => (Allow) D:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{DEED7375-6CA1-41EF-8657-E792513E05F5}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{03E8001B-BF61-4310-AC28-BFA28036A8F9}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{49140A6D-FFE7-4344-A4A2-5DAC49B25588}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{9C68B02A-3621-4085-B22D-1E1A91DED7F0}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{6AF0CA49-5275-4FAC-86BB-8F1202898C69}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{2FCDA6F6-4605-46FE-961A-6B4EF080A5E4}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{65EB7D89-9750-4914-B4DC-FE3E5AEF1540}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{4FDD0070-D303-4EF1-92F7-593ABD4B3154}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{2DF93DFA-7488-478B-BBCF-AD01AB7356AB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{C5F2664D-D0F4-41B7-9E97-43860D347E05}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{64CBF252-361C-4468-A252-EABE5644854B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{4BDBC489-57C2-4BFA-91A7-D494218038F7}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{2DC7799D-14B8-4D50-864C-241E9C4F98BB}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{9C960F1B-E57C-4552-B6C8-7644A6897A6D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{584DF9A9-E211-4BB7-A6B7-BEC0AD028CA5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6C59F2E3-D20B-4183-ABBC-864555700C65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{74B7AA56-7959-420E-8C94-B1333C320D0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9A01BB85-210F-411E-9A19-50F1A044EE66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B1887CDF-8CB1-45C0-947D-5F9CB6EF9867}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BE83B008-128E-40C4-BA73-0748117162D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4E867DB5-CA6F-42A4-9A46-9F24784307E4}] => (Allow) D:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{96536C20-F8CE-4E68-B164-A5F0731152C3}] => (Allow) D:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{92A01B45-F4D2-4FFE-A5D5-5F24B5493454}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{9F398B77-A613-4C12-9D77-F2BD44D72064}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{42FB15CF-B489-4389-817F-89BA40E6EEE0}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{2D5C93E5-D3CD-467B-9871-0A927884C79E}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{6AD41DBD-1615-406A-8EFD-DD1E24A79AB4}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{53DC05C0-FF69-4C18-8160-FBFD70A024AC}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{27BDFD94-CA71-4241-828F-2E1615335544}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{02C0ACC9-7EA7-4E16-AB58-FD49B14F9B43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B60AD9FF-CD8D-4C05-AAB1-51D235155FB8}] => (Allow) D:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{C0B3B89E-CB20-450F-A55C-6DED05EF74B9}] => (Allow) D:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{78BDD377-5699-4562-9E8C-5813DBEB10C3}] => (Allow) D:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{36F00271-34E3-44D0-A3E5-BA6287498790}] => (Allow) D:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{74494F7C-2CC8-4A10-A452-ED91AE4578D6}] => (Allow) D:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{5DB0BEE4-CA5F-4963-88D8-3CF82785CD37}] => (Allow) D:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{12CE72E8-15FA-4948-8090-D08EDEF098B1}] => (Allow) D:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{512A73AD-2178-4367-9E21-D7E07BC9305A}] => (Allow) D:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [TCP Query User{FCED91AF-3A59-4DE9-B19E-1629E549CBD2}C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\mimo.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\mimo.exe
FirewallRules: [UDP Query User{CFB70DA5-B3E6-482D-8130-96F52062CE0F}C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\mimo.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\mimo.exe
FirewallRules: [{6CC8BC54-894C-4306-B0EF-4AE2E249DF30}] => (Allow) D:\Program Files (x86)\VMware\vmware-authd.exe
FirewallRules: [{4FC80843-C9C0-4C3B-994F-976C8DBC1357}] => (Allow) D:\Program Files (x86)\VMware\vmware-authd.exe
FirewallRules: [{547BE97E-E77B-48CE-AEEC-A8350532157A}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{30BBFEF3-6DF2-43AA-886E-CEB69E022512}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{F3371849-85B9-4FC8-BE05-8C4CEAF1627A}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{FF5BB63A-0AC6-4493-8691-69BAC5823735}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{ED027363-B926-4E75-8808-96BC18DE9B26}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{C567117D-8C64-41CB-B6FC-E2A8E2772F8A}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{DCF5BA74-924A-46CE-AED4-062CEDD0A51E}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{5E40660A-6A49-41BA-9053-FC67ADB6841B}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{02F5EDA4-8608-4EB4-82AB-BEB711EAE1C0}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{5FD19FF7-CD2C-4660-899A-5967BCAB5DC5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-03-2018 16:32:36 Pre-malwarebytes cleanup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2018 06:05:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\stubs\x86\ExternalUi.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/08/2018 06:05:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\stubs\x86\setup.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (03/07/2018 05:51:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\stubs\x86\ExternalUi.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/07/2018 05:51:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\stubs\x86\setup.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (03/06/2018 10:01:05 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 9452. Message ID: [0x2509].

Error: (03/06/2018 08:43:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 13276. Message ID: [0x2509].

Error: (03/06/2018 06:16:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\stubs\x86\ExternalUi.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/06/2018 06:16:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Caphyon\Advanced Installer 11.2.1\stubs\x86\setup.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


System errors:
=============
Error: (03/08/2018 01:00:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (03/08/2018 01:00:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/08/2018 12:58:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (03/08/2018 12:58:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/08/2018 12:57:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (03/08/2018 12:57:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/08/2018 12:56:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (03/08/2018 12:56:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


Windows Defender:
===================================
Date: 2015-06-26 06:06:58.018
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-06-26 06:06:58.018
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.193.2869.0
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Full
Current Engine Version:1.1.11202.0
Previous Engine Version:
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2015-06-26 06:06:58.018
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.11202.0
Previous Engine Version:
Update Source:Signature Update Folder
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2014-12-23 06:08:03.391
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2014-12-23 05:51:56.118
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x80070714
Error description:The specified image file did not contain a resource section.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2016-07-03 13:24:45.665
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Benchmarks\Futuremark\3DMark01\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-03 13:24:45.618
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Benchmarks\Futuremark\3DMark01\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-03 13:04:53.284
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Benchmarks\Futuremark\3DMark01\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-03 13:04:53.237
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Benchmarks\Futuremark\3DMark01\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-02 10:05:35.340
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Benchmarks\Futuremark\3DMark01\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-02 10:05:35.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Benchmarks\Futuremark\3DMark01\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-14 14:25:22.106
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-14 14:25:22.076
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 22%
Total physical RAM: 16314.84 MB
Available physical RAM: 12653.67 MB
Total Virtual: 18361 MB
Available Virtual: 14645.36 MB

==================== Drives ================================

Drive c: (ForceGT) (Fixed) (Total:111.69 GB) (Free:20.03 GB) NTFS
Drive d: (Barracuda) (Fixed) (Total:1863.02 GB) (Free:215.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ForceGT2) (Fixed) (Total:79.81 GB) (Free:14.4 GB) NTFS
Drive f: (Data400) (Fixed) (Total:465.75 GB) (Free:127.24 GB) NTFS
Drive r: (Rally 2) (Removable) (Total:29.87 GB) (Free:9.15 GB) NTFS
Drive s: (SANDISK64) (Removable) (Total:61.82 GB) (Free:27.08 GB) FAT32

\\?\Volume{846632bf-a9be-11e7-94ab-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 0850DAA8)
Partition 1: (Active) - (Size=32 GB) - (Type=05)
Partition 2: (Not Active) - (Size=79.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 0003A0E7)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 63346334)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 29.9 GB) (Disk ID: 0002013C)
Partition 1: (Active) - (Size=29.9 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 61.8 GB) (Disk ID: 657D657D)
Partition 1: (Active) - (Size=61.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 09 March 2018 - 10:33 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:51 AM

Posted 09 March 2018 - 10:35 PM

Greetings Mugsy323 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:51 AM

Posted 09 March 2018 - 11:03 PM

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.
  • Please download and install Revo Uninstaller Free
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
IObit
  • Click Yes to any warning screen that may appear
  • If presented with the program uninstall option click Uninstall
  • If asked to restart now click No
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • If prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
  • Reboot your computer into Normal Boot and check the performance
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\MountPoints2: {468fed39-3895-11e5-9d29-005056c00008} - H:\SETUP.EXE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ocjjmndnbgolapgjhbombaldcmgnidkp] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\D:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 esihdrv; \??\C:\Users\Mugsy\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
S3 EUBAKUP0; \??\C:\windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\windows\system32\drivers\EUFDDISK0.sys [X]
2018-03-06 22:18 - 2015-01-07 15:28 - 000000000 ____D C:\Users\Public\AppData\Local\OysterMug
nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
Task: {58E8D7CB-CFB4-4071-845C-8391F43477F3} - \00Daily-News at 5pm -> No File <==== ATTENTION
Task: {60B4F74D-C9F3-4518-A0A1-C3083978936D} - \07Sun-0800-Sunday News shows -> No File <==== ATTENTION
Task: {9F55C31F-16AF-4FBE-9293-2C9698C2D0F1} - \02Tues-1900 -> No File <==== ATTENTION
Task: {B6609B2E-D2B2-4461-84A2-BB85E08B9867} - \04Thu-2000 -> No File <==== ATTENTION
Task: C:\windows\Tasks\McAfee Cleanup.job => C:\Users\Mugsy\AppData\Local\Temp\MCPR\mccleanup.exe
C:\Users\Mugsy\AppData\Local\Temp\MCPR
AlternateDataStreams: C:\windows\System32:{4B9A1497-0817-47C4-9612-D5A1C53ACF57} [26]
FirewallRules: [{DCF5BA74-924A-46CE-AED4-062CEDD0A51E}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{5E40660A-6A49-41BA-9053-FC67ADB6841B}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{02F5EDA4-8608-4EB4-82AB-BEB711EAE1C0}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
2018-03-06 15:46 - 2018-03-06 15:46 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-03-06 15:43 - 2018-03-06 15:43 - 000048807 _____ C:\ProgramData\agent.1520372623.bdinstall.bin
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\windows\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\Users\Mugsy\AppData\Local\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\ProgramData\Trend Micro
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Iobit uninstall?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Mugsy323

Mugsy323
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 09 March 2018 - 11:04 PM

Hey Gary, call me "Mugsy".

 

I look forward to your assistance. Thx.


Edited by Mugsy323, 09 March 2018 - 11:05 PM.


#5 Mugsy323

Mugsy323
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 09 March 2018 - 11:30 PM

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\MountPoints2: {468fed39-3895-11e5-9d29-005056c00008} - H:\SETUP.EXE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ocjjmndnbgolapgjhbombaldcmgnidkp] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\D:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 esihdrv; \??\C:\Users\Mugsy\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
S3 EUBAKUP0; \??\C:\windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\windows\system32\drivers\EUFDDISK0.sys [X]
2018-03-06 22:18 - 2015-01-07 15:28 - 000000000 ____D C:\Users\Public\AppData\Local\OysterMug
nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
Task: {58E8D7CB-CFB4-4071-845C-8391F43477F3} - \00Daily-News at 5pm -> No File <==== ATTENTION
Task: {60B4F74D-C9F3-4518-A0A1-C3083978936D} - \07Sun-0800-Sunday News shows -> No File <==== ATTENTION
Task: {9F55C31F-16AF-4FBE-9293-2C9698C2D0F1} - \02Tues-1900 -> No File <==== ATTENTION
Task: {B6609B2E-D2B2-4461-84A2-BB85E08B9867} - \04Thu-2000 -> No File <==== ATTENTION
Task: C:\windows\Tasks\McAfee Cleanup.job => C:\Users\Mugsy\AppData\Local\Temp\MCPR\mccleanup.exe
C:\Users\Mugsy\AppData\Local\Temp\MCPR
AlternateDataStreams: C:\windows\System32:{4B9A1497-0817-47C4-9612-D5A1C53ACF57} [26]
FirewallRules: [{DCF5BA74-924A-46CE-AED4-062CEDD0A51E}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{5E40660A-6A49-41BA-9053-FC67ADB6841B}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{02F5EDA4-8608-4EB4-82AB-BEB711EAE1C0}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
2018-03-06 15:46 - 2018-03-06 15:46 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-03-06 15:43 - 2018-03-06 15:43 - 000048807 _____ C:\ProgramData\agent.1520372623.bdinstall.bin
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\windows\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\Users\Mugsy\AppData\Local\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\ProgramData\Trend Micro
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Quick question. You instruct me to copy the above script, but never to do anything with it. Do I need to Paste it someplace?

 

The FRST utility does not prompt me to paste that data before Fix runs. Please advise.


Edited by Mugsy323, 09 March 2018 - 11:31 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:51 AM

Posted 10 March 2018 - 03:40 PM

Hi Mugsy.

The information is copied to the clipboard and FRST automatically pulls what it needs from there.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Mugsy323

Mugsy323
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 10 March 2018 - 05:15 PM

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Iobit uninstall?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

After running AdwCleaner, it prompted me to remove a number of PUP's, which I did.

 

After rebooting, I ran it again and it said everything was clean EXCEPT two Firefox extensions related to "IOBit's Advanced System Care", but when I instruct the app to remove them, "Windows Explorer" (the GUI) "crashes" and restarts/reloads. The app then continues and says the extensions have been removed and for me to reboot, but when I return and run it again, it is still claiming the extensions are there. I opened Firefox to verify, but it does not list any such Extensions or Plugins installed. I can't figure out why AdwCleaner is claiming they still are?

 

I doubt two Firefox extensions are to blame for why Windows won't Shutdown/Reboot, but how do I locate/remove Extentions Firefox says are not there?

 

TIA



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:51 AM

Posted 10 March 2018 - 07:29 PM

Don't worry about the Firefox extensions.

I didn't expect these recent steps to resolve the Shutdown/Reboot problem. We needed to address the other stuff first.

Please copy and paste the Fixlog report in your reply. No need to use the Quotes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Mugsy323

Mugsy323
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 11 March 2018 - 07:20 AM

AdwCleaner (Fixlog?) results:

 

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 11 12:17:16 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-08.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.AdvancedSystemCare, Plugin found: Advanced SystemCare Surfing Protection - IObit
PUP.Optional.Legacy, Plugin found: Advanced SystemCare Surfing Protection - IObit


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [7729 B] - [2018/3/10 21:36:30]
C:/AdwCleaner/AdwCleaner[C1].txt - [1588 B] - [2018/3/10 21:40:18]
C:/AdwCleaner/AdwCleaner[C2].txt - [1592 B] - [2018/3/10 21:44:55]
C:/AdwCleaner/AdwCleaner[C3].txt - [1841 B] - [2018/3/10 22:45:7]
C:/AdwCleaner/AdwCleaner[C4].txt - [1912 B] - [2018/3/10 22:47:48]
C:/AdwCleaner/AdwCleaner[C5].txt - [2048 B] - [2018/3/10 22:49:38]
C:/AdwCleaner/AdwCleaner[C6].txt - [3774 B] - [2018/3/10 22:53:38]
C:/AdwCleaner/AdwCleaner[S0].txt - [10786 B] - [2018/3/10 21:24:49]
C:/AdwCleaner/AdwCleaner[S10].txt - [2256 B] - [2018/3/10 22:56:37]
C:/AdwCleaner/AdwCleaner[S1].txt - [9386 B] - [2018/3/10 21:35:22]
C:/AdwCleaner/AdwCleaner[S2].txt - [1649 B] - [2018/3/10 21:39:45]
C:/AdwCleaner/AdwCleaner[S3].txt - [1627 B] - [2018/3/10 21:44:27]
C:/AdwCleaner/AdwCleaner[S4].txt - [1763 B] - [2018/3/10 21:48:8]
C:/AdwCleaner/AdwCleaner[S5].txt - [1645 B] - [2018/3/10 21:55:4]
C:/AdwCleaner/AdwCleaner[S6].txt - [1712 B] - [2018/3/10 22:43:45]
C:/AdwCleaner/AdwCleaner[S7].txt - [1752 B] - [2018/3/10 22:47:31]
C:/AdwCleaner/AdwCleaner[S8].txt - [1888 B] - [2018/3/10 22:49:17]
C:/AdwCleaner/AdwCleaner[S9].txt - [3828 B] - [2018/3/10 22:52:57]


########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt ##########



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:51 AM

Posted 11 March 2018 - 02:29 PM

Greetings.

If you haven't removed the items identified in the AdwCleaner log please do so. Run the program again if necessary.

The Fixlog will probably be found in the D:\Install folder. It was created after you completed the Fix.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Mugsy323

Mugsy323
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 11 March 2018 - 04:25 PM

If you haven't removed the items identified in the AdwCleaner log please do so. Run the program again if necessary.

The Fixlog will probably be found in the D:\Install folder. It was created after you completed the Fix.

Five posts above, I told you they refuse to go away (even after multiple attempts.)

 

Four posts above, you told me not to worry about it. :(

 

Which program creates a log named "Fixlog"? Farbar only creates FRST & Addition.


Edited by Mugsy323, 11 March 2018 - 04:34 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:51 AM

Posted 11 March 2018 - 06:00 PM

Sorry about Iobit.

Did you run this step? I clarified you don't have to paste the information anywhere. If completed, it should have created a Fixlog report showing what FRST was able to fix.
 

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\MountPoints2: {468fed39-3895-11e5-9d29-005056c00008} - H:\SETUP.EXE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ocjjmndnbgolapgjhbombaldcmgnidkp] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\D:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 esihdrv; \??\C:\Users\Mugsy\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
S3 EUBAKUP0; \??\C:\windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\windows\system32\drivers\EUFDDISK0.sys [X]
2018-03-06 22:18 - 2015-01-07 15:28 - 000000000 ____D C:\Users\Public\AppData\Local\OysterMug
nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
Task: {58E8D7CB-CFB4-4071-845C-8391F43477F3} - \00Daily-News at 5pm -> No File <==== ATTENTION
Task: {60B4F74D-C9F3-4518-A0A1-C3083978936D} - \07Sun-0800-Sunday News shows -> No File <==== ATTENTION
Task: {9F55C31F-16AF-4FBE-9293-2C9698C2D0F1} - \02Tues-1900 -> No File <==== ATTENTION
Task: {B6609B2E-D2B2-4461-84A2-BB85E08B9867} - \04Thu-2000 -> No File <==== ATTENTION
Task: C:\windows\Tasks\McAfee Cleanup.job => C:\Users\Mugsy\AppData\Local\Temp\MCPR\mccleanup.exe
C:\Users\Mugsy\AppData\Local\Temp\MCPR
AlternateDataStreams: C:\windows\System32:{4B9A1497-0817-47C4-9612-D5A1C53ACF57} [26]
FirewallRules: [{DCF5BA74-924A-46CE-AED4-062CEDD0A51E}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{5E40660A-6A49-41BA-9053-FC67ADB6841B}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{02F5EDA4-8608-4EB4-82AB-BEB711EAE1C0}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
2018-03-06 15:46 - 2018-03-06 15:46 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-03-06 15:43 - 2018-03-06 15:43 - 000048807 _____ C:\ProgramData\agent.1520372623.bdinstall.bin
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\windows\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\Users\Mugsy\AppData\Local\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\ProgramData\Trend Micro
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Mugsy323

Mugsy323
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 12 March 2018 - 08:16 AM

Sorry about Iobit.

Did you run this step?

Yes. I selected the script, right-clicked and did "Copy" before performing "Fix".



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:51 AM

Posted 12 March 2018 - 08:19 AM

Please run the step again and it should create a Fixlog.txt document in the same folder that contains FRST64. Copy and paste that report in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Mugsy323

Mugsy323
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:03:51 AM

Posted 12 March 2018 - 10:19 AM

My mistake. I copied the script and ran AdwCleaner, not Farbar. :blush: Here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by Mugsy (12-03-2018 10:12:22) Run:1
Running from F:\Temp
Loaded Profiles: Mugsy (Available Profiles: Mugsy & Ambrosia)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\...\MountPoints2: {468fed39-3895-11e5-9d29-005056c00008} - H:\SETUP.EXE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ocjjmndnbgolapgjhbombaldcmgnidkp] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CrystalSysInfo; \??\D:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 esihdrv; \??\C:\Users\Mugsy\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
S3 EUBAKUP0; \??\C:\windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\windows\system32\drivers\EUFDDISK0.sys [X]
2018-03-06 22:18 - 2015-01-07 15:28 - 000000000 ____D C:\Users\Public\AppData\Local\OysterMug
nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
Task: {58E8D7CB-CFB4-4071-845C-8391F43477F3} - \00Daily-News at 5pm -> No File <==== ATTENTION
Task: {60B4F74D-C9F3-4518-A0A1-C3083978936D} - \07Sun-0800-Sunday News shows -> No File <==== ATTENTION
Task: {9F55C31F-16AF-4FBE-9293-2C9698C2D0F1} - \02Tues-1900 -> No File <==== ATTENTION
Task: {B6609B2E-D2B2-4461-84A2-BB85E08B9867} - \04Thu-2000 -> No File <==== ATTENTION
Task: C:\windows\Tasks\McAfee Cleanup.job => C:\Users\Mugsy\AppData\Local\Temp\MCPR\mccleanup.exe
C:\Users\Mugsy\AppData\Local\Temp\MCPR
AlternateDataStreams: C:\windows\System32:{4B9A1497-0817-47C4-9612-D5A1C53ACF57} [26]
FirewallRules: [{DCF5BA74-924A-46CE-AED4-062CEDD0A51E}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{5E40660A-6A49-41BA-9053-FC67ADB6841B}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{02F5EDA4-8608-4EB4-82AB-BEB711EAE1C0}] => (Allow) C:\Users\Mugsy\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
2018-03-06 15:46 - 2018-03-06 15:46 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-03-06 15:43 - 2018-03-06 15:43 - 000048807 _____ C:\ProgramData\agent.1520372623.bdinstall.bin
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\windows\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\Users\Mugsy\AppData\Local\Trend Micro
2018-03-06 11:53 - 2018-03-06 11:53 - 000000000 ____D C:\ProgramData\Trend Micro
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2748314351-3383516761-2200278533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{468fed39-3895-11e5-9d29-005056c00008}" => not found
HKLM\Software\Classes\CLSID\{468fed39-3895-11e5-9d29-005056c00008} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ocjjmndnbgolapgjhbombaldcmgnidkp => not found
catchme => service not found.
CrystalSysInfo => service not found.
esihdrv => service not found.
EUBAKUP0 => service not found.
EUBKMON0 => service not found.
EUFDDISK0 => service not found.
C:\Users\Public\AppData\Local\OysterMug => moved successfully

=========================  bcdedit ========================


An error occurred while attempting to delete the specified data element.
Element not found.

========= End of bcdedit =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58E8D7CB-CFB4-4071-845C-8391F43477F3} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\00Daily-News at 5pm => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B4F74D-C9F3-4518-A0A1-C3083978936D} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\07Sun-0800-Sunday News shows => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F55C31F-16AF-4FBE-9293-2C9698C2D0F1} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\02Tues-1900 => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6609B2E-D2B2-4461-84A2-BB85E08B9867} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04Thu-2000 => could not remove. Access Denied.
"C:\windows\Tasks\McAfee Cleanup.job" => not found
"C:\Users\Mugsy\AppData\Local\Temp\MCPR" => not found
"C:\windows\System32" => ":{4B9A1497-0817-47C4-9612-D5A1C53ACF57}" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCF5BA74-924A-46CE-AED4-062CEDD0A51E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E40660A-6A49-41BA-9053-FC67ADB6841B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02F5EDA4-8608-4EB4-82AB-BEB711EAE1C0}" => not found
"C:\Program Files\Bitdefender Antivirus Free" => not found
"C:\ProgramData\agent.1520372623.bdinstall.bin" => not found
"C:\windows\Trend Micro" => not found
"C:\Users\Mugsy\AppData\Local\Trend Micro" => not found
"C:\ProgramData\Trend Micro" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54516857 B
Java, Flash, Steam htmlcache => 1533 B
Windows/system/drivers => 502312 B
Edge => 0 B
Chrome => 13470135 B
Firefox => 393554863 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 0 B
Mugsy => 7964929 B
Ambrosia => 189589 B

RecycleBin => 624365510 B
EmptyTemp: => 1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2018 10:14:38)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58E8D7CB-CFB4-4071-845C-8391F43477F3} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\00Daily-News at 5pm => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B4F74D-C9F3-4518-A0A1-C3083978936D} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\07Sun-0800-Sunday News shows => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F55C31F-16AF-4FBE-9293-2C9698C2D0F1} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\02Tues-1900 => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6609B2E-D2B2-4461-84A2-BB85E08B9867} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04Thu-2000 => could not remove. Access Denied.

==== End of Fixlog 10:14:38 ====

 

TIA

 

PS: The HKLM entries in braces don't exist. The others were created by me, so I know they are okay. I previously locked the Task Scheduler to prevent other apps from modifying/adding tasks.


Edited by Mugsy323, 12 March 2018 - 10:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users