Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

this file inde.exe keep and reappearing


  • This topic is locked This topic is locked
4 replies to this topic

#1 fess12

fess12

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 09 March 2018 - 10:19 AM

i have deleted inde.exe many time via safe mode but come back again when normal windows is running. 

 

Steps taken so far:

Rkill scanned and deleted and detected malware

MB scanned twice. First time showed 86 threats deleted all 2nd time scanned and no threats.

ADW cleaner scanned and clean.

hitman pro scanned and deleted any threats. 

 

But this particular one keeps and coming back.

 

ive downloaded frst and attaching the scanned reports.

 

plezzzzz heeelllppppp

Attached Files



BC AdBot (Login to Remove)

 


#2 fess12

fess12
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 10 March 2018 - 08:09 AM

i have deleted inde.exe many times via safe mode but comes back again when normal windows is running. 
 
Steps taken so far:
 
Rkill scanned and deleted and detected malware
MB scanned twice. First time showed 86 threats deleted all 2nd time scanned and no threats.
ADW cleaner scanned and clean.
hitman pro scanned and deleted any threats. 
 
But this particular one keeps and coming back.
 
ive downloaded FRST and attaching the scanned reports.
 
plezzzzz heeelllppppp
 
Attached Files

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Fess Laptop (administrator) on FESSLAPTOP (09-03-2018 17:42:48)
Running from C:\Users\Fess Laptop\Downloads
Loaded Profiles: Fess Laptop & (Available Profiles: Fess Laptop & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Fess Laptop\AppData\Local\inde.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe
() C:\Users\Fess Laptop\AppData\Local\inde.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
() C:\Users\Fess Laptop\AppData\Local\inde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
() C:\Users\Fess Laptop\AppData\Local\inde.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
() C:\Users\Fess Laptop\AppData\Local\inde.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
() C:\Users\Fess Laptop\AppData\Local\inde.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-12-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-12-18] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\...\MountPoints2: {2c1efd9a-9ac8-11e6-87ba-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\...\MountPoints2: {2c1efd9a-9ac8-11e6-87ba-806e6f6e6963} - D:\AUTORUN.EXE
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{585C1AAA-E67A-4D15-AF52-991A8C6681EA}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{90317E1B-E9B1-4640-863C-E4C81F8BA936}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B0E90B96-AB66-40E6-A771-A577CA5B53D5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{BA787E6A-8B78-4545-84D5-74891D5E50AC}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{CC358DE7-EF47-4DD2-A173-B365D4B1AF93}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-1423214336-1649143779-1014254708-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-01-28] (AO Kaspersky Lab)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-01-28] (AO Kaspersky Lab)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fess Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8su8vct8.default [2018-03-09]
FF Homepage: Mozilla\Firefox\Profiles\8su8vct8.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-01-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: CMSClientPlugin -> C:\Program Files (x86)\VideoClient Plug-in\npKTIE.dll [2016-07-08] ()

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Fess Laptop\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\Fess Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2018-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Fess Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-09]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S4 DetectionManager; C:\Program Files (x86)\Ford Motor Company\IDS\Runtime\DetectionManager.exe [384512 2013-07-18] (SPX Diagnostic Solutions) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-02-13] (Digital Wave Ltd.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
S4 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe [426416 2018-01-28] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S4 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2015-12-18] (O2Micro International)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [39296 2017-12-12] ()
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-10-25] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare)
S4 TDSNetSetup; "C:\Program Files (x86)\Common Files\Teradyne\TDSNetSetup.exe" "C:\Program Files (x86)\Ford Motor Company\IDS\Runtime"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [103184 2015-12-18] (Ericsson AB)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2015-12-18] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2015-12-18] (Ericsson AB)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-03-09] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2015-12-18] (Intel Corporation)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [22416 2018-01-11] (IObit.com)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-24] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-02-21] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206040 2018-01-28] (AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\DRIVERS\klhk.sys [350944 2018-01-28] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1072840 2018-02-21] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57024 2018-02-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-12-24] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-12-24] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [140000 2017-12-24] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-24] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-09] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-09] (Malwarebytes)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [443648 2015-12-18] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [455936 2015-12-18] (MCCI Corporation)
S3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2015-12-18] (Intel Corporation)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2017-08-26] (Riverbed Technology, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2015-12-18] (Novatel Wireless Inc)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2015-12-18] (Novatel Wireless Inc.)
S3 sbusb_vista; C:\Windows\SysWOW64\DRIVERS\sbusb_vista.sys [104576 2013-07-18] (Microsoft Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [69896 2015-12-18] (STMicroelectronics)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2015-12-18] (STMicroelectronics)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [211704 2018-01-15] (Oracle Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2016-04-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 17:30 - 2018-03-09 17:30 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-09 17:30 - 2018-03-09 17:30 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-09 17:30 - 2018-03-09 17:30 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-09 17:30 - 2018-03-09 17:30 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-09 17:30 - 2018-03-09 17:30 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-09 17:30 - 2018-03-09 17:30 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-09 17:30 - 2018-03-09 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-09 17:30 - 2018-01-18 08:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-09 16:03 - 2018-03-09 16:03 - 000065848 _____ C:\Users\Fess Laptop\Downloads\Shortcut.txt
2018-03-09 15:06 - 2018-03-09 16:03 - 000054388 _____ C:\Users\Fess Laptop\Downloads\Addition.txt
2018-03-09 15:05 - 2018-03-09 17:43 - 000022330 _____ C:\Users\Fess Laptop\Downloads\FRST.txt
2018-03-09 15:05 - 2018-03-09 17:42 - 000000000 ____D C:\FRST
2018-03-09 15:04 - 2018-03-09 15:04 - 002403328 _____ (Farbar) C:\Users\Fess Laptop\Downloads\FRST64.exe
2018-03-09 14:57 - 2018-03-09 14:57 - 000001370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2018-03-09 14:57 - 2018-03-09 14:57 - 000001358 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-03-09 14:57 - 2018-03-09 14:57 - 000000000 ____D C:\Users\Fess Laptop\AppData\LocalLow\IObit
2018-03-09 14:57 - 2018-03-09 14:57 - 000000000 ____D C:\ProgramData\ProductData
2018-03-09 14:57 - 2018-03-09 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2018-03-09 14:56 - 2018-03-09 14:59 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\IObit
2018-03-09 14:56 - 2018-03-09 14:57 - 000000000 ____D C:\ProgramData\IObit
2018-03-09 14:56 - 2018-03-09 14:56 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-09 14:55 - 2018-03-09 14:55 - 015299088 _____ (IObit ) C:\Users\Fess Laptop\Downloads\iobituninstaller.exe
2018-03-09 14:51 - 2018-03-09 14:51 - 000000004 ____H C:\ProgramData\cm-lock
2018-03-09 14:47 - 2018-03-09 14:48 - 000000000 ____D C:\Users\Fess Laptop\Downloads\backups
2018-03-09 14:45 - 2018-03-09 14:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\Fess Laptop\Downloads\HijackThis.exe
2018-03-09 14:41 - 2018-03-06 21:23 - 000139264 _____ C:\Users\Fess Laptop\AppData\Local\inde.exe
2018-03-09 14:30 - 2018-03-09 14:30 - 000004062 _____ C:\Windows\system32\.crusader
2018-03-09 14:18 - 2018-03-09 14:33 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-03-09 12:44 - 2018-03-09 12:44 - 000000000 ____D C:\Users\Fess Laptop\Desktop\regis
2018-03-09 12:00 - 2018-03-09 12:00 - 000221662 _____ C:\Users\Fess Laptop\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-03-09 11:41 - 2018-03-09 11:43 - 000003366 _____ C:\Users\Fess Laptop\Desktop\Rkill.txt
2018-03-09 00:41 - 2018-03-09 00:41 - 000141392 _____ C:\Users\Fess Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-09 00:19 - 2018-03-09 00:19 - 000000032 _____ C:\Users\Fess Laptop\Downloads\Malwarebytes Serial Key.txt
2018-03-09 00:01 - 2018-03-09 14:30 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-08 23:58 - 2018-03-09 14:31 - 000000000 ____D C:\Windows\pss
2018-03-08 23:53 - 2018-03-09 14:51 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2018-03-08 23:46 - 2018-03-08 23:47 - 011605440 _____ (SurfRight B.V.) C:\Users\Fess Laptop\Downloads\HitmanPro_x64.exe
2018-03-08 23:45 - 2018-03-09 11:39 - 000000000 ____D C:\AdwCleaner
2018-03-08 23:45 - 2018-03-08 23:45 - 008222496 _____ (Malwarebytes) C:\Users\Fess Laptop\Downloads\adwcleaner_7.0.8.0.exe
2018-03-08 22:17 - 2018-03-09 00:00 - 000008224 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2018-03-08 22:13 - 2018-03-08 22:13 - 000000000 ____D C:\ProgramData\Wondershare
2018-03-08 11:40 - 2018-03-09 11:35 - 000000000 ____D C:\Users\Fess Laptop\Desktop\Corel
2018-03-06 22:41 - 2018-03-09 00:34 - 000929980 _____ C:\Windows\ntbtlog.txt
2018-03-06 22:29 - 2018-03-06 22:29 - 000003932 _____ C:\Windows\System32\Tasks\dataset devlin playlists
2018-03-06 22:29 - 2018-03-06 22:29 - 000003898 _____ C:\Windows\System32\Tasks\warms_voorhies
2018-03-06 22:29 - 2018-03-06 22:29 - 000003896 _____ C:\Windows\System32\Tasks\haugen kafkaesque
2018-03-06 22:29 - 2018-03-06 22:29 - 000003894 _____ C:\Windows\System32\Tasks\asher-reasearch
2018-03-06 22:29 - 2018-03-06 22:29 - 000003890 _____ C:\Windows\System32\Tasks\federate_severly
2018-03-06 22:29 - 2018-03-06 22:29 - 000003860 _____ C:\Windows\System32\Tasks\burbank
2018-03-06 22:29 - 2018-03-06 22:29 - 000003850 _____ C:\Windows\System32\Tasks\bushed
2018-03-06 22:29 - 2018-03-06 22:29 - 000003786 _____ C:\Windows\System32\Tasks\tsdataset devlin playlistsdataset devlin playlists
2018-03-06 22:29 - 2018-03-06 22:29 - 000003754 _____ C:\Windows\System32\Tasks\tshaugen kafkaesquehaugen kafkaesque
2018-03-06 22:29 - 2018-03-06 22:29 - 000003752 _____ C:\Windows\System32\Tasks\tswarms_voorhieswarms_voorhies
2018-03-06 22:29 - 2018-03-06 22:29 - 000003752 _____ C:\Windows\System32\Tasks\tsasher-reasearchasher-reasearch
2018-03-06 22:29 - 2018-03-06 22:29 - 000003744 _____ C:\Windows\System32\Tasks\tsfederate_severlyfederate_severly
2018-03-06 22:29 - 2018-03-06 22:29 - 000003718 _____ C:\Windows\System32\Tasks\tsburbankburbank
2018-03-06 22:29 - 2018-03-06 22:29 - 000003708 _____ C:\Windows\System32\Tasks\tsbushedbushed
2018-03-06 22:29 - 2018-03-06 22:29 - 000000012 _____ C:\Windows\b31513833
2018-03-06 21:23 - 2018-03-06 21:23 - 000139264 _____ C:\Windows\luisa.exe
2018-03-06 11:56 - 2018-03-06 11:56 - 002141137 _____ C:\Users\Fess Laptop\Downloads\Proofs_Out_06_17182_Jojo_Chicken_Backlits_+_posters.zip
2018-03-05 16:57 - 2018-03-05 16:57 - 009359576 _____ (TorrentRover) C:\Users\Fess Laptop\Downloads\TorrentRoverSetup.exe
2018-03-05 12:04 - 2018-03-05 12:04 - 001747250 _____ C:\Users\Fess Laptop\Downloads\Fwd%3a_Proofs_Out_05_17182_Jojo_Chicken_Backlit.zip
2018-03-05 12:01 - 2018-03-05 12:01 - 000004250 _____ C:\Windows\System32\Tasks\F091FC88-B51A-5C3E-983B-6B163A146B38
2018-03-03 21:18 - 2018-03-03 21:18 - 000000000 ___RD C:\Users\Fess Laptop\Creative Cloud Files
2018-02-28 12:07 - 2018-02-28 12:07 - 002721168 _____ (Microsoft Corporation) C:\Users\Fess Laptop\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-GB.exe
2018-02-28 12:07 - 2018-02-28 12:07 - 000002554 _____ C:\Users\Fess Laptop\Desktop\Windows 7 USB DVD Download Tool.lnk
2018-02-28 12:07 - 2018-02-28 12:07 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2018-02-28 12:07 - 2018-02-28 12:07 - 000000000 ____D C:\Users\Fess Laptop\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2018-02-28 12:06 - 2018-02-28 12:06 - 030520325 _____ C:\Users\Fess Laptop\Downloads\wudt.zip
2018-02-28 12:03 - 2018-02-28 12:03 - 000003518 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-FessLaptop-Fess Laptop
2018-02-28 12:01 - 2018-02-28 12:01 - 000003474 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-FessLaptop-Fess Laptop
2018-02-28 12:00 - 2018-02-28 12:00 - 000000000 ____D C:\Users\Fess Laptop\Documents\Adobe
2018-02-28 11:56 - 2018-03-05 16:37 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-02-28 11:45 - 2018-02-28 11:58 - 2188029952 _____ C:\Users\Fess Laptop\Downloads\_Getintopc.com_Corel_Draw_Graphics_Suite_X8.iso
2018-02-28 11:41 - 2018-02-28 11:52 - 000000000 ___HD C:\Users\Fess Laptop\AppData\Local\SysHashTable
2018-02-28 11:30 - 2018-02-28 11:34 - 000000000 ____D C:\Users\Fess Laptop\Desktop\[nextorrent.net] Adobe Photoshop CC 2017 18.0 x64
2018-02-27 22:17 - 2018-03-09 14:40 - 000000000 ____D C:\Users\Fess Laptop\AppData\LocalLow\uTorrent
2018-02-27 21:30 - 2018-02-27 21:30 - 000003934 _____ C:\Windows\System32\Tasks\abnormally brassieres o
2018-02-27 21:30 - 2018-02-27 21:30 - 000003928 _____ C:\Windows\System32\Tasks\embolus_manipulators
2018-02-27 21:30 - 2018-02-27 21:30 - 000003906 _____ C:\Windows\System32\Tasks\improvised-kaylie
2018-02-27 21:30 - 2018-02-27 21:30 - 000003896 _____ C:\Windows\System32\Tasks\neurotics uzis
2018-02-27 21:30 - 2018-02-27 21:30 - 000003874 _____ C:\Windows\System32\Tasks\chlorine
2018-02-27 21:30 - 2018-02-27 21:30 - 000003874 _____ C:\Windows\System32\Tasks\caro_banjo
2018-02-27 21:30 - 2018-02-27 21:30 - 000003860 _____ C:\Windows\System32\Tasks\scrub
2018-02-27 21:30 - 2018-02-27 21:30 - 000003760 _____ C:\Windows\System32\Tasks\gaimprovised-kaylieimprovised-kaylie
2018-02-27 21:30 - 2018-02-27 21:30 - 000003728 _____ C:\Windows\System32\Tasks\gacaro_banjocaro_banjo
2018-02-27 21:30 - 2018-02-27 21:30 - 000003714 _____ C:\Windows\System32\Tasks\gascrubscrub
2018-02-27 21:29 - 2018-02-27 21:30 - 000000012 _____ C:\Windows\b8304383
2018-02-27 21:29 - 2018-02-27 21:29 - 000003788 _____ C:\Windows\System32\Tasks\gaabnormally brassieres oabnormally brassieres o
2018-02-27 21:29 - 2018-02-27 21:29 - 000003782 _____ C:\Windows\System32\Tasks\gaembolus_manipulatorsembolus_manipulators
2018-02-27 21:29 - 2018-02-27 21:29 - 000003750 _____ C:\Windows\System32\Tasks\ganeurotics uzisneurotics uzis
2018-02-27 21:29 - 2018-02-27 21:29 - 000003728 _____ C:\Windows\System32\Tasks\gachlorinechlorine
2018-02-22 13:33 - 2018-02-22 13:33 - 000210870 _____ C:\Users\Fess Laptop\Documents\print 2.xps
2018-02-22 13:33 - 2018-02-22 13:33 - 000156127 _____ C:\Users\Fess Laptop\Documents\print 4.xps
2018-02-22 13:33 - 2018-02-22 13:33 - 000148801 _____ C:\Users\Fess Laptop\Documents\print 3.xps
2018-02-22 13:33 - 2018-02-22 13:33 - 000000000 ____D C:\Users\Fess Laptop\AppData\LocalLow\Temp
2018-02-22 13:06 - 2018-02-22 13:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2018-02-08 22:59 - 2018-02-08 22:59 - 000000705 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-02-08 22:59 - 2018-02-08 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-02-08 22:59 - 2018-01-15 15:59 - 000972192 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2018-02-08 22:59 - 2018-01-15 15:59 - 000157672 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2018-02-08 22:20 - 2018-02-08 22:35 - 000000000 ____D C:\Users\Fess Laptop\AppData\Local\New Technology Studio
2018-02-08 22:18 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2018-02-08 22:18 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2018-02-08 22:18 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2018-02-08 22:18 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2018-02-08 22:18 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2018-02-08 22:18 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2018-02-08 22:18 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2018-02-08 22:18 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2018-02-08 22:18 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2018-02-08 22:18 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2018-02-08 22:18 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2018-02-08 22:18 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2018-02-08 22:18 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2018-02-08 22:18 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2018-02-08 22:18 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2018-02-08 22:18 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2018-02-08 22:18 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2018-02-08 22:18 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2018-02-08 22:18 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2018-02-08 22:18 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2018-02-08 22:18 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2018-02-08 22:18 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2018-02-08 22:18 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2018-02-08 22:18 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2018-02-08 22:18 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2018-02-08 22:18 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2018-02-08 22:18 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2018-02-08 22:17 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2018-02-08 22:17 - 2008-10-10 04:52 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2018-02-08 22:17 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2018-02-08 22:17 - 2008-10-10 04:52 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2018-02-08 22:17 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2018-02-08 22:17 - 2008-10-10 04:52 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2018-02-08 22:17 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2018-02-08 22:17 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2018-02-08 22:17 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2018-02-08 22:17 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2018-02-08 22:17 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2018-02-08 22:17 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2018-02-08 22:17 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2018-02-08 22:17 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-02-08 22:17 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2018-02-08 22:17 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-02-08 22:17 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2018-02-08 22:17 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-02-08 22:17 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2018-02-08 22:17 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2018-02-08 22:17 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2018-02-08 22:17 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2018-02-08 22:17 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2018-02-08 22:17 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2018-02-08 22:17 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2018-02-08 22:17 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2018-02-08 22:17 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2018-02-08 22:17 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2018-02-08 22:17 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2018-02-08 22:17 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2018-02-08 22:17 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2018-02-08 22:17 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2018-02-08 22:17 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2018-02-08 22:17 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2018-02-08 22:17 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2018-02-08 22:17 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2018-02-08 22:17 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2018-02-08 22:17 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2018-02-08 22:17 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2018-02-08 22:17 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2018-02-08 22:17 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2018-02-08 22:17 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2018-02-08 22:17 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2018-02-08 22:17 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2018-02-08 22:17 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2018-02-08 22:17 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2018-02-08 22:17 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2018-02-08 22:17 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2018-02-08 22:17 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2018-02-08 22:17 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2018-02-08 22:17 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2018-02-08 22:17 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2018-02-08 22:17 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2018-02-08 22:17 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2018-02-08 22:17 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2018-02-08 22:17 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2018-02-08 22:17 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2018-02-08 22:17 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2018-02-08 22:17 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2018-02-08 22:17 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2018-02-08 22:17 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2018-02-08 22:17 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2018-02-08 22:17 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2018-02-08 22:17 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2018-02-08 22:17 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2018-02-08 22:17 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2018-02-08 22:17 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2018-02-08 22:17 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2018-02-08 22:17 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2018-02-08 22:17 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2018-02-08 22:17 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2018-02-08 22:17 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2018-02-08 22:17 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2018-02-08 22:17 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2018-02-08 22:17 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-02-08 22:17 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2018-02-08 22:17 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2018-02-08 22:17 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2018-02-08 22:17 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2018-02-08 22:17 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2018-02-08 22:17 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2018-02-08 22:17 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2018-02-08 22:17 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2018-02-08 22:17 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2018-02-08 22:17 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2018-02-08 22:17 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2018-02-08 22:17 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2018-02-08 22:17 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-02-08 22:17 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-02-08 22:17 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2018-02-08 22:17 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2018-02-08 22:17 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2018-02-08 22:17 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-02-08 22:17 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2018-02-08 22:17 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2018-02-08 22:17 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2018-02-08 22:17 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2018-02-08 22:17 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2018-02-08 22:17 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2018-02-08 22:17 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2018-02-08 22:17 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2018-02-08 22:15 - 2018-02-08 22:18 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-02-08 22:15 - 2018-02-08 22:15 - 000000000 ___HD C:\Windows\msdownld.tmp
2018-02-08 22:10 - 2018-02-08 22:10 - 000000000 ____D C:\Program Files (x86)\7-Zip
2018-02-08 12:03 - 2018-02-08 12:03 - 113828696 _____ (Oracle Corporation) C:\Users\Fess Laptop\Downloads\VirtualBox-5.2.6-120293-Win.exe
2018-02-08 11:28 - 2018-02-08 11:28 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 11:28 - 2018-02-08 11:28 - 000002130 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 17:22 - 2016-12-31 01:26 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-09 17:14 - 2016-11-07 15:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-09 17:14 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\NDF
2018-03-09 16:50 - 2017-06-18 12:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-09 15:45 - 2018-01-28 14:33 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-03-09 15:00 - 2009-07-14 04:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-09 15:00 - 2009-07-14 04:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-09 14:51 - 2017-01-02 20:00 - 000000000 ____D C:\ProgramData\VMware
2018-03-09 14:50 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-09 14:49 - 2016-10-26 13:46 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\uTorrent
2018-03-09 14:46 - 2016-10-25 16:47 - 000000000 ____D C:\Users\Fess Laptop\AppData\Local\VirtualStore
2018-03-09 14:45 - 2016-10-26 14:02 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\vlc
2018-03-09 14:36 - 2017-04-03 14:58 - 000000000 ___RD C:\Users\Fess Laptop\Google Drive
2018-03-09 14:36 - 2016-12-05 21:47 - 000000000 ___RD C:\Users\Fess Laptop\iCloudDrive
2018-03-09 14:30 - 2018-01-28 14:32 - 000000000 ____D C:\Users\Fess Laptop\Downloads\Kaspersky Internet Security 2017 Final + Crack Till 2017
2018-03-08 21:48 - 2017-06-18 12:02 - 000000000 ____D C:\Users\Fess Laptop\AppData\LocalLow\Mozilla
2018-03-08 11:58 - 2018-01-31 21:40 - 000000000 ____D C:\Users\Fess Laptop\Downloads\Microsoft Office 2010 Professional Plus SP2 14.0.7173.5001 (x86x64) en-us Sept2016-=TEAM OS=-
2018-03-08 11:58 - 2017-02-23 16:28 - 000000000 ____D C:\Users\Fess Laptop\Downloads\Microsoft Office Professional Plus 2016 (x86x64) v16.0.4456.1003 Jan2017-=TEAM OS=-
2018-03-06 22:45 - 2016-10-25 16:47 - 000000000 ____D C:\Users\Fess Laptop
2018-03-06 22:24 - 2016-10-26 13:17 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-05 16:59 - 2016-11-07 18:29 - 000003061 _____ C:\Users\Fess Laptop\Desktop\TorrentRover.lnk
2018-03-05 16:59 - 2016-11-07 18:29 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TorrentRover
2018-03-05 16:59 - 2016-11-07 18:29 - 000000000 ____D C:\Program Files (x86)\TorrentRover
2018-03-05 16:52 - 2016-12-22 04:33 - 000000000 ____D C:\TEMP
2018-03-05 16:52 - 2016-10-26 13:16 - 000000000 ____D C:\ProgramData\Adobe
2018-03-05 16:51 - 2016-10-26 13:18 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\Adobe
2018-03-05 16:16 - 2016-10-26 13:16 - 000000000 ____D C:\Users\Fess Laptop\AppData\Local\Adobe
2018-03-03 21:11 - 2016-11-30 20:53 - 000000154 _____ C:\Windows\ODBC.INI
2018-02-28 12:01 - 2009-07-14 05:13 - 000785510 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-28 12:01 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2018-02-28 12:00 - 2016-11-01 13:12 - 000000440 __RSH C:\ProgramData\ntuser.pol
2018-02-27 21:46 - 2017-12-12 20:05 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2018-02-22 13:10 - 2017-03-30 15:02 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-02-21 15:58 - 2018-01-28 14:32 - 001072840 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-02-21 15:58 - 2016-10-11 14:14 - 000057024 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2018-02-21 15:57 - 2017-12-24 04:58 - 000119496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-02-13 21:27 - 2017-09-20 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-02-13 21:27 - 2017-04-03 14:57 - 000002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-02-13 21:27 - 2017-04-03 14:57 - 000002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-02-13 21:27 - 2017-04-03 14:57 - 000002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-02-12 14:37 - 2016-11-09 17:41 - 000000590 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2018-02-12 14:37 - 2016-11-09 17:41 - 000000000 ____D C:\ProgramData\Delphi
2018-02-12 14:36 - 2016-11-09 17:41 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\Delphi
2018-02-10 17:13 - 2017-01-02 20:03 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\VMware
2018-02-10 17:13 - 2017-01-02 20:03 - 000000000 ____D C:\Users\Fess Laptop\AppData\Local\VMware
2018-02-10 15:59 - 2017-01-02 20:05 - 000000000 ____D C:\Users\Fess Laptop\Documents\Virtual Machines
2018-02-10 13:48 - 2016-12-29 15:04 - 000000000 ____D C:\Users\Fess Laptop\.VirtualBox
2018-02-09 12:09 - 2016-12-29 15:05 - 000000000 ____D C:\Users\Fess Laptop\VirtualBox VMs
2018-02-08 22:51 - 2018-02-03 13:20 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-02-08 22:49 - 2017-06-05 22:53 - 000002285 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-08 22:49 - 2017-06-05 22:53 - 000002255 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2018-02-08 12:00 - 2016-11-01 20:23 - 000001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-02-08 12:00 - 2016-11-01 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-02-08 11:45 - 2017-12-24 14:05 - 000000000 ____D C:\Users\Fess Laptop\AppData\Roaming\TunnelBear
2018-02-08 11:39 - 2016-10-26 14:24 - 000000000 ____D C:\Users\Fess Laptop\Movies
2018-02-08 11:28 - 2017-01-23 16:39 - 000000000 ____D C:\Program Files\Google
2018-02-08 11:27 - 2018-02-04 18:53 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-02-07 23:09 - 2016-10-25 15:32 - 000503584 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-07 10:51 - 2017-06-18 12:01 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 10:50 - 2017-06-18 12:01 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 10:50 - 2017-06-18 12:01 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 10:50 - 2017-06-18 12:01 - 000004490 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-02-07 10:50 - 2017-06-18 12:01 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-07 10:50 - 2017-01-23 18:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2017-11-28 18:21 - 2017-11-28 18:22 - 063849440 _____ () C:\Users\Fess Laptop\WDMyCloud_win.exe
2017-06-06 21:24 - 2017-06-06 21:25 - 000038755 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2018-03-09 14:41 - 2018-03-06 21:23 - 000139264 _____ () C:\Users\Fess Laptop\AppData\Local\inde.exe

Some files in TEMP:
====================
2018-03-09 00:26 - 2016-03-12 00:32 - 008883200 _____ () C:\Users\Fess Laptop\AppData\Local\Temp\drivers.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-22 18:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Fess Laptop (09-03-2018 17:43:20)
Running from C:\Users\Fess Laptop\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-10-25 16:47:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1423214336-1649143779-1014254708-500 - Administrator - Disabled)
Fess Laptop (S-1-5-21-1423214336-1649143779-1014254708-1001 - Administrator - Enabled) => C:\Users\Fess Laptop
Guest (S-1-5-21-1423214336-1649143779-1014254708-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1423214336-1649143779-1014254708-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 18.01 (HKLM-x32\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Calibration (HKLM-x32\...\{097FE1B7-B186-426B-A4EC-D1D9D21D3099}) (Version: 81.00.200 - Ford Motor Company)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.12.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MB2000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MB2000_series) (Version: 1.04 - Canon Inc.)
Canon MB2000 series On-screen Manual (HKLM-x32\...\Canon MB2000 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MB2000 series User Registration (HKLM-x32\...\Canon MB2000 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CMS (HKLM-x32\...\CMS) (Version: - )
CodeMeter Runtime Kit v6.30d (HKLM\...\{EFABD31A-4D79-42E2-9C26-68B85C43EC85}) (Version: 6.30.2280.504 - WIBU-SYSTEMS AG)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - )
Dell System Detect (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell System Detect (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
E-Channelizer (HKLM-x32\...\{4105676b-6819-4de3-bf7c-08b1a4bf7aae}) (Version: 4.0.1.5000 - Sayyid A.)
E-Channelizer (HKLM-x32\...\{BE504786-CB4D-4804-9F69-B8DCCCB1C72F}) (Version: 4.0.1.5000 - Sayyid A.) Hidden
FileZilla Client 3.25.1 (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
FileZilla Client 3.25.1 (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
Ford Motor Company VCM II Customer Flight Recorder (HKLM-x32\...\{E19BCDA3-0FE2-40EE-91DF-4A26E7798F60}) (Version: 1.0.191 - Ford Motor Company)
FORScan version 2.3.12.beta (HKLM-x32\...\{63310483-6490-44CD-B351-8F66C2923070}_is1) (Version: 2.3.12.beta - Alexey Savin)
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.33.213 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{7464D896-C63C-412E-8ED3-3261C9F14E21}) (Version: 7.0.1.210 - Apple Inc.)
IDS (HKLM-x32\...\{5A157231-A3CC-4E7D-BCF9-9C1FDEF88D02}) (Version: 86.000.200 - Ford Motor Company) Hidden
IDS (HKLM-x32\...\{91DE1A85-7350-458A-B674-D7C8F3476299}) (Version: 86.010.200 - Ford Motor Company)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.3.0.13 - IObit)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{A7186CCF-A94A-4BB3-A38D-DEDC70C66A53}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
K-Lite Codec Pack 12.4.4 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.4.4 - KLCP)
Kodi (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\...\Kodi) (Version: - XBMC-Foundation)
Kodi (HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\...\Kodi) (Version: - XBMC-Foundation)
Lowvel Formatter (HKLM\...\{A1DF8D4D-1782-4566-AA29-8BFF5391719C}_is1) (Version: - Recovridis Ltd)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Report Viewer 2015 Runtime (HKLM-x32\...\{3ECE8FC7-7020-4756-A71C-C345D4725B77}) (Version: 12.0.2402.15 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-GB)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Mozilla Thunderbird 45.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 en-GB)) (Version: 45.6.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
OpenOffice 4.1.3 (HKLM-x32\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Oracle VM VirtualBox 5.2.6 (HKLM\...\{EA9602E3-0184-45B9-9E15-028776CD7A6E}) (Version: 5.2.6 - Oracle Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PTSTroubleShooter (HKLM-x32\...\{6380DCEC-15C2-4BBF-99C2-CEFFDCC08147}) (Version: 1.1.1 - Ford Motor Company)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
Samsung Tool PRO 24.3 (HKLM-x32\...\44676886-FD7F-4C53-B188-BC86EED9BBC1_is1) (Version: - z3x-team)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
TomTom MyDrive Connect 4.1.4.3089 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.4.3089 - TomTom)
TorrentRover v1.2.7 (HKLM-x32\...\{83398D66-292C-4FFF-8505-7675D9207EE0}) (Version: 1.2.7 - John Loper II (All Rights Reserved))
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.11 - Tweaking.com)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
VideoClient Plugin 2,6,12,52 (HKLM-x32\...\VideoClient Plugin) (Version: 2,6,12,52 - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}) (Version: 1.0.30 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2018-01-28] (AO Kaspersky Lab)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-09-18] (Apple Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2018-01-28] (AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2018-01-28] (AO Kaspersky Lab)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-12-18] (Intel Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2018-01-28] (AO Kaspersky Lab)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05EE0A3B-0C91-49B2-9D0F-6D0C3DCDEA88} - System32\Tasks\tsdataset devlin playlistsdataset devlin playlists => C:\Users\Fess Laptop\AppData\Local\inde.exe [2018-03-06] ()
Task: {0C0E32E5-3DC1-4F97-8C05-25BFB2B0E4D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {0C5AD80B-FDCF-421A-BEB0-B55439ECCDB7} - System32\Tasks\tswarms_voorhieswarms_voorhies => C:\Users\Fess Laptop\AppData\Local\commune.exe
Task: {1D334789-A1F4-4490-B85E-9A16E60A606D} - System32\Tasks\F091FC88-B51A-5C3E-983B-6B163A146B38 => C:\Windows\SysWOW64\regsvr32.exe /n /s /i:"/1279f40c8dd96c02 /q" "C:\Users\FESSLA~1\AppData\Local\0E5183~1\{75713~1."
Task: {20431091-6FD1-4154-8523-375A4E53704D} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {288B56C7-9471-4F98-ACD5-F0A895CD9686} - System32\Tasks\tshaugen kafkaesquehaugen kafkaesque => C:\Program Files (x86)\Stevie\commune.exe
Task: {357112C6-8F18-4897-BF8A-4F3D104BE58A} - System32\Tasks\burbank => C:\Program Files (x86)\Bankrupting\inde.exe
Task: {3BE0D3BB-432E-46E7-93FC-D3355A68BD85} - System32\Tasks\tsburbankburbank => C:\Program Files (x86)\Bankrupting\inde.exe
Task: {3E4561CF-DD6B-4638-B249-7FF6AF7688A4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {404B5E40-2417-4785-9A3D-4130CD7777EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {410E72AE-4B1A-4E65-AFFF-2EC2AC9BCDBA} - System32\Tasks\tsbushedbushed => C:\Program Files (x86)\bodice\bodice.exe
Task: {4265F18C-DB19-4107-9923-CC3933B4E270} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {44E7FA71-EBC5-4641-BF4D-AF054B9488D8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-01-28] (AO Kaspersky Lab)
Task: {49E75E42-09BD-4FF9-B5B5-E9EB3F483B8F} - System32\Tasks\ganeurotics uzisneurotics uzis => C:\Program Files (x86)\Antigua\intifadah.exe
Task: {4A34B856-A906-48E7-953B-34C7168478E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {4F9BCAB8-8CCF-4A06-BCEE-70C0088CCA50} - System32\Tasks\dataset devlin playlists => C:\Users\Fess Laptop\AppData\Local\inde.exe [2018-03-06] ()
Task: {5CA6113A-17A6-4008-9F66-51FCE390902A} - System32\Tasks\neurotics uzis => C:\Program Files (x86)\Antigua\intifadah.exe
Task: {5D8B0F19-F5C4-4051-B3E0-7F501DF5DD93} - System32\Tasks\AdobeGCInvoker-1.0-FessLaptop-Fess Laptop => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {61DD6D04-4D7D-41B5-ABC7-23115EF1951C} - System32\Tasks\gascrubscrub => C:\Program Files (x86)\leesburg\leesburg.exe
Task: {63893E46-03CF-4049-B825-F93702FE9152} - System32\Tasks\warms_voorhies => C:\Users\Fess Laptop\AppData\Local\commune.exe
Task: {666723DC-9A01-459E-9F55-19B50E9391B3} - System32\Tasks\asher-reasearch => C:\Program Files (x86)\specifics\commune.exe
Task: {6FE8A6CC-2AA5-4DA3-B63A-0310734E0D15} - System32\Tasks\gaembolus_manipulatorsembolus_manipulators => C:\Users\Fess Laptop\AppData\Local\intifadah.exe
Task: {71F630E0-98A3-4E7C-AA52-C9188030D08F} - System32\Tasks\gaimprovised-kaylieimprovised-kaylie => C:\Program Files (x86)\litany\intifadah.exe
Task: {75C60220-0135-4C22-B425-6C3C7F9E8DD3} - System32\Tasks\scrub => C:\Program Files (x86)\leesburg\leesburg.exe
Task: {778DAA32-999F-4A41-811A-63CA5163CF06} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {83668C4E-9171-457F-8B36-BE3CED06E71C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {8A416CCD-A385-4782-A400-847C818A7304} - System32\Tasks\tsfederate_severlyfederate_severly => C:\Program Files (x86)\Stevie\inde.exe
Task: {8CE5266A-9845-40EB-93A0-8767FE9624A2} - System32\Tasks\gaabnormally brassieres oabnormally brassieres o => C:\Users\Fess Laptop\AppData\Local\elixir.exe
Task: {9F1CCAF4-14C0-40D2-8870-28A6F55DC66D} - System32\Tasks\gachlorinechlorine => C:\Program Files (x86)\Archambault\elixir.exe
Task: {A54F0212-32A2-43AB-A497-84CF782E97FA} - System32\Tasks\tsasher-reasearchasher-reasearch => C:\Program Files (x86)\specifics\commune.exe
Task: {A70E4013-D9DA-4C34-A8E5-8D0243CA227F} - System32\Tasks\gacaro_banjocaro_banjo => C:\Program Files (x86)\Antigua\elixir.exe
Task: {BB7A566B-2064-461E-884F-66AF91D4CF45} - System32\Tasks\AdobeAAMUpdater-1.0-FessLaptop-Fess Laptop => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {BCB19B3B-19E7-4C80-954C-1FA7CBFA2E25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {C2BB0DC5-6111-4C71-B69B-CD6C048B614F} - System32\Tasks\embolus_manipulators => C:\Users\Fess Laptop\AppData\Local\intifadah.exe
Task: {C6540865-DBEF-4D19-8C56-863AF1932F81} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C9D20C22-940B-4F58-958E-EE19AD4B100B} - System32\Tasks\abnormally brassieres o => C:\Users\Fess Laptop\AppData\Local\elixir.exe
Task: {CCC2498E-0478-48F4-BBBF-DF611EFF2254} - System32\Tasks\chlorine => C:\Program Files (x86)\Archambault\elixir.exe
Task: {D5D8926E-0255-43CC-9863-709A44642AFB} - System32\Tasks\bushed => C:\Program Files (x86)\bodice\bodice.exe
Task: {DF8A21AD-19BE-49B2-B606-9C8815BD6417} - System32\Tasks\federate_severly => C:\Program Files (x86)\Stevie\inde.exe
Task: {DFF62D69-73F9-4668-B0B8-51C900118395} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-10-10] ()
Task: {EDD8EE4E-FED4-480F-AA84-06C8962C0467} - System32\Tasks\improvised-kaylie => C:\Program Files (x86)\litany\intifadah.exe
Task: {F647367A-D7DD-477A-AD8A-EDE3EB0673D0} - System32\Tasks\haugen kafkaesque => C:\Program Files (x86)\Stevie\commune.exe
Task: {FB6BC5A5-9F9C-41CD-81FC-26076D408138} - System32\Tasks\caro_banjo => C:\Program Files (x86)\Antigua\elixir.exe
Task: {FC730941-3B26-4ECB-8D3C-B5C2583C9C92} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path OfficeSoftwareProtectionProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-10-25 18:01 - 2013-06-28 14:28 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2017-03-20 15:44 - 2017-03-20 15:44 - 000052392 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-10-25 12:20 - 2015-12-18 12:22 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-03-09 14:41 - 2018-03-06 21:23 - 000139264 _____ () C:\Users\Fess Laptop\AppData\Local\inde.exe
2016-04-14 17:16 - 2016-04-14 17:16 - 012471368 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2018-02-28 11:26 - 2018-02-22 03:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-28 11:26 - 2018-02-22 03:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-03-09 17:30 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-09 17:30 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-28 14:33 - 2018-01-28 14:33 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\kpcengine.2.3.dll
2017-03-18 17:16 - 2017-02-09 15:54 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2017-03-18 17:17 - 2017-02-09 15:54 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2017-03-18 17:17 - 2017-02-09 15:54 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2017-03-18 17:17 - 2017-02-09 15:54 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 001309768 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 000199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 000396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 000173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2018-03-09 14:56 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-03-09 14:56 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-03-09 14:56 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-03-09 14:57 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-03-09 14:56 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-03-09 14:56 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2016-11-15 05:27 - 2016-11-15 05:27 - 008911552 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtexisLicensing => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2_x64 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1423214336-1649143779-1014254708-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1423214336-1649143779-1014254708-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173209069\Control Panel\Desktop\\Wallpaper -> C:\Users\Fess Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1423214336-1649143779-1014254708-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092018173210158\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F56EAE96-BB79-41DE-8BF9-5BCD83FF3E48}] => (Allow) C:\Users\Fess Laptop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E2EE91B2-88D7-4C54-B59A-DE08A265CC79}] => (Allow) C:\Users\Fess Laptop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B572B799-23B0-491D-88B8-9A13CEA1CDFA}] => (Allow) C:\Users\Fess Laptop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9B89B9A1-87C8-4B6A-BF84-273FB333DC2E}] => (Allow) C:\Users\Fess Laptop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48E71FB4-154A-4B72-813E-45C05883EBEA}] => (Allow) C:\Users\Fess Laptop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3D533E90-5477-40BA-9A2D-C92B6F1C167A}] => (Allow) C:\Users\Fess Laptop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{08E1934E-453F-40EF-A8B2-D8FA7880466F}E:\android\jre\bin\java.exe] => (Allow) E:\android\jre\bin\java.exe
FirewallRules: [UDP Query User{0C7EB072-A37E-4CD9-9D34-AB60745633A3}E:\android\jre\bin\java.exe] => (Allow) E:\android\jre\bin\java.exe
FirewallRules: [{C1C711A3-713E-4D28-AB74-6892B51B229D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{68EC9F88-0B19-42C9-B36E-A48A79F17CB7}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{4BB57611-57D1-4783-9E1F-7568CB4FCFA2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{806051D0-615E-4A3E-98F5-5AD9EFBB8F6F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{EF67D0D3-34D3-48E3-B212-54EA44401998}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{5C4AAD88-B820-48EB-BC9D-23AF557E1068}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{AB21771C-AA50-449A-A552-C000B539DD73}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{32CBC69C-B990-4512-9618-73FDD5CA32A2}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{8D3AE3E6-315B-44AE-85BF-06EB321D0BCA}] => (Allow) C:\Users\Fess Laptop\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{1941A019-7E31-4BEE-8714-EF0718C892A1}] => (Allow) C:\Users\Fess Laptop\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{3B02A26C-996B-473F-9CD7-7848DE39BAE9}] => (Allow) C:\Users\Fess Laptop\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{6D4400FD-F60B-467D-847A-1BB8F5D9A059}] => (Allow) C:\Users\Fess Laptop\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{A1AFA8B5-A6ED-49FF-A8A1-73411D7C8024}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{95E42ADD-483C-45F0-AB6A-83525411920F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{CD7C0039-809D-4AA3-861D-36F414588E05}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{AA24612F-5B27-40B5-BA50-E60D8F4DFD09}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [UDP Query User{34702882-2C4E-4509-BB15-B8216840DBAB}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [{99E50C12-E702-44CB-AFAD-C8E2A158F298}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{40271599-8FA1-4BE1-98E9-72588D1F446E}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{B2330C0E-264B-477D-B446-3B4A2EDF9E81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDF3A559-ACC0-47A6-B099-12FBA4C5B9D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{43FF3750-DCF1-4D1B-B811-CDF6E23D41BA}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{02364E36-7C3B-4BC2-8B0D-C2A48E64A9EF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{FBE71D6F-B29B-4AA9-A2AE-8D6AF80275EF}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\Tabman.exe
FirewallRules: [{A93BE4FF-C594-4883-910E-58E30598C74C}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\syspage.exe
FirewallRules: [{5C518412-B20E-4383-8586-59F74F1368AE}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\Testman.exe
FirewallRules: [{FB738458-BB4A-4EB3-BF5A-43B62AF8CDB8}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\CodeServeD.exe
FirewallRules: [{5CE615F6-C704-4609-AA39-59EC11D6FD70}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
FirewallRules: [{F0541D50-C08F-4014-98AA-FF78009A0D79}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
FirewallRules: [{8766A305-C2C7-4635-ADDC-2F9F543691B4}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\SWUpdWizard.exe
FirewallRules: [{BB217AB4-A263-412E-812B-1BEC421DD000}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\PtchApply.exe
FirewallRules: [{BDDD5847-D98A-452B-AFF9-F4E4453CF9CA}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\RTDB.exe
FirewallRules: [{F899280D-3149-4616-BB74-8803A7C3B199}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\Starburst.exe
FirewallRules: [{23E9A33D-AA61-4C02-9F21-36C32806AAC2}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe
FirewallRules: [{F3BAA25E-74A4-4880-925C-839CD0FCB53C}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\SystemDiagnostic.exe
FirewallRules: [{18BB5413-2F3F-4644-99AE-EEFD829F70CA}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\VMM.exe
FirewallRules: [{4132379D-C1DD-4456-A71A-382B97A28C36}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\probes\C402.exe
FirewallRules: [{9A6B8365-8DA4-44F0-95D6-A1D02E17E629}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\probes\C403.exe
FirewallRules: [{A18E7E78-8FB9-478A-9B09-76F00131CB95}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\probes\C404.exe
FirewallRules: [{2A5B4A19-3440-431B-87FE-F722895EF994}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\probes\C407.exe
FirewallRules: [{15055823-85C6-4557-B96B-1890174E1373}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\probes\C412.exe
FirewallRules: [{AB692F62-23B2-4FF7-8123-C67BD8286B11}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\probes\C413.exe
FirewallRules: [{51C30E27-4330-4C4E-A461-4023E4EB6B2B}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\LVPCheck.exe
FirewallRules: [{A7A773AA-F793-49DC-B5C9-6F8A53B5D693}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\vcl_pc.exe
FirewallRules: [{B57B9C8B-33B1-4553-86D6-CD31BB67ECF7}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\NetworkActivation.exe
FirewallRules: [{8C1F8271-20B6-4528-A7B0-2B1834949DDA}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\DetectionManager.exe
FirewallRules: [{072D2B98-2E6C-4CCA-8CED-95E7A84C5A92}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\probes\C418.exe
FirewallRules: [{E63D3109-0746-4260-964E-A72627B515A0}] => (Allow) F:\Program Files (x86)\Ford Motor Company\IDS\Runtime\VCM2.exe
FirewallRules: [TCP Query User{EFE304DB-682C-4C42-B6C3-CBC8FE989445}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{521F8DC0-6DB1-467B-9407-88A3C2E0CE09}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{DEB12322-5BDE-4D34-80D7-6E8F7D458C61}] => (Allow) C:\Program Files (x86)\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
FirewallRules: [TCP Query User{E1A84204-ED0C-4DFD-A966-8ED89266FEE9}C:\program files (x86)\ford motor company\ids\runtime\testman.exe] => (Allow) C:\program files (x86)\ford motor company\ids\runtime\testman.exe
FirewallRules: [UDP Query User{3971D8C1-0132-47A4-9C0F-E45D67A57367}C:\program files (x86)\ford motor company\ids\runtime\testman.exe] => (Allow) C:\program files (x86)\ford motor company\ids\runtime\testman.exe
FirewallRules: [TCP Query User{2C38EA26-BAD0-4E07-9C1D-30D0707FFB25}C:\program files (x86)\ford motor company\ids\runtime\vcl_pc.exe] => (Allow) C:\program files (x86)\ford motor company\ids\runtime\vcl_pc.exe
FirewallRules: [UDP Query User{AB61F7B9-167F-4B84-8923-D609E5A09A58}C:\program files (x86)\ford motor company\ids\runtime\vcl_pc.exe] => (Allow) C:\program files (x86)\ford motor company\ids\runtime\vcl_pc.exe
FirewallRules: [TCP Query User{2F102DA1-6185-4A65-B2D2-DE34995E9437}C:\program files (x86)\ford motor company\ids\runtime\vcm2.exe] => (Allow) C:\program files (x86)\ford motor company\ids\runtime\vcm2.exe
FirewallRules: [UDP Query User{E276745B-DC96-414D-BF71-3431D3162189}C:\program files (x86)\ford motor company\ids\runtime\vcm2.exe] => (Allow) C:\program files (x86)\ford motor company\ids\runtime\vcm2.exe
FirewallRules: [{E48892DC-4E4B-4550-8311-8CC6832CFAD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{34A589DF-3ED1-4EA5-87DA-AC7AC1E914F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8565AD21-3AD1-4750-86A4-B5FBDE74D22F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{58739D77-193C-49A6-B5CF-BF17E419696D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{1EBA6E8B-E15B-421A-848F-4DD0D26B3D68}C:\program files\java\jre1.8.0_144\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\jp2launcher.exe
FirewallRules: [UDP Query User{68373844-15B6-4BDA-96EA-F5D5392A029F}C:\program files\java\jre1.8.0_144\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\jp2launcher.exe
FirewallRules: [TCP Query User{B3158E3F-4466-4118-B485-2967E7CD3B36}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [UDP Query User{1D181851-86A2-4AA7-9466-757DF3D5AFDB}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [{09217A87-87A4-4C20-971D-5824051B20AF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{52DE9A5D-A1F6-4D3E-BDCF-C324ACE417EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1D054823-326F-40D5-B6B8-A7E3AD33C21F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51BC2653-F25C-4249-9D5F-D8C6401497D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7968D706-8924-472D-912C-9C67B9038C52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AAE04E93-38C9-4712-AF88-B67DFEA7D62E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CFD143B8-A512-4ACC-B3C5-1E30A0471278}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E3DF8BB3-2CE1-495D-971C-DF5D24F68098}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{873DA049-9AA6-4635-A17C-B74046DDB1E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{BF0E8A47-BD02-49A7-AD99-748963856E15}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Allow) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
FirewallRules: [UDP Query User{FA20FBAE-AA2D-4218-8E45-AACACED1CE8A}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Allow) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe
FirewallRules: [{8E3E9C9F-8396-41FF-B556-0AE9CAA26B00}] => (Allow) C:\Program Files (x86)\Archambault\elixir.exe
FirewallRules: [{D7CCCF79-6415-4909-982A-1A896EF57B67}] => (Allow) C:\Program Files (x86)\Antigua\elixir.exe
FirewallRules: [{54E600B7-9B7D-4C0F-AD36-89D1FA617E2F}] => (Allow) C:\Program Files (x86)\litany\intifadah.exe
FirewallRules: [{0A58BC98-0C22-48F2-9144-25983D6EBD22}] => (Allow) C:\Program Files (x86)\Antigua\intifadah.exe
FirewallRules: [{87FE9B0A-786B-465E-9CBB-788E2C75D9C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E719FB27-51CE-42E1-B0E2-CFBA93163AB7}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{86D5A54A-8AB1-4811-9EE5-29E8362707BC}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{E02D09CA-03AE-48AB-9051-203EBA6B4A27}] => (Allow) C:\Program Files (x86)\Bankrupting\inde.exe
FirewallRules: [{58FE70D8-BB9A-4CC7-95F0-9A2DA26B6C79}] => (Allow) C:\Program Files (x86)\Stevie\inde.exe
FirewallRules: [{2BCEC3DD-C3ED-4678-869B-57AC3445951C}] => (Allow) C:\Program Files (x86)\specifics\commune.exe
FirewallRules: [{D32BF6B7-B99D-49FB-A2E7-6E7002853663}] => (Allow) C:\Program Files (x86)\Stevie\commune.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

28-02-2018 12:07:32 Installed Windows 7 USB/DVD Download Tool
01-03-2018 19:49:45 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
01-03-2018 19:49:59 Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810
01-03-2018 19:50:38 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
01-03-2018 19:50:58 Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
01-03-2018 19:51:34 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918
01-03-2018 19:57:14 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-03-2018 21:17:29 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
05-03-2018 16:58:32 Installed TorrentRover v1.2.7
09-03-2018 17:22:13 Microsoft Visual Studio Community 2015 with Updates

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2018 02:51:35 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/09/2018 02:35:39 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/09/2018 02:30:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Fess Laptop\Downloads\HitmanPro_x64.exe Laptop\Downloads\HitmanPro_x64.exe" ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (03/09/2018 02:30:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Fess Laptop\Downloads\HitmanPro_x64.exe Laptop\Downloads\HitmanPro_x64.exe" ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (03/09/2018 11:48:07 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/09/2018 11:48:07 AM) (Source: Application) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/09/2018 12:50:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5195

Error: (03/09/2018 12:50:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5195


System errors:
=============
Error: (03/09/2018 04:54:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 04:54:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 04:54:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 04:53:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 04:53:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 04:53:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 04:53:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/09/2018 04:53:14 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 27%
Total physical RAM: 16266.63 MB
Available physical RAM: 11825.86 MB
Total Virtual: 32531.45 MB
Available Virtual: 27512.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:831.32 GB) (Free:693.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:25 GB) (Free:13.3 GB) NTFS
Drive f: () (Fixed) (Total:25 GB) (Free:21.49 GB) NTFS
Drive g: () (Fixed) (Total:25.05 GB) (Free:17.85 GB) NTFS
Drive h: () (Fixed) (Total:25.05 GB) (Free:24.7 GB) NTFS
Drive i: () (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BB8F0F7D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=0B)
Partition 2: (Active) - (Size=831.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=75.1 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 March 2018 - 07:32 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 10 March 2018 - 07:31 PM

Greetings fess12 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please run this program for me.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ckfiles

Edited by Oh My!, 10 March 2018 - 08:32 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 13 March 2018 - 09:23 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 PM

Posted 15 March 2018 - 09:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users