Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

extension.citypage.today (plus ?) Virus/Rootkit Removal Help


  • This topic is locked This topic is locked
26 replies to this topic

#1 thefamousmred

thefamousmred

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 23 March 2018 - 05:58 PM

I noticed IE getting an unwanted redirect of search requests to extension.citypage.today and also 100% disk activity all the time. At first I was able to run malwarebytes which cleaned up some things, but the redirect kept coming back.  Now malwarebytes will no longer run with a "service unavailable" error in regular or safe mode.  Also GMER and PC Hunter won't run. Thanks for any help!

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by netdisk (administrator) on WIN10TEST (23-03-2018 15:10:35)
Running from C:\Users\netdisk\Downloads
Loaded Profiles: netdisk (Available Profiles: netdisk & Daniel & visitor & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\msapibhsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
() C:\Program Files (x86)\TalkSwitch\UDPLogger\UDPLogger.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\netdisk\AppData\Local\upsciml\upsciml.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Users\netdisk\AppData\Local\wmcagent\wmcagent.exe
() C:\Users\netdisk\AppData\Local\wmcagent\wmcagent.exe
() C:\Users\netdisk\AppData\Local\wmcagent\wmcagent.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.245_none_16ec1d963212a637\TiWorker.exe
() C:\Users\netdisk\AppData\Local\upsciml\iacdkvb.exe
() C:\Users\netdisk\AppData\Local\upsciml\iacdkvb.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [hpbdfawep] => C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe [1214976 2007-04-25] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-12-09] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\GoToAssist Remote Support Customer\1575\g2ax_winlogonx64.dll [X]
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Run: [Dropbox Update] => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Run: [Google Update] => C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Policies\system: [EnableLUA] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-03-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2445136535-42582293-1619217398-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1717725a-f6ec-4ee0-b65e-8f9889af2bb5}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-02] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-02] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\netdisk\AppData\Roaming\TomTom\HOME\Profiles\779d1o9j.default [2011-12-06]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\netdisk\AppData\Roaming\Mozilla\Firefox\Profiles\s53l1cxy.default [2018-03-23]
FF Homepage: Mozilla\Firefox\Profiles\s53l1cxy.default -> hxxp://www.google.com/
FF Extension: (Adblock Plus) - C:\Users\netdisk\AppData\Roaming\Mozilla\Firefox\Profiles\s53l1cxy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\netdisk\AppData\Roaming\Mozilla\Firefox\Profiles\s53l1cxy.default\features\{41c199bc-d2da-417d-b90f-07aa8c1fc74f}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\netdisk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @talk.google.com/O1DPlugin -> C:\Users\netdisk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @tools.google.com/Google Update;version=3 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @tools.google.com/Google Update;version=9 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\netdisk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.69\npGatewayNpapi.dll [2016-07-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\netdisk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.69\npGatewayNpapi-x64.dll [2016-07-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\netdisk\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-10-03] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\netdisk\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\netdisk\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-02-26]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default [2018-03-23]
CHR Extension: (Adblock Plus) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-08]
CHR Extension: (Google Voice (by Google)) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\klgpmctx <==== ATTENTION (Rootkit!)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1575\g2ax_service.exe [614368 2017-12-13] (LogMeIn, Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-02] (Electronic Arts)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-09] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-09] (Intuit Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH)
S3 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
R2 UDPLogger; C:\Program Files (x86)\Talkswitch\UDPLogger\UDPLogger.exe [188416 2012-06-01] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 DrvSnSht; C:\Program Files (x86)\Drive Image\DrvSnSht64.sys [132432 2010-05-31] (R-TT Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-23] (Malwarebytes)
S3 mv2; C:\WINDOWS\System32\DRIVERS\mv2.sys [12904 2011-04-29] (UVNC BVBA)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 R-ImageDisk; C:\Program Files (x86)\Drive Image\R-ImageDisk64.sys [181840 2013-01-15] (R-TT Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S4 vdfcgq; C:\WINDOWS\System32\drivers\uqjwepm.sys [79064 2018-03-02] (Malwarebytes Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-03-19] (Zemana Ltd.)
U3 idsvc; no ImagePath
R3 twadgj; system32\drivers\zdgjmq.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 15:10 - 2018-03-23 15:12 - 000024556 _____ C:\Users\netdisk\Downloads\FRST.txt
2018-03-23 14:54 - 2018-03-23 15:06 - 000026522 _____ C:\Users\netdisk\Downloads\Fixlog.txt
2018-03-23 14:53 - 2018-03-23 15:10 - 000000000 ____D C:\FRST
2018-03-23 14:52 - 2018-03-23 14:52 - 002403328 _____ (Farbar) C:\Users\netdisk\Downloads\FRST64.exe
2018-03-23 14:38 - 2018-03-23 14:38 - 000145232 ____N C:\WINDOWS\system32\Drivers\wimbehlo.sys
2018-03-23 13:20 - 2018-03-23 14:33 - 000000000 ____D C:\Users\netdisk\Downloads\PCHunter_free
2018-03-23 13:17 - 2018-03-23 13:17 - 005908597 _____ C:\Users\netdisk\Downloads\PCHunter_free.zip
2018-03-23 12:48 - 2016-03-11 14:53 - 000380928 _____ C:\Users\netdisk\Downloads\gmer.exe
2018-03-23 12:42 - 2018-03-23 14:37 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-23 12:35 - 2018-03-23 12:35 - 000000000 ____D C:\WINDOWS\pss
2018-03-23 12:10 - 2018-03-23 12:10 - 005908597 _____ C:\Users\netdisk\Downloads\xPCHunter_free.zip
2018-03-23 11:54 - 2018-03-23 12:24 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-23 11:35 - 2016-03-11 14:53 - 000380928 _____ C:\Users\netdisk\Downloads\xxgmr.exe
2018-03-23 11:34 - 2018-03-23 11:34 - 000371282 _____ C:\Users\netdisk\Downloads\gmer.zip
2018-03-23 11:23 - 2018-03-23 11:23 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-23 11:23 - 2018-03-23 11:23 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-23 11:23 - 2018-03-23 11:23 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-23 11:23 - 2018-03-23 11:23 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-23 11:23 - 2018-03-23 11:23 - 000001949 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-23 11:23 - 2018-03-23 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-23 11:23 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-23 11:21 - 2018-03-23 11:22 - 071191456 _____ (Malwarebytes ) C:\Users\netdisk\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4446.exe
2018-03-23 10:08 - 2018-03-23 10:09 - 000000000 ____D C:\Users\netdisk\AppData\Local\wmcagent
2018-03-19 16:23 - 2018-03-23 10:31 - 000000352 _____ C:\WINDOWS\Tasks\HP WEP.job
2018-03-19 16:23 - 2018-03-23 07:52 - 000002980 _____ C:\WINDOWS\System32\Tasks\HP WEP
2018-03-19 14:00 - 2018-03-19 14:00 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3415F343.sys
2018-03-19 13:59 - 2018-03-19 14:37 - 000000000 ____D C:\Users\netdisk\Desktop\mbar
2018-03-19 13:59 - 2018-03-19 14:37 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-19 13:59 - 2018-03-19 13:59 - 014178840 _____ (Malwarebytes Corp.) C:\Users\netdisk\Downloads\mbar-1.10.3.1001.exe
2018-03-19 13:30 - 2018-03-23 14:27 - 000000000 ____D C:\AdwCleaner
2018-03-19 13:26 - 2018-03-19 13:26 - 008222496 _____ (Malwarebytes) C:\Users\netdisk\Downloads\adwcleaner_7.0.8.0.exe
2018-03-19 13:18 - 2018-03-23 15:12 - 000062684 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-19 13:18 - 2018-03-19 13:36 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-19 13:18 - 2018-03-19 13:25 - 000010362 _____ C:\WINDOWS\ZAM.krnl.trace
2018-03-19 13:18 - 2018-03-19 13:18 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-03-19 13:18 - 2018-03-19 13:18 - 000000000 ____D C:\Users\netdisk\AppData\Local\Zemana
2018-03-19 13:17 - 2018-03-19 13:17 - 006625600 _____ (Zemana Ltd. ) C:\Users\netdisk\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-19 12:22 - 2018-03-23 11:23 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-19 12:22 - 2018-03-19 12:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-16 16:34 - 2018-03-16 16:34 - 000002412 _____ C:\Users\visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-16 13:34 - 2018-03-16 13:34 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-16 12:23 - 2018-03-16 12:29 - 257291909 _____ C:\Users\netdisk\Downloads\bc_backup.zip
2018-03-13 16:34 - 2018-03-13 16:34 - 006210560 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-03-12 15:52 - 2018-03-12 15:52 - 000000000 ____D C:\Users\netdisk\Downloads\bc_backup
2018-03-12 12:34 - 2018-03-12 12:34 - 000000000 ___HD C:\$Windows.~WS
2018-03-12 12:34 - 2018-03-12 12:34 - 000000000 ____D C:\$WINDOWS.~BT
2018-03-09 15:07 - 2018-03-09 15:07 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2018-03-09 15:07 - 2018-03-09 15:07 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2018-03-09 12:04 - 2018-03-09 12:04 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-03-09 11:55 - 2018-03-10 19:49 - 000000000 ____D C:\Users\netdisk\AppData\Local\pwnzghb
2018-03-09 10:52 - 2018-03-09 10:52 - 000000000 ____H C:\Users\netdisk\AppData\Local\BITF98D.tmp
2018-03-09 10:51 - 2018-03-09 10:52 - 000000000 _____ C:\Users\netdisk\AppData\Local\{016D8F07-B166-45E8-9C62-C58DE7D1752D}
2018-03-02 10:35 - 2018-03-02 10:35 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\uqjwepm.sys
2018-03-02 10:35 - 2018-03-02 10:35 - 000013986 _____ C:\WINDOWS\system32\bslf
2018-03-01 13:10 - 2018-03-01 13:10 - 000000000 ____D C:\Users\visitor\AppData\LocalLow\Adobe
2018-03-01 13:10 - 2018-03-01 13:10 - 000000000 ____D C:\Users\visitor\AppData\Local\Adobe
2018-02-26 18:00 - 2018-03-23 15:10 - 000000000 ____D C:\Users\netdisk\AppData\Local\upsciml
2018-02-26 18:00 - 2018-02-26 18:00 - 000000000 ____D C:\Users\netdisk\AppData\Local\cgkepoh
2018-02-26 17:58 - 2018-03-23 14:39 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\msapibhsvc.exe
2018-02-26 17:58 - 2018-02-26 17:58 - 000000000 ____D C:\WINDOWS\SysWOW64\dwhkoea
2018-02-26 17:58 - 2018-02-26 17:58 - 000000000 ____D C:\WINDOWS\system32\dwhkoea
2018-02-26 17:58 - 2018-02-26 17:58 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\et
2018-02-26 17:55 - 2018-02-26 17:55 - 000021594 _____ C:\WINDOWS\System32\Tasks\jblr1QhIHqJY
2018-02-26 17:55 - 2018-02-26 17:55 - 000001328 _____ C:\Users\visitor\Desktop\Google Chrome.lnk
2018-02-26 17:55 - 2018-02-26 17:55 - 000001328 _____ C:\Users\netdisk\Desktop\Google Chrome.lnk
2018-02-26 17:52 - 2018-02-26 17:52 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\AGData
2018-02-26 17:51 - 2018-02-26 17:51 - 000000012 ___SH C:\WINDOWS\D99ED13B9B4F
2018-02-26 17:50 - 2018-02-26 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
2018-02-26 17:50 - 2018-01-18 16:43 - 000930816 __RSH C:\WINDOWS\flvdec.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 001085624 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLvideo.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 000561336 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLsplit.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 000556216 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 000537784 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 000405176 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 000276152 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 000263864 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLaudio.dll
2018-02-26 17:50 - 2016-05-05 13:23 - 000000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2018-02-26 17:50 - 2016-05-05 13:22 - 010766520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2018-02-26 17:50 - 2016-05-05 13:22 - 001699000 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2018-02-26 17:50 - 2016-05-05 13:22 - 000188088 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2018-02-26 17:50 - 2016-05-05 13:22 - 000160440 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2018-02-26 17:50 - 2014-03-07 13:03 - 000293888 __RSH C:\WINDOWS\SysWOW64\avcodec-lav-1321.dll
2018-02-26 17:50 - 2012-10-05 19:54 - 000188416 __RSH C:\WINDOWS\SysWOW64\winDCE32.dll
2018-02-26 17:50 - 2012-07-11 23:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Olepau32.ax
2018-02-26 17:50 - 2011-06-14 20:05 - 000121344 __RSH C:\WINDOWS\SysWOW64\TAKDSDecoder.ax
2018-02-26 17:50 - 2011-02-11 12:26 - 000237568 __RSH C:\WINDOWS\SysWOW64\OptimFROG.dll
2018-02-26 17:50 - 2010-01-07 00:00 - 000107520 __RSH C:\WINDOWS\SysWOW64\TAKDSDecoder.dll
2018-02-26 17:50 - 2009-08-10 23:00 - 000352768 __RSH C:\WINDOWS\SysWOW64\ac3DX.ax
2018-02-26 17:50 - 2005-02-22 17:55 - 000081920 __RSH C:\WINDOWS\SysWOW64\aac_parser.ax
2018-02-26 17:50 - 2004-04-27 16:03 - 000017408 __RSH (RadLight) C:\WINDOWS\SysWOW64\RLOFRDec.ax
2018-02-26 03:17 - 2018-02-26 03:17 - 000047248 _____ C:\WINDOWS\uninstaller.dat
2018-02-24 08:45 - 2018-02-24 08:45 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2018-02-23 14:11 - 2018-02-23 14:11 - 000000000 ____D C:\Users\netdisk\Documents\Custom Office Templates
2018-02-23 13:33 - 2018-02-23 13:33 - 000002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-02-23 13:33 - 2018-02-23 13:33 - 000002529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-02-23 13:33 - 2018-02-23 13:33 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-02-23 13:33 - 2018-02-23 13:33 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-02-23 13:33 - 2018-02-23 13:33 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-02-23 13:33 - 2018-02-23 13:33 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-02-23 13:33 - 2018-02-23 13:33 - 000002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-02-23 13:33 - 2018-02-23 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-02-23 13:17 - 2018-02-23 13:17 - 000000000 ____D C:\Program Files\Microsoft Office 15

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 15:11 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-23 14:48 - 2016-11-23 11:04 - 000000000 ____D C:\Users\netdisk\AppData\LocalLow\Mozilla
2018-03-23 14:43 - 2011-11-18 14:52 - 000000000 ____D C:\Users\netdisk\Documents\Outlook
2018-03-23 14:39 - 2018-02-11 19:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-23 14:39 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-23 14:39 - 2017-06-24 02:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-23 14:38 - 2017-09-29 01:45 - 018350080 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-23 14:35 - 2016-10-03 15:38 - 000000032 _____ C:\Users\netdisk\Desktop\New Text Document.txt
2018-03-23 14:21 - 2018-02-11 19:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-23 12:24 - 2011-03-31 12:32 - 000234480 ____N C:\WINDOWS\Minidump\032318-40406-01.dmp
2018-03-23 12:10 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-23 11:56 - 2018-02-11 19:18 - 000000000 ____D C:\Users\netdisk
2018-03-23 11:56 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-23 11:54 - 2011-03-31 12:32 - 000221912 ____N C:\WINDOWS\Minidump\032318-41453-01.dmp
2018-03-23 10:59 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-23 10:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-23 10:06 - 2011-07-21 10:53 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 10:06 - 2011-07-21 10:53 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-19 16:12 - 2018-02-16 12:49 - 000000031 _____ C:\Users\netdisk\Desktop\New Text Document (3).txt
2018-03-19 14:00 - 2015-05-19 12:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-19 13:24 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-19 13:23 - 2013-11-04 15:08 - 000007592 _____ C:\Users\netdisk\AppData\Local\Resmon.ResmonCfg
2018-03-19 13:16 - 2011-12-06 15:04 - 000000000 ____D C:\Program Files (x86)\TomTom HOME 2
2018-03-19 12:55 - 2018-02-11 19:54 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2445136535-42582293-1619217398-1000
2018-03-19 12:55 - 2016-07-27 09:38 - 000002412 _____ C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 12:54 - 2016-07-27 09:38 - 000000000 ___RD C:\Users\netdisk\OneDrive
2018-03-19 12:47 - 2018-02-11 19:12 - 001092258 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-19 12:41 - 2016-01-25 10:32 - 000000662 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000.job
2018-03-19 12:41 - 2016-01-25 10:32 - 000000566 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000.job
2018-03-19 12:22 - 2015-05-19 12:26 - 000000000 ____D C:\Program Files (x86)\xxMalwarebytes Anti-Malware
2018-03-17 07:13 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-17 07:09 - 2011-11-18 14:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 16:34 - 2018-02-11 19:54 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2445136535-42582293-1619217398-1029
2018-03-16 16:34 - 2017-08-14 16:45 - 000000000 ___RD C:\Users\visitor\OneDrive
2018-03-16 13:36 - 2011-04-15 12:05 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\Dropbox
2018-03-16 13:34 - 2013-05-21 10:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-16 13:34 - 2011-07-19 13:48 - 000001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-13 16:34 - 2018-02-11 19:54 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 16:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 16:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-12 12:35 - 2018-02-10 19:16 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-09 12:10 - 2018-02-11 19:54 - 000003820 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000
2018-03-09 12:10 - 2018-02-11 19:54 - 000003724 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000
2018-03-09 12:10 - 2017-07-08 02:14 - 000000000 ____D C:\Users\netdisk\AppData\Local\GoToMeeting
2018-03-09 12:04 - 2018-02-11 19:18 - 000000000 ____D C:\Users\DefaultAppPool
2018-03-09 10:54 - 2013-03-18 09:36 - 000000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleFornetdisk.job
2018-03-08 16:28 - 2018-02-11 19:54 - 000003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFornetdisk
2018-03-05 16:49 - 2018-02-11 19:21 - 000000000 ____D C:\Users\netdisk\AppData\Local\Packages
2018-03-02 14:09 - 2018-02-14 18:54 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 14:09 - 2018-02-14 18:54 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 10:40 - 2018-02-11 19:07 - 002181096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-01 13:10 - 2017-08-14 16:39 - 000000000 ____D C:\Users\visitor\AppData\Roaming\Adobe
2018-03-01 11:03 - 2018-02-19 10:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-01 11:02 - 2017-09-29 06:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-02-26 18:06 - 2011-08-29 10:28 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\uTorrent
2018-02-26 17:50 - 2012-02-28 15:58 - 000000000 ____D C:\Program Files (x86)\eRightSoft
2018-02-24 08:54 - 2018-02-11 19:00 - 000000000 ____D C:\Windows.old
2018-02-23 21:31 - 2011-11-30 11:08 - 000000000 ____D C:\Users\netdisk\Shared Files
2018-02-23 15:25 - 2011-03-31 14:52 - 000126872 _____ C:\Users\netdisk\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-23 13:17 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

==================== Files in the root of some directories =======

2013-12-19 10:31 - 2014-11-03 14:29 - 000000132 _____ () C:\Users\netdisk\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-05-09 10:11 - 2011-12-03 08:07 - 000001854 _____ () C:\Users\netdisk\AppData\Roaming\GhostObjGAFix.xml
2012-11-15 15:09 - 2016-07-29 10:16 - 000000600 _____ () C:\Users\netdisk\AppData\Roaming\winscp.rnd
2018-03-09 10:52 - 2018-03-09 10:52 - 000000000 ____H () C:\Users\netdisk\AppData\Local\BITF98D.tmp
2013-05-21 13:30 - 2012-11-23 05:54 - 000196608 _____ () C:\Users\netdisk\AppData\Local\common_functions.dll
2012-01-16 12:32 - 2012-01-16 12:40 - 000000080 _____ () C:\Users\netdisk\AppData\Local\CrystalDiskMark30.ini
2012-11-23 05:54 - 2012-11-23 05:54 - 000114688 _____ () C:\Users\netdisk\AppData\Local\ie_runner_app.exe
2013-05-21 13:30 - 2012-06-26 03:59 - 000940544 _____ (Apache Software Foundation) C:\Users\netdisk\AppData\Local\log4cxx.dll
2013-01-21 11:25 - 2017-08-07 16:01 - 000000600 _____ () C:\Users\netdisk\AppData\Local\PUTTY.RND
2013-11-04 15:08 - 2018-03-19 13:23 - 000007592 _____ () C:\Users\netdisk\AppData\Local\Resmon.ResmonCfg
2016-01-13 18:05 - 2016-01-13 18:05 - 000001352 _____ () C:\Users\netdisk\AppData\Local\UTS.zip
2018-03-09 10:51 - 2018-03-09 10:52 - 000000000 _____ () C:\Users\netdisk\AppData\Local\{016D8F07-B166-45E8-9C62-C58DE7D1752D}

Some files in TEMP:
====================
2018-03-09 10:51 - 2018-03-09 10:51 - 000000000 _____ () C:\Users\netdisk\AppData\Local\Temp\GUR2FA0.exe
2018-03-09 10:51 - 2018-03-09 10:51 - 000000000 _____ () C:\Users\netdisk\AppData\Local\Temp\GURB897.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wimbehlo.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-03-13 22:54

==================== End of FRST.txt ============================

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by netdisk (23-03-2018 15:12:59)
Running from C:\Users\netdisk\Downloads
Windows 10 Home Version 1709 16299.248 (X64) (2018-02-12 02:56:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2445136535-42582293-1619217398-500 - Administrator - Disabled)
Daniel (S-1-5-21-2445136535-42582293-1619217398-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-2445136535-42582293-1619217398-503 - Limited - Disabled)
Guest (S-1-5-21-2445136535-42582293-1619217398-501 - Limited - Disabled) => C:\Users\Guest
netdisk (S-1-5-21-2445136535-42582293-1619217398-1000 - Administrator - Enabled) => C:\Users\netdisk
rhian (S-1-5-21-2445136535-42582293-1619217398-1028 - Limited - Disabled)
thecr (S-1-5-21-2445136535-42582293-1619217398-1027 - Limited - Disabled)
visitor (S-1-5-21-2445136535-42582293-1619217398-1029 - Limited - Enabled) => C:\Users\visitor
WDAGUtilityAccount (S-1-5-21-2445136535-42582293-1619217398-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Attribute Changer 7.10g (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 7.10g - Romain Petges)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2003647742.48.56.34082162 - Audible, Inc.)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BB FlashBack Express 5 (HKLM-x32\...\BB FlashBack Express 5) (Version: 5.10.0.3715 - Blueberry)
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Classic PhoneTools (HKLM-x32\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 9.00 - Avanquest software)
CrystalDiskMark 3.0.2e (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2e - Crystal Dew World)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Easy Macro Recorder 4.6 (HKLM-x32\...\Easy Macro Recorder_is1) (Version:  - GoldSolution Software, Inc.)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Getif 2.3.1 (HKLM-x32\...\Getif 2.3.1) (Version:  - )
GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToAssist Customer 4.3.0.1575 (HKLM-x32\...\GoToAssist Express Customer) (Version: 4.3.0.1575 - LogMeIn, Inc.)
GoToMeeting 8.22.0.8473 (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\GoToMeeting) (Version: 8.22.0.8473 - LogMeIn, Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden
HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version:  - )
HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPCarePackCore (HKLM-x32\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (HKLM-x32\...\{F3A52623-4890-415D-A43A-F71A3A39C273}) (Version: 2.0.0.1 - HP) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
ID3 Tag Editor 1.0 (HKLM-x32\...\{671DC096-9262-4943-A3D8-ED8A757B60D5}_is1) (Version:  - ID3TagEditor.com)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
MakeitOne - MP3AlbumMaker (HKLM-x32\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MediaInfo 0.7.53 (HKLM\...\MediaInfo) (Version: 0.7.53 - MediaArea.net)
Metrologic Optimus WQHL USB Driver (Driver Removal) (HKLM-x32\...\OPT_COMM&10C4&EA60) (Version:  - )
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Thunderbird 17.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.2 (x86 en-US)) (Version: 17.0.2 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (HKLM-x32\...\WT089299) (Version: 2.2.0.95 - WildTangent) Hidden
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OpenSSL 1.0.1e Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version:  - OpenSSL Win64 Installer Team)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PingPlotter Freeware (HKLM-x32\...\{8C99C3CB-763F-4D87-8ACA-81B6899207B1}) (Version: 1.30.0.11 - Nessoft, LLC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.1 - Prolific Technology INC)
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerSNMP Free Manager (HKLM-x32\...\{75332D2F-365B-4337-96B1-129619B8A304}) (Version: 0.9.7 - Dart Communications)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PuTTY version 0.62 (HKLM-x32\...\PuTTY_is1) (Version: 0.62 - Simon Tatham)
QuickBooks (HKLM-x32\...\{424104AD-BEC6-441D-ADE9-F6662FEEA4BA}) (Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Mfg and Whsle Edition 2014 (HKLM-x32\...\{46984AEC-E137-4567-8A1A-8BC71862611F}) (Version: 24.0.4008.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
R-Drive Image 5.1 (HKLM-x32\...\R-Drive Image 5.1NSIS) (Version: 5.1.5101 - R-Tools Technology Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden
SDFormatter (HKLM-x32\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Skype Meetings App (HKLM-x32\...\{97B72E44-5225-4838-80EC-055749300845}) (Version: 16.2.0.69 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Streaming Video Recorder V4.8.8 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.8.8 - APOWERSOFT LIMITED)
SUPER © v2018.Build.72+3D+Recorder version released on (2018/ (HKLM-x32\...\{FF4FC605-F906-405E-B62B-1FC3A236C052}_is1) (Version: released on (2018/01/13), - eRightSoft)
SUPER © +Recorder.2013.55 (Mar 7, 2013) version +Recorder.2013. (HKLM-x32\...\{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1) (Version: +Recorder.2013.55 - eRightSoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TalkSwitch 7.11 (HKLM-x32\...\{bc0e0bcf-d26e-46a9-8917-2d5013f83e7a}) (Version: 7.11.006.001 - Talkswitch)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer)
TextPad 4.7 (HKLM-x32\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.2 - Helios)
Tftpd32 Standalone Edition (remove only) (HKLM-x32\...\Tftpd32) (Version:  - )
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
USBInstaller 1.0 (HKLM-x32\...\USBInstaller_1.0) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinImage (HKLM\...\WinImage) (Version:  - )
WinImage (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\WinImage) (Version:  - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinSCP 5.1.1 (HKLM-x32\...\winscp3_is1) (Version: 5.1.1 - Martin Prikryl)
Wireshark 1.4.6 (HKLM-x32\...\Wireshark) (Version: 1.4.6 - The Wireshark developer community, hxxp://www.wireshark.org)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
YAMB (HKLM-x32\...\YAMB) (Version:  - )
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Citrix\GoToMeeting\4376\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files (x86)\Attribute Changer\acshell.dll [2014-01-08] (Romain Petges)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files (x86)\Attribute Changer\acshell.dll [2014-01-08] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2445136535-42582293-1619217398-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2445136535-42582293-1619217398-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2445136535-42582293-1619217398-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05E07D1D-1B4A-47F3-94E6-02A0E240DD41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0AA7A727-79F6-403C-AFD1-4BB0CA6CB627} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core1d257f0cfb5a2d1 => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0C9CAC21-B824-493A-BCAC-0B43C0AAFBBF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0CF47091-A41F-42F2-98D3-6147EA36D5DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1643A1BE-CF19-4044-8D80-E3157932C9F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {1A5956B7-2798-489E-ACEC-BD75A05D23AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1EED0F88-7B5F-48DF-9D2F-17F7991B542B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1FC3286A-79BE-46B2-BD18-1BC325B539EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {204D67B9-C47C-4109-88BE-1AE6D44A7C3A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {264A3827-6EAB-4151-B47B-B6D31A80E5A4} - System32\Tasks\jblr1QhIHqJY => jblr1qhihqjy.exe <==== ATTENTION
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29A6D2EE-0EFA-42C6-89F0-5FFE5C49ECFC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000 => C:\Users\netdisk\AppData\Local\GoToMeeting\8473\g2mupdate.exe [2018-03-09] (LogMeIn, Inc.)
Task: {2B8CF09D-BBCC-4A06-AB68-18766F4E82AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2E0CAD06-3C25-4299-BD99-7E96ABD7DF39} - \Default2Check -> No File <==== ATTENTION
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {33F2EF5A-62C0-4A1F-8114-F49DB608D0E6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3E6D2914-98BD-4D4F-9EFB-B6D2BDF7C6AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA1d257f0cfc88f2b => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {50882AD3-FBFC-490B-B0DB-3829CD711BA8} - \DefaultCheck -> No File <==== ATTENTION
Task: {57E04A39-15E3-49ED-9C23-E9A6215C00F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {592B121B-283F-49A8-8890-EED2850CF99D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {656669D4-2F32-4B36-BCB1-22C6C18CBFDC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA1d23719ee0c21a2 => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {6AECFEB8-0EF4-45DB-A03B-AD6348302FBB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2445136535-42582293-1619217398-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6F2F0EAC-B626-49CE-AF09-AC018F8C1AA4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {764E3369-B0B9-48A0-8393-53E344819D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {78F7E53C-3E41-4EF1-8735-63B616589779} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7A7AB0AC-0A02-455E-9B5E-265EB9005F12} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8138BC78-D970-4C68-AF32-A7E5FBC1780D} - System32\Tasks\{DB9BF06D-F465-4161-A169-B83FE751FE3F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.85.102/en/go/help.faq.installer?LastError=1618
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87A415D9-939F-4301-94E0-4F5FFACEA7B3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2445136535-42582293-1619217398-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {881D6E10-C240-4B6A-A1D8-3FF5574CBB94} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {8B09DB78-9DF3-421E-9FCD-4C40D418F834} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {98CF7226-1D02-42E5-83B1-F30834CDCC92} - System32\Tasks\HPCeeScheduleFornetdisk => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {98DE7B0D-84BE-40D3-A4FE-3FE74018C23A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DD3B602-1179-4D46-AF2F-B2F331A8E309} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A0BD75FC-793B-4FC5-982E-D0EB7FE77B9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFC1842D-E476-4940-8D98-36C8DD28A9C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B191BF9B-506A-4E91-9769-F3508E2372A9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB8F0ED2-34DE-4B88-B937-574586052774} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BEAF8068-3E20-476A-BC8D-46883803FB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {C01E04FA-43A3-48C2-A799-1FB5BEB27A60} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core1d23719edf6773c => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {C40202E4-A449-4B08-A50F-FFF6AA3CBED9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5E83986-FC3F-42CA-B271-E76CCC7DC674} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D1EEA019-1A57-437D-BF19-8F900715E250} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D29099F4-DB3E-4E98-B826-709490A080A3} - System32\Tasks\HP WEP => C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe [2007-04-25] ()
Task: {D56C1DE8-889F-41F2-A8B6-D83FC71F3D48} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-17] (Microsoft Corporation)
Task: {DD48C4CB-B213-4219-903A-E0A510489496} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E162D131-AF61-455E-8053-1683C9394126} - System32\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000 => C:\Users\netdisk\AppData\Local\GoToMeeting\8473\g2mupload.exe [2018-03-09] (LogMeIn, Inc.)
Task: {E625366B-DAE4-451E-A134-8F183D67F169} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD50FCF1-5F05-4A6E-BE66-988024E47332} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core1d23719edf6773c.job => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA1d23719ee0c21a2.job => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000.job => C:\Users\netdisk\AppData\Local\GoToMeeting\8473\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000.job => C:\Users\netdisk\AppData\Local\GoToMeeting\8473\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core.job => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA.job => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP WEP.job => C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exeWIN10TEST\visitor$Task for execution of hpbdfawep.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFornetdisk.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-24 02:14 - 2016-11-14 04:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-01 14:44 - 2012-06-01 14:44 - 000188416 _____ () C:\Program Files (x86)\Talkswitch\UDPLogger\UDPLogger.exe
2018-02-14 19:12 - 2018-02-09 21:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-14 19:12 - 2018-02-09 21:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 13:34 - 2018-03-15 04:50 - 000746312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-03-16 13:34 - 2018-03-15 04:50 - 002079048 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-01-24 13:14 - 2018-03-15 04:50 - 000100312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-01-24 13:13 - 2018-03-15 04:50 - 000018896 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\select.pyd
2018-01-24 13:13 - 2018-03-15 04:53 - 000020808 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000035808 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-01-24 13:13 - 2018-03-15 04:50 - 000694232 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000021856 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000130520 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 001856864 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000022880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-03-16 13:34 - 2018-03-15 04:50 - 000145880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-03-16 13:34 - 2018-03-15 04:50 - 000116696 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-01-24 13:13 - 2018-03-15 04:50 - 000105944 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000022872 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000063312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000024536 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000077120 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-03-16 13:34 - 2018-03-15 04:50 - 000020952 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000124888 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000114136 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-03-16 13:34 - 2018-03-15 04:50 - 000392664 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-01-24 13:13 - 2018-03-15 04:53 - 000392520 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000026464 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000043480 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-01-24 13:13 - 2018-03-15 04:50 - 000024024 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000175576 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000030168 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000026072 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000048600 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000057816 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000021840 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000023376 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000022864 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000066400 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 001798464 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-01-24 13:13 - 2018-03-15 04:50 - 000084944 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 001959232 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 003863880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000155472 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000521544 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000051024 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000043336 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000131400 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000219984 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000204104 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000025440 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000060888 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000054616 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000024024 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000022880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000087904 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000028632 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000022368 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000021856 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000022368 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000027496 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-24 13:14 - 2018-03-15 04:50 - 000349144 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000101704 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2018-01-24 13:14 - 2018-03-15 04:53 - 000023904 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000025432 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-03-16 13:34 - 2018-03-15 04:50 - 000036312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\librsync.dll
2018-03-16 13:34 - 2018-03-15 04:52 - 000032608 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2018-03-16 13:34 - 2018-03-15 04:50 - 000293392 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2018-01-24 13:14 - 2018-03-15 04:53 - 000021856 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000181064 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-01-24 13:14 - 2018-03-15 04:53 - 000030544 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000024384 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-03-16 13:34 - 2018-03-15 04:52 - 001638208 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-01-24 13:14 - 2018-03-15 04:53 - 000026464 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000546632 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000359744 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-03-16 13:34 - 2018-03-15 04:52 - 000038216 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2009-02-26 13:46 - 2009-02-26 13:46 - 000064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 000434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2018-02-23 13:20 - 2018-03-02 11:02 - 000164528 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2011-05-26 20:18 - 2011-05-26 20:18 - 000136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
2015-11-11 04:41 - 2015-11-11 04:41 - 000756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-12-17 11:16 - 000001033 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 update.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2445136535-42582293-1619217398-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\netdisk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp1.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: Google Update => "C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DA368080-67D7-477F-AAA9-2BF5AB3D5094}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{FE8D9164-0C57-41AC-A0CF-85CFEEC511B4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{EBE7B0C1-D0D0-4CD6-BA2B-6CF27710F657}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{912C837C-ED5C-4DDB-8389-F13D8FE3127B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{83B0F4AD-FE09-432E-A133-B356D415121E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{22D38E6B-729A-4032-ABF7-826D200E9C76}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6576708F-8709-4360-8053-60EB3E8047D0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{CB126FBF-6A2E-4BC9-B846-7E87C20BAB7C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{3AE89656-EBFE-4D24-970F-83620B7B66B3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{C5BA4F1F-2601-411B-B586-2034F65ABBA0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{2625CE63-C463-447E-A8CE-2DD49483605D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{3A4E53AD-5217-45FC-97F6-55AEF202BFA9}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{A3FFDBF7-6D41-46BE-844F-F9BC2DF5C944}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{E5992308-4CBA-4EA3-90EA-1B1C33FC3DE8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{A9D9292E-A2BB-406B-B809-70D50F61B3AC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{029A5063-3DED-4793-93E2-974B74D1A676}] => (Allow) LPort=2869
FirewallRules: [{3850A6DE-E568-4121-9B8F-95FB028319FB}] => (Allow) LPort=1900
FirewallRules: [{E37B6E5A-C074-4246-9707-57C93A4CCAA8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{553D9413-EA3E-4AA1-A034-90702B868B1F}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe
FirewallRules: [UDP Query User{29F4CE1C-0473-4A45-B6D7-59D7D73DBFCA}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe
FirewallRules: [TCP Query User{10E2C4ED-F684-4371-8C3A-8B4FDA0CE6BE}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{8FB5DE5F-E1E9-48F3-B39A-A4954A0FE4A6}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [{6340EC22-2251-4EFC-9273-F769BC999B5E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{CDC1456A-53B6-4286-9F41-7FE0FC789C3C}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{4EBA76CD-D924-4E1A-9E6B-FAE08AEFDB46}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{3367EB99-1AE3-42B6-B499-E3175F694618}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{291B9F39-E1DC-4747-96A7-F9F649AC389F}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{73E55073-1004-464A-9585-D6B0601140C0}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{C4C703FF-F930-4A74-890C-D23D79172E91}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [{9EFA11A1-C9F8-4B8D-9EBE-40BBFDA737ED}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [{0A2451AC-0710-4FBC-96C3-6B5E4061497D}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{7D5662E2-7B73-4D59-8485-1A0FA26E79A7}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [TCP Query User{54D71D64-5508-48A2-B2C5-B88551AFF8C3}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{93A04398-34DF-4FF3-90A1-154CAFD59756}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [TCP Query User{B60396A6-3637-41B9-8882-7D77C350AC17}C:\program files (x86)\iperf\iperf.exe] => (Allow) C:\program files (x86)\iperf\iperf.exe
FirewallRules: [UDP Query User{84249A13-348C-4511-953C-629F15ECC1E8}C:\program files (x86)\iperf\iperf.exe] => (Allow) C:\program files (x86)\iperf\iperf.exe
FirewallRules: [{D2C62451-4BDD-4665-9730-BBABF08A5487}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AA4E126D-072B-4379-8110-0A3433764453}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8FABDD46-8A80-42A9-BB29-C7AEC1EAE9CA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3076AD06-6AF1-41A5-BDAF-E3E58E438CDD}] => (Allow) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BEEA36AA-9B3E-4183-AE3E-17E557768636}] => (Allow) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{13E1DD12-C109-4235-A3AE-30F821279F15}C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6A44B1F8-F333-47EE-8197-72B7D8151281}C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AB6340D4-EDFE-4826-B474-53AF6449C8D7}] => (Allow) C:\Users\netdisk\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E646A1C4-D57B-4E4F-88E5-192D4F13A504}] => (Allow) C:\Users\netdisk\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{852E0C8F-299B-4582-91DF-5D2EE4CCC6A5}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{C6A56931-58C8-48D6-9817-55D118D2CB95}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{E24677C2-51D8-48DC-8254-40103BA7DDC0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{D16E9563-F7C3-40B0-9A6B-B56DA2B52C2B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{297040F5-93AA-4468-A378-BC26419F430E}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{D1C4608D-28C1-41DF-B589-5AC7FA476957}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{B5ADD53D-F97B-4792-A2BE-26EEB5A73B66}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3C951FB5-6F28-439F-8B8A-019F44D47445}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{B39568AB-23EE-4DB8-BF10-6EE845BD18C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{01318FBB-9EB0-4927-ACD9-8E750F8FAF18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{358F838A-FCF1-4950-981C-DADFEF7953C5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{FD11B76C-4953-4229-A210-8DAF185D86A2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{EF499C42-F794-42C0-B50B-15CD44A8B42C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DC9702E1-DD4F-4216-9946-7E8AB3BDBF82}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B0116B28-CC2F-46D3-A0E9-EFFF8D46ACB8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AF74B743-7191-474C-9214-D59A029E0E30}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CCC2F5EC-DA66-4746-9330-72548A12583F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BF76043C-4783-4063-9E2F-C8DB6CD1D9AC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BDF1DC14-9103-4DDD-9C7D-DC7F4B259CE2}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6092E1A-169D-4573-96F2-305EC1FA3B0E}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D0DBDD05-4B67-4839-B0AF-9B600058404A}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{3A076132-9836-4183-9928-8F1BAAEE39F7}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{4ED522E9-6F28-4FB0-9450-3CA34CC353AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FCA75B8B-BFAD-45DF-B635-F5F306A0618B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{75DF456D-D551-4B92-B13E-D6FD5CC1F5AD}C:\users\netdisk\downloads\winbox.exe] => (Allow) C:\users\netdisk\downloads\winbox.exe
FirewallRules: [UDP Query User{07F3057C-C110-4521-9117-85E9938ED18D}C:\users\netdisk\downloads\winbox.exe] => (Allow) C:\users\netdisk\downloads\winbox.exe
FirewallRules: [TCP Query User{579A0C57-A4F6-498C-AA8C-214CE903FE82}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [UDP Query User{D7E0C752-90A0-4900-8595-E1EE428EDFD8}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [TCP Query User{65995C51-B558-498D-BAB5-CA7CD7D1569A}C:\program files (x86)\intermapper\intermapper.exe] => (Allow) C:\program files (x86)\intermapper\intermapper.exe
FirewallRules: [UDP Query User{3447B81C-E499-450B-9226-CD8E4F34D021}C:\program files (x86)\intermapper\intermapper.exe] => (Allow) C:\program files (x86)\intermapper\intermapper.exe
FirewallRules: [{4AD1FA1E-3688-42E1-A281-D4D62C2F92AD}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{334EBA92-8161-4FEB-B9D6-384ACABB2704}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FC12BD0-6D1A-4410-A800-EF70A17C7A97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{18095FCD-2965-41A8-9D9D-EB63982BA3DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [TCP Query User{550286B0-0D89-4AEE-8AAA-33E5E5DBBF8D}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [UDP Query User{698065C7-AED6-4BAE-AAD4-8B05348300A2}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [{1981F5B2-80C7-432C-8713-1715D1B7B96E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26CA206F-5191-4A77-9DA3-359148357ACE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9B662ECF-26A8-403E-9A95-FC9E685E3447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{64C6F69E-446D-4719-9E1F-114E05FD2952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{8375DCA4-8BFD-448B-BDFE-5C618D6DB405}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2A202E2-BF6D-4F04-88D6-B0D1AC44B3BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F69E845B-0CA9-48ED-B1D3-AE0AF15D8A13}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{DC7291E1-4365-4BCF-8D59-673CC8AB73EF}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{026D43D2-D443-4234-BAC4-16B5DAB3DD23}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{B2630212-1933-4E12-BE75-F81A8C98144F}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{30B01A47-BEC2-4F02-990C-D9CA3CF2348D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{72B3AA47-538E-4387-BAB5-303549E355C0}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{79B67C10-CC73-4635-9098-8546EE0496C7}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{79984AAE-0322-4768-A756-B531D70B96DC}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{C0469682-3AA3-42D9-9100-9E86DA641B36}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{091B0542-3277-498B-BE5E-817F56D9BCA6}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{CB645352-6051-4DD6-B098-A9D85E450199}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{5D0FA631-48C2-4450-A60F-21487B70250A}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{0CC6346A-BDF6-41EE-911C-F585A508A0F9}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [{307F8E90-D5B8-481D-8BE4-44B830EE9FF3}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [TCP Query User{EA806738-24E3-4BCD-931C-C03F4C2C8DB0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CB76023C-0243-42C0-811B-F709BE6962BC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F88D44A-2D78-49B8-B0F5-3FF4155AAF36}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{D22DA6FE-D172-4E54-87CC-7A7E37BE830D}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{22B888B8-DC4B-4A59-B1DE-ECCC0C32D130}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{6294759B-FAF5-4882-A49C-537AD331506B}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{B0C68E1D-DC90-43AA-B2CD-3055067A8A3A}] => (Allow) C:\Users\netdisk\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{50689D62-B015-44E5-BF3C-F475DC7AC75A}] => (Allow) C:\Users\netdisk\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{B6DB8221-88D6-451E-BB73-E33AFA2F8B7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{4323612D-475D-4554-93C0-1A50E3D3D888}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{48266613-E62B-48FF-B9B6-E8657633D8A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{02E82C3E-087E-4A7B-A8FD-A1D8D9E6BAA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{28379A10-3340-4FA7-9FA2-C7B103A8AB28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{98CD61E2-0FC9-477D-BDDB-8531AE8CC41B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{75A99DA4-36E7-4360-9B3B-19F72981D3A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EB5D5E11-6792-44D8-A148-DDAE89BB3E3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{115040A4-FE89-475A-ABAA-15115EE9EE6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{600225BF-E21F-45E4-BD0D-500B389ABDC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F9AB48AB-8D31-44E3-8D98-DB1C1C550AE2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A306180-1AA8-4662-9B30-6814DC1BAF43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D92CA14F-62FD-40C9-BA85-0025CCBD1D60}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8B7F4452-F302-4321-BB0A-DD5B01130450}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-03-2018 15:07:13 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2018 02:41:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1910

Start Time: 01d3c2ef9f02e25a

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 5ea96b10-7f7a-4821-8281-62e1aa91f4b5

Faulting package full name:

Faulting package-relative application ID:

Error: (03/23/2018 01:20:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\netdisk\Downloads\wimaia85.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/23/2018 12:47:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\netdisk\Downloads\wimaia85.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/23/2018 11:02:57 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 0000000000000260,0x00560034,0000024E47F0D4C0,0,0000024E47F0C150,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (03/22/2018 03:44:24 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/22/2018 03:44:24 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {A8EEAE10-E5D6-443A-94A6-99BF0FE57FD8}

Error: (03/22/2018 02:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.248, time stamp: 0x5a7e76b1
Faulting module name: EdgeContent.dll, version: 11.0.16299.248, time stamp: 0x8fcf5afb
Exception code: 0xc0000409
Fault offset: 0x00000000000822a9
Faulting process id: 0xb94
Faulting application start time: 0x01d3bfcab99e5eb0
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EdgeContent.dll
Report Id: 7fb7d524-c852-4405-a0ba-35d9b5a9090d
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (03/21/2018 03:44:30 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (03/23/2018 03:13:59 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (03/23/2018 03:13:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/23/2018 03:13:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/23/2018 03:13:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/23/2018 03:13:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/23/2018 03:13:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/23/2018 03:08:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2018-03 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4088776).

Error: (03/23/2018 03:05:12 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.


Windows Defender:
===================================
Date: 2018-03-23 11:22:34.267
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {06FF5EBB-1959-49FD-B386-824BD63313E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-09 10:16:42.488
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ABE279F6-D414-4C95-BACD-30EC7899669E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-02 15:11:18.949
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0286ACBC-5BF6-4FEC-88FF-6D16424037F4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-02 13:48:40.679
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5092F7D5-0AA3-4471-86E5-B940D885D166}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-02 12:50:14.317
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {75E11B4E-3ED2-4C28-A64D-7F7B56089769}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-23 14:37:20.079
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-23 13:33:04.600
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1014.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2018-03-23 13:22:54.709
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-23 13:03:01.135
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1014.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2018-03-23 12:52:53.741
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-03-23 15:08:23.220
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-23 15:08:23.217
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-23 15:08:12.979
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-23 15:08:12.973
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-23 15:08:08.039
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-23 15:08:08.038
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-23 15:07:31.986
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-23 15:07:31.983
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 62%
Total physical RAM: 6103.07 MB
Available physical RAM: 2280.93 MB
Total Virtual: 14295.07 MB
Available Virtual: 9606.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.92 GB) (Free:102.67 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.05 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{a6bde143-5bcd-11e0-879a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{e9189d1d-0000-0000-0000-5081e5000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E9189D1D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 23 March 2018 - 07:56 PM

Hi thefamousmred :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 26 March 2018 - 12:21 AM

Thanks very much for your reply Aura.  I will run these commands in the morning and post the output. I only have access to this computer a couple of days a week, so thanks for your patience!

 

Michael



#4 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 26 March 2018 - 12:05 PM

Here is the output from those commands:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by netdisk (26-03-2018 10:04:24) Run:4
Running from C:\Users\netdisk\Downloads
Loaded Profiles: netdisk (Available Profiles: netdisk & Daniel & visitor & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
*****************

========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
The operation completed successfully.
========= End of CMD: =========

========= bcdedit.exe /set {default} recoveryenabled yes =========
The operation completed successfully.
========= End of CMD: =========

==== End of Fixlog 10:04:24 ====


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 26 March 2018 - 02:36 PM

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive in the computer
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 26 March 2018 - 05:02 PM

Here is the FRST.TXT file from recovery mode.

Attached Files

  • Attached File  FRST.txt   23.14KB   14 downloads


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 27 March 2018 - 09:29 AM

Good! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 29 March 2018 - 02:51 AM

I will try this in the morning and post the results, thanks!



#9 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 29 March 2018 - 11:23 PM

That worked great, thanks a lot!  I had to reinstall Malware Bytes, but then it did not report anything after the scan. The disk activity seems normal now and Edge does not get the citypages redirect. 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 30 March 2018 - 12:27 PM

Awesome :) Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 April 2018 - 03:25 PM

Here are the logs.  I kept a few things that I recognized in RogueKiller.  Let me know if I should go back and delete those.
 
# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 20:20:55 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-04-03.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [30154 B] - [2018/3/19 20:35:4]
C:/AdwCleaner/AdwCleaner[C1].txt - [5058 B] - [2018/3/19 20:46:48]
C:/AdwCleaner/AdwCleaner[S0].txt - [33083 B] - [2018/3/19 20:34:17]
C:/AdwCleaner/AdwCleaner[S1].txt - [5389 B] - [2018/3/19 20:46:21]
C:/AdwCleaner/AdwCleaner[S2].txt - [1218 B] - [2018/3/23 21:27:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

 

 

RogueKiller V12.12.11.0 (x64) [Apr  3 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : netdisk [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/03/2018 10:37:10 (Duration : 01:28:42)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Babylon -> Deleted
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6340EC22-2251-4EFC-9273-F769BC999B5E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\UltraVNC\vncviewer.exe|Name=vncviewer.exe| [x] -> Not selected
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CDC1456A-53B6-4286-9F41-7FE0FC789C3C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\UltraVNC\vncviewer.exe|Name=vncviewer.exe| [x] -> Not selected
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4EBA76CD-D924-4E1A-9E6B-FAE08AEFDB46} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\UltraVNC\winvnc.exe|Name=UltraVNC Server| [x] -> Not selected
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3367EB99-1AE3-42B6-B499-E3175F694618} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\UltraVNC\winvnc.exe|Name=UltraVNC Server| [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{297040F5-93AA-4468-A378-BC26419F430E}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{D1C4608D-28C1-41DF-B589-5AC7FA476957}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Deleted
¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{DB9BF06D-F465-4161-A169-B83FE751FE3F} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.4.85.102/en/go/help.faq.installer?LastError=1618) -> Deleted
¤¤¤ Files : 7 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Babylon -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\netdisk\AppData\Roaming\AGData -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\netdisk\AppData\Roaming\AGData\bin\AGLoader.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\netdisk\AppData\Roaming\AGData\bin -> Deleted
[PUP.Gen1][Folder] C:\Users\netdisk\AppData\Roaming\Babylon -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Roaming\Babylon\log_file.txt -> Deleted
[PUP.Gen1][Folder] C:\Users\netdisk\AppData\Local\Babylon -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\bab033.tbinst.dat -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\bab091.norecovericon.dat -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\Babylon.dat -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\BExternal.dll -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\common.js -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\eula.html -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page1.css -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page1.html -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page1.js -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page2.css -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page2.html -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page2.js -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\page9.html -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\title1.png -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\title2.png -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png -> Deleted
[PUP.Gen1][Folder] C:\Users\netdisk\AppData\Local\Babylon\Setup\HtmlScreens -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\IECookieLow.dll -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\SetupStrings.dat -> Deleted
[PUP.Gen1][File] C:\Users\netdisk\AppData\Local\Babylon\Setup\sqlite3.dll -> Deleted
[PUP.Gen1][Folder] C:\Users\netdisk\AppData\Local\Babylon\Setup -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Babylon -> ERROR [3]
[PUP.HackTool][Folder] C:\Program Files\UltraVNC -> Not selected
[PUP.HackTool][File] C:\Users\netdisk\Downloads\AA_v3.exe -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 1 Volume +++++
--- User ---
[MBR] dc7ad5d8dee5785b32574a6cd6619e10
[BSP] e8f43341285e8c6e250387bee0f608d1 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 939952 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1925228544 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1926150144 | Size: 13363 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 04 April 2018 - 07:06 AM

That's fine :) Now run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 06 April 2018 - 01:51 PM

Here are the latest scan results, let me know what you think.

 

Thanks!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by netdisk (administrator) on WIN10TEST (06-04-2018 10:48:00)
Running from C:\Users\netdisk\Downloads
Loaded Profiles: netdisk & visitor (Available Profiles: netdisk & Daniel & visitor & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\TalkSwitch\UDPLogger\UDPLogger.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Igor Pavlov) C:\Program Files\7-Zip\7zFM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [hpbdfawep] => C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe [1214976 2007-04-25] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-12-09] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\GoToAssist Remote Support Customer\1575\g2ax_winlogonx64.dll [X]
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Run: [Dropbox Update] => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Run: [Google Update] => C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Policies\system: [EnableLUA] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-03-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2445136535-42582293-1619217398-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1717725a-f6ec-4ee0-b65e-8f9889af2bb5}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-2445136535-42582293-1619217398-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-31] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\netdisk\AppData\Roaming\TomTom\HOME\Profiles\779d1o9j.default [2011-12-06]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\netdisk\AppData\Roaming\Mozilla\Firefox\Profiles\s53l1cxy.default [2018-04-03]
FF Homepage: Mozilla\Firefox\Profiles\s53l1cxy.default -> hxxp://www.google.com/
FF Extension: (Adblock Plus) - C:\Users\netdisk\AppData\Roaming\Mozilla\Firefox\Profiles\s53l1cxy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\netdisk\AppData\Roaming\Mozilla\Firefox\Profiles\s53l1cxy.default\features\{07b49309-4f38-4728-abba-da1da6cbfa8d}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-03] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\netdisk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @talk.google.com/O1DPlugin -> C:\Users\netdisk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @tools.google.com/Google Update;version=3 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: @tools.google.com/Google Update;version=9 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\netdisk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.69\npGatewayNpapi.dll [2016-07-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2445136535-42582293-1619217398-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\netdisk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.69\npGatewayNpapi-x64.dll [2016-07-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\netdisk\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-10-03] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\netdisk\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\netdisk\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default [2018-04-03]
CHR Extension: (Adblock Plus) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-08]
CHR Extension: (Google Voice (by Google)) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\netdisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1575\g2ax_service.exe [614368 2017-12-13] (LogMeIn, Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-02] (Electronic Arts)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-09] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-09] (Intuit Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH)
S3 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
R2 UDPLogger; C:\Program Files (x86)\Talkswitch\UDPLogger\UDPLogger.exe [188416 2012-06-01] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DrvSnSht; C:\Program Files (x86)\Drive Image\DrvSnSht64.sys [132432 2010-05-31] (R-TT Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-03] (Malwarebytes)
R1 MpKsl001a7f6f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A47FF148-F93B-4C1E-8EBC-86493B87085B}\MpKsl001a7f6f.sys [58120 2018-04-05] (Microsoft Corporation)
S3 mv2; C:\WINDOWS\System32\DRIVERS\mv2.sys [12904 2011-04-29] (UVNC BVBA)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 R-ImageDisk; C:\Program Files (x86)\Drive Image\R-ImageDisk64.sys [181840 2013-01-15] (R-TT Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S4 vdfcgq; C:\WINDOWS\System32\drivers\uqjwepm.sys [79064 2018-03-02] (Malwarebytes Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-03-19] (Zemana Ltd.)
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-03 17:06 - 2018-04-06 08:27 - 000002980 _____ C:\WINDOWS\System32\Tasks\HP WEP
2018-04-03 17:06 - 2018-04-06 08:27 - 000000352 _____ C:\WINDOWS\Tasks\HP WEP.job
2018-04-03 16:58 - 2018-04-03 16:58 - 000000000 ____D C:\Users\visitor\AppData\Local\CrashDumps
2018-04-03 14:48 - 2018-04-03 14:48 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-03 13:59 - 2018-04-03 13:59 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\WinRAR
2018-04-03 13:55 - 2018-04-03 13:55 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-04-03 13:55 - 2018-04-03 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-04-03 13:55 - 2018-04-03 13:55 - 000000000 ____D C:\Program Files\WinRAR
2018-04-03 13:50 - 2018-04-03 15:13 - 000000000 ____D C:\Users\netdisk\AppData\Local\CrashDumps
2018-04-03 10:37 - 2018-04-03 10:37 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-04-03 10:29 - 2018-04-03 10:31 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-03 10:29 - 2018-04-03 10:29 - 000000936 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-03 10:29 - 2018-04-03 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-03 10:29 - 2018-04-03 10:29 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-03 10:28 - 2018-04-03 10:28 - 036501736 _____ (Adlice Software ) C:\Users\netdisk\Downloads\roguekiller_setup.exe
2018-03-29 13:34 - 2018-03-29 13:34 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-29 10:57 - 2018-03-29 10:57 - 000001949 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-29 10:57 - 2018-03-29 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-29 10:57 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-26 15:05 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-26 15:05 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-26 15:04 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-26 15:04 - 2018-03-01 20:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-26 15:04 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-26 15:04 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-26 15:04 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-26 15:04 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-26 15:04 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-26 15:04 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-26 15:04 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-26 15:04 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-26 15:04 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-26 15:04 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-26 15:04 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-26 15:04 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-26 15:04 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-26 15:04 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-26 15:04 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-26 15:04 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-26 15:04 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-26 15:04 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-26 15:04 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-26 15:04 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-26 15:04 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-26 15:04 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-26 15:04 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-26 15:04 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-26 15:04 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-26 15:04 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-26 15:04 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-26 15:04 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-26 15:04 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-26 15:04 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-26 15:04 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-26 15:04 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-26 15:04 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-26 15:04 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-26 15:04 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-26 15:04 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-26 15:04 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-26 15:04 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-26 15:04 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-26 15:04 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-26 15:04 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-26 15:04 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-26 15:04 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-26 15:04 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-26 15:04 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-26 15:04 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-26 15:04 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-26 15:04 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-26 15:04 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-26 15:04 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-26 15:04 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-26 15:04 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-26 15:04 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-26 15:04 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-26 15:04 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-26 15:04 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-26 15:04 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-26 15:04 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-26 15:04 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-26 15:04 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-26 15:04 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-26 15:04 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-26 15:04 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-26 15:04 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-26 15:04 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-26 15:04 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-26 15:04 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-26 15:04 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-26 15:04 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-26 15:04 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-26 15:04 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-26 15:04 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-26 15:04 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-26 15:04 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-26 15:04 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-26 15:04 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-26 15:04 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-26 15:04 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-26 15:04 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-26 15:04 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-26 15:04 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-26 15:04 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-26 15:04 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-26 15:04 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-26 15:04 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-26 15:04 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-26 15:04 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-26 15:04 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-26 15:04 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-26 15:04 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-26 15:04 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-26 15:04 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-26 15:04 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-26 15:04 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-26 15:04 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-26 15:04 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-26 15:04 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-26 15:04 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-26 15:04 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-26 15:04 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-26 15:04 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-26 15:04 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-26 15:04 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-26 15:04 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-26 15:04 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-26 15:04 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-26 15:04 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-26 15:04 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-26 15:04 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-26 15:04 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-26 15:04 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-26 15:04 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-26 15:04 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-26 15:04 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-26 15:04 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-26 15:04 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-26 15:04 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-26 15:04 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-26 15:04 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-26 15:04 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-26 15:04 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-26 15:04 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-26 15:04 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-26 15:04 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-26 15:04 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-26 15:04 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-26 15:04 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-26 15:04 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-26 15:04 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-26 15:04 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-26 15:04 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-26 15:04 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-26 15:04 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-26 15:04 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-26 15:04 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-26 15:04 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-26 15:04 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-26 15:04 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-26 15:04 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-26 15:04 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-26 15:04 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-26 15:04 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-26 15:04 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-26 15:04 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-26 15:04 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-26 15:04 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-26 15:04 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-26 15:04 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-26 15:04 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-26 15:04 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-26 15:04 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-26 15:04 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-26 15:04 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-26 15:04 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-26 15:04 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-26 15:04 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-26 15:04 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-26 15:04 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-26 15:04 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-26 15:04 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-26 15:04 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-26 15:04 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-26 15:04 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-26 15:04 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-26 15:04 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-26 15:04 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-26 15:04 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-26 15:04 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-26 15:04 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-26 15:04 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-26 15:04 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-23 15:12 - 2018-03-29 11:16 - 000098529 _____ C:\Users\netdisk\Downloads\Addition.txt
2018-03-23 15:10 - 2018-04-06 10:49 - 000027520 _____ C:\Users\netdisk\Downloads\FRST.txt
2018-03-23 14:54 - 2018-03-26 10:04 - 000000817 _____ C:\Users\netdisk\Downloads\Fixlog.txt
2018-03-23 14:53 - 2018-04-06 10:48 - 000000000 ____D C:\FRST
2018-03-23 14:52 - 2018-03-23 14:52 - 002403328 _____ (Farbar) C:\Users\netdisk\Downloads\FRST64.exe
2018-03-23 13:20 - 2018-03-29 11:10 - 000000000 ____D C:\Users\netdisk\Downloads\PCHunter_free
2018-03-23 13:17 - 2018-03-23 13:17 - 005908597 _____ C:\Users\netdisk\Downloads\PCHunter_free.zip
2018-03-23 12:48 - 2016-03-11 14:53 - 000380928 _____ C:\Users\netdisk\Downloads\gmer.exe
2018-03-23 12:42 - 2018-03-23 14:37 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-23 12:35 - 2018-03-23 12:35 - 000000000 ____D C:\WINDOWS\pss
2018-03-23 12:10 - 2018-03-23 12:10 - 005908597 _____ C:\Users\netdisk\Downloads\xPCHunter_free.zip
2018-03-23 11:54 - 2018-03-26 12:05 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-23 11:35 - 2016-03-11 14:53 - 000380928 _____ C:\Users\netdisk\Downloads\xxgmr.exe
2018-03-23 11:34 - 2018-03-23 11:34 - 000371282 _____ C:\Users\netdisk\Downloads\gmer.zip
2018-03-23 11:21 - 2018-03-23 11:22 - 071191456 _____ (Malwarebytes ) C:\Users\netdisk\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4446.exe
2018-03-23 10:08 - 2018-03-26 15:52 - 000000000 ____D C:\Users\netdisk\AppData\Local\wmcagent
2018-03-19 14:00 - 2018-03-19 14:00 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3415F343.sys
2018-03-19 13:59 - 2018-03-19 14:37 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-19 13:59 - 2018-03-19 13:59 - 014178840 _____ (Malwarebytes Corp.) C:\Users\netdisk\Downloads\mbar-1.10.3.1001.exe
2018-03-19 13:30 - 2018-04-03 13:20 - 000000000 ____D C:\AdwCleaner
2018-03-19 13:26 - 2018-03-19 13:26 - 008222496 _____ (Malwarebytes) C:\Users\netdisk\Downloads\adwcleaner_7.0.8.0.exe
2018-03-19 13:18 - 2018-04-06 10:49 - 000657300 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-19 13:18 - 2018-03-19 13:36 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-19 13:18 - 2018-03-19 13:25 - 000010362 _____ C:\WINDOWS\ZAM.krnl.trace
2018-03-19 13:18 - 2018-03-19 13:18 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-03-19 13:18 - 2018-03-19 13:18 - 000000000 ____D C:\Users\netdisk\AppData\Local\Zemana
2018-03-19 13:17 - 2018-03-19 13:17 - 006625600 _____ (Zemana Ltd. ) C:\Users\netdisk\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-19 12:22 - 2018-03-19 12:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-16 16:34 - 2018-03-29 16:25 - 000002412 _____ C:\Users\visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-16 12:23 - 2018-03-16 12:29 - 257291909 _____ C:\Users\netdisk\Downloads\bc_backup.zip
2018-03-13 16:34 - 2018-03-13 16:34 - 006210560 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-03-12 15:52 - 2018-03-12 15:52 - 000000000 ____D C:\Users\netdisk\Downloads\bc_backup
2018-03-12 12:34 - 2018-03-12 12:34 - 000000000 ___HD C:\$Windows.~WS
2018-03-12 12:34 - 2018-03-12 12:34 - 000000000 ____D C:\$WINDOWS.~BT
2018-03-09 15:07 - 2018-03-09 15:07 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2018-03-09 15:07 - 2018-03-09 15:07 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2018-03-09 12:04 - 2018-03-09 12:04 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-03-09 11:55 - 2018-03-10 19:49 - 000000000 ____D C:\Users\netdisk\AppData\Local\pwnzghb
2018-03-09 10:52 - 2018-03-09 10:52 - 000000000 ____H C:\Users\netdisk\AppData\Local\BITF98D.tmp
2018-03-09 10:51 - 2018-03-09 10:52 - 000000000 _____ C:\Users\netdisk\AppData\Local\{016D8F07-B166-45E8-9C62-C58DE7D1752D}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-06 10:34 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-06 10:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-06 10:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-06 10:24 - 2011-11-18 14:52 - 000000000 ____D C:\Users\netdisk\Documents\Outlook
2018-04-06 10:03 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-06 09:52 - 2018-02-11 19:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-03 15:06 - 2011-08-29 10:28 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\uTorrent
2018-04-03 14:54 - 2018-02-11 19:12 - 001164458 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-03 14:48 - 2018-02-11 19:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-03 14:48 - 2018-02-11 19:18 - 000000000 ____D C:\Users\netdisk
2018-04-03 14:48 - 2017-06-24 02:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-03 14:48 - 2016-01-25 10:32 - 000000662 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000.job
2018-04-03 14:48 - 2016-01-25 10:32 - 000000566 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000.job
2018-04-03 14:47 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-03 14:47 - 2011-04-04 11:53 - 000000000 ____D C:\Program Files\7-Zip
2018-04-03 14:19 - 2016-11-23 11:04 - 000000000 ____D C:\Users\netdisk\AppData\LocalLow\Mozilla
2018-04-03 12:09 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-03 12:07 - 2018-02-23 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-03 12:07 - 2011-11-18 14:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-03 09:53 - 2011-11-18 14:15 - 000000000 ___RD C:\Dropbox
2018-03-29 16:25 - 2018-02-11 19:54 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2445136535-42582293-1619217398-1029
2018-03-29 16:25 - 2017-08-14 16:45 - 000000000 ___RD C:\Users\visitor\OneDrive
2018-03-29 16:23 - 2018-02-12 17:35 - 000000000 ___RD C:\Users\visitor\3D Objects
2018-03-29 16:23 - 2016-07-27 09:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-29 13:35 - 2011-04-15 12:05 - 000000000 ____D C:\Users\netdisk\AppData\Roaming\Dropbox
2018-03-29 13:33 - 2015-06-15 20:53 - 000000000 ____D C:\Users\netdisk\AppData\Local\Dropbox
2018-03-29 12:13 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-29 10:57 - 2015-05-19 12:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-28 06:19 - 2017-07-08 02:14 - 000000000 ____D C:\Users\netdisk\AppData\Local\GoToMeeting
2018-03-28 00:31 - 2018-02-11 19:54 - 000003820 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000
2018-03-28 00:31 - 2018-02-11 19:54 - 000003724 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000
2018-03-26 18:08 - 2018-02-12 10:43 - 000000000 ___RD C:\Users\netdisk\3D Objects
2018-03-26 18:07 - 2018-02-11 19:07 - 002181096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-26 18:03 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-26 18:03 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-26 18:03 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-26 17:03 - 2011-11-30 11:08 - 000000000 ____D C:\Users\netdisk\Shared Files
2018-03-26 15:52 - 2018-02-26 18:00 - 000000000 ____D C:\Users\netdisk\AppData\Local\upsciml
2018-03-26 15:12 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-26 15:07 - 2017-09-29 06:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-26 15:07 - 2017-09-29 06:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-26 14:44 - 2017-09-29 01:45 - 018612224 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-23 14:39 - 2018-02-26 17:58 - 002888704 _____ C:\WINDOWS\system32\msapibhsvc.exe
2018-03-23 14:35 - 2016-10-03 15:38 - 000000032 _____ C:\Users\netdisk\Desktop\New Text Document.txt
2018-03-23 10:06 - 2011-07-21 10:53 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 10:06 - 2011-07-21 10:53 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-19 16:12 - 2018-02-16 12:49 - 000000031 _____ C:\Users\netdisk\Desktop\New Text Document (3).txt
2018-03-19 13:24 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-19 13:23 - 2013-11-04 15:08 - 000007592 _____ C:\Users\netdisk\AppData\Local\Resmon.ResmonCfg
2018-03-19 13:16 - 2011-12-06 15:04 - 000000000 ____D C:\Program Files (x86)\TomTom HOME 2
2018-03-19 12:55 - 2018-02-11 19:54 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2445136535-42582293-1619217398-1000
2018-03-19 12:55 - 2016-07-27 09:38 - 000002412 _____ C:\Users\netdisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 12:54 - 2016-07-27 09:38 - 000000000 ___RD C:\Users\netdisk\OneDrive
2018-03-19 12:22 - 2015-05-19 12:26 - 000000000 ____D C:\Program Files (x86)\xxMalwarebytes Anti-Malware
2018-03-16 13:34 - 2013-05-21 10:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-16 13:34 - 2011-07-19 13:48 - 000001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-13 16:34 - 2018-02-11 19:54 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 16:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 16:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-12 12:35 - 2018-02-10 19:16 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-09 12:04 - 2018-02-11 19:18 - 000000000 ____D C:\Users\DefaultAppPool
2018-03-09 10:54 - 2013-03-18 09:36 - 000000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleFornetdisk.job
2018-03-08 16:28 - 2018-02-11 19:54 - 000003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFornetdisk
==================== Files in the root of some directories =======
2013-12-19 10:31 - 2014-11-03 14:29 - 000000132 _____ () C:\Users\netdisk\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-05-09 10:11 - 2011-12-03 08:07 - 000001854 _____ () C:\Users\netdisk\AppData\Roaming\GhostObjGAFix.xml
2012-11-15 15:09 - 2016-07-29 10:16 - 000000600 _____ () C:\Users\netdisk\AppData\Roaming\winscp.rnd
2018-03-09 10:52 - 2018-03-09 10:52 - 000000000 ____H () C:\Users\netdisk\AppData\Local\BITF98D.tmp
2013-05-21 13:30 - 2012-11-23 05:54 - 000196608 _____ () C:\Users\netdisk\AppData\Local\common_functions.dll
2012-01-16 12:32 - 2012-01-16 12:40 - 000000080 _____ () C:\Users\netdisk\AppData\Local\CrystalDiskMark30.ini
2012-11-23 05:54 - 2012-11-23 05:54 - 000114688 _____ () C:\Users\netdisk\AppData\Local\ie_runner_app.exe
2013-05-21 13:30 - 2012-06-26 03:59 - 000940544 _____ (Apache Software Foundation) C:\Users\netdisk\AppData\Local\log4cxx.dll
2013-01-21 11:25 - 2017-08-07 16:01 - 000000600 _____ () C:\Users\netdisk\AppData\Local\PUTTY.RND
2013-11-04 15:08 - 2018-03-19 13:23 - 000007592 _____ () C:\Users\netdisk\AppData\Local\Resmon.ResmonCfg
2016-01-13 18:05 - 2016-01-13 18:05 - 000001352 _____ () C:\Users\netdisk\AppData\Local\UTS.zip
2018-03-09 10:51 - 2018-03-09 10:52 - 000000000 _____ () C:\Users\netdisk\AppData\Local\{016D8F07-B166-45E8-9C62-C58DE7D1752D}
Some files in TEMP:
====================
2018-04-03 10:29 - 2018-02-09 23:15 - 001954048 _____ (Microsoft Corporation) C:\Users\netdisk\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-05 12:48
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by netdisk (06-04-2018 10:50:14)
Running from C:\Users\netdisk\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-02-12 02:56:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2445136535-42582293-1619217398-500 - Administrator - Disabled)
Daniel (S-1-5-21-2445136535-42582293-1619217398-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-2445136535-42582293-1619217398-503 - Limited - Disabled)
Guest (S-1-5-21-2445136535-42582293-1619217398-501 - Limited - Disabled) => C:\Users\Guest
netdisk (S-1-5-21-2445136535-42582293-1619217398-1000 - Administrator - Enabled) => C:\Users\netdisk
rhian (S-1-5-21-2445136535-42582293-1619217398-1028 - Limited - Disabled)
thecr (S-1-5-21-2445136535-42582293-1619217398-1027 - Limited - Disabled)
visitor (S-1-5-21-2445136535-42582293-1619217398-1029 - Limited - Enabled) => C:\Users\visitor
WDAGUtilityAccount (S-1-5-21-2445136535-42582293-1619217398-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Attribute Changer 7.10g (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 7.10g - Romain Petges)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2003647742.48.56.34082162 - Audible, Inc.)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BB FlashBack Express 5 (HKLM-x32\...\BB FlashBack Express 5) (Version: 5.10.0.3715 - Blueberry)
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Classic PhoneTools (HKLM-x32\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 9.00 - Avanquest software)
CrystalDiskMark 3.0.2e (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2e - Crystal Dew World)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Easy Macro Recorder 4.6 (HKLM-x32\...\Easy Macro Recorder_is1) (Version:  - GoldSolution Software, Inc.)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Getif 2.3.1 (HKLM-x32\...\Getif 2.3.1) (Version:  - )
GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToAssist Customer 4.3.0.1575 (HKLM-x32\...\GoToAssist Express Customer) (Version: 4.3.0.1575 - LogMeIn, Inc.)
GoToMeeting 8.24.0.8569 (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\GoToMeeting) (Version: 8.24.0.8569 - LogMeIn, Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden
HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version:  - )
HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPCarePackCore (HKLM-x32\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (HKLM-x32\...\{F3A52623-4890-415D-A43A-F71A3A39C273}) (Version: 2.0.0.1 - HP) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
ID3 Tag Editor 1.0 (HKLM-x32\...\{671DC096-9262-4943-A3D8-ED8A757B60D5}_is1) (Version:  - ID3TagEditor.com)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
MakeitOne - MP3AlbumMaker (HKLM-x32\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MediaInfo 0.7.53 (HKLM\...\MediaInfo) (Version: 0.7.53 - MediaArea.net)
Metrologic Optimus WQHL USB Driver (Driver Removal) (HKLM-x32\...\OPT_COMM&10C4&EA60) (Version:  - )
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2445136535-42582293-1619217398-1029\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Thunderbird 17.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.2 (x86 en-US)) (Version: 17.0.2 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (HKLM-x32\...\WT089299) (Version: 2.2.0.95 - WildTangent) Hidden
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OpenSSL 1.0.1e Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version:  - OpenSSL Win64 Installer Team)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PingPlotter Freeware (HKLM-x32\...\{8C99C3CB-763F-4D87-8ACA-81B6899207B1}) (Version: 1.30.0.11 - Nessoft, LLC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.1 - Prolific Technology INC)
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerSNMP Free Manager (HKLM-x32\...\{75332D2F-365B-4337-96B1-129619B8A304}) (Version: 0.9.7 - Dart Communications)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PuTTY version 0.62 (HKLM-x32\...\PuTTY_is1) (Version: 0.62 - Simon Tatham)
QuickBooks (HKLM-x32\...\{424104AD-BEC6-441D-ADE9-F6662FEEA4BA}) (Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Mfg and Whsle Edition 2014 (HKLM-x32\...\{46984AEC-E137-4567-8A1A-8BC71862611F}) (Version: 24.0.4008.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
R-Drive Image 5.1 (HKLM-x32\...\R-Drive Image 5.1NSIS) (Version: 5.1.5101 - R-Tools Technology Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden
RogueKiller version 12.12.11.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.11.0 - Adlice Software)
SDFormatter (HKLM-x32\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Skype Meetings App (HKLM-x32\...\{97B72E44-5225-4838-80EC-055749300845}) (Version: 16.2.0.69 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Streaming Video Recorder V4.8.8 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.8.8 - APOWERSOFT LIMITED)
SUPER © v2018.Build.72+3D+Recorder version released on (2018/ (HKLM-x32\...\{FF4FC605-F906-405E-B62B-1FC3A236C052}_is1) (Version: released on (2018/01/13), - eRightSoft)
SUPER © +Recorder.2013.55 (Mar 7, 2013) version +Recorder.2013. (HKLM-x32\...\{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1) (Version: +Recorder.2013.55 - eRightSoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TalkSwitch 7.11 (HKLM-x32\...\{bc0e0bcf-d26e-46a9-8917-2d5013f83e7a}) (Version: 7.11.006.001 - Talkswitch)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer)
TextPad 4.7 (HKLM-x32\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.2 - Helios)
Tftpd32 Standalone Edition (remove only) (HKLM-x32\...\Tftpd32) (Version:  - )
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
USBInstaller 1.0 (HKLM-x32\...\USBInstaller_1.0) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinImage (HKLM\...\WinImage) (Version:  - )
WinImage (HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\WinImage) (Version:  - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.60 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.2 - win.rar GmbH)
WinSCP 5.1.1 (HKLM-x32\...\winscp3_is1) (Version: 5.1.1 - Martin Prikryl)
Wireshark 1.4.6 (HKLM-x32\...\Wireshark) (Version: 1.4.6 - The Wireshark developer community, hxxp://www.wireshark.org)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
YAMB (HKLM-x32\...\YAMB) (Version:  - )
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Citrix\GoToMeeting\4376\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2445136535-42582293-1619217398-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\netdisk\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-03-31] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-03-31] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files (x86)\Attribute Changer\acshell.dll [2014-01-08] (Romain Petges)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files (x86)\Attribute Changer\acshell.dll [2014-01-08] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-03-31] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-03-31] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2445136535-42582293-1619217398-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2445136535-42582293-1619217398-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2445136535-42582293-1619217398-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\netdisk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05E07D1D-1B4A-47F3-94E6-02A0E240DD41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0AA7A727-79F6-403C-AFD1-4BB0CA6CB627} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core1d257f0cfb5a2d1 => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0C9CAC21-B824-493A-BCAC-0B43C0AAFBBF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0CF47091-A41F-42F2-98D3-6147EA36D5DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1643A1BE-CF19-4044-8D80-E3157932C9F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {1A5956B7-2798-489E-ACEC-BD75A05D23AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1EED0F88-7B5F-48DF-9D2F-17F7991B542B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {24BAE897-4EB6-4173-B716-5B7E72389D4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {264A3827-6EAB-4151-B47B-B6D31A80E5A4} - System32\Tasks\jblr1QhIHqJY => jblr1qhihqjy.exe <==== ATTENTION
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29A6D2EE-0EFA-42C6-89F0-5FFE5C49ECFC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000 => C:\Users\netdisk\AppData\Local\GoToMeeting\8569\g2mupdate.exe [2018-03-28] (LogMeIn, Inc.)
Task: {2B8CF09D-BBCC-4A06-AB68-18766F4E82AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2E0CAD06-3C25-4299-BD99-7E96ABD7DF39} - \Default2Check -> No File <==== ATTENTION
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3E6D2914-98BD-4D4F-9EFB-B6D2BDF7C6AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA1d257f0cfc88f2b => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4AF30B61-4F68-4900-AD46-2D5F6577B1DF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-31] (Microsoft Corporation)
Task: {50882AD3-FBFC-490B-B0DB-3829CD711BA8} - \DefaultCheck -> No File <==== ATTENTION
Task: {5192BC78-DAA1-4506-A2F3-A2564AC9308A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {57E04A39-15E3-49ED-9C23-E9A6215C00F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {592B121B-283F-49A8-8890-EED2850CF99D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {656669D4-2F32-4B36-BCB1-22C6C18CBFDC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA1d23719ee0c21a2 => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {6AECFEB8-0EF4-45DB-A03B-AD6348302FBB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2445136535-42582293-1619217398-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6F2F0EAC-B626-49CE-AF09-AC018F8C1AA4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {764E3369-B0B9-48A0-8393-53E344819D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {78F7E53C-3E41-4EF1-8735-63B616589779} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87A415D9-939F-4301-94E0-4F5FFACEA7B3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2445136535-42582293-1619217398-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {881D6E10-C240-4B6A-A1D8-3FF5574CBB94} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {8B09DB78-9DF3-421E-9FCD-4C40D418F834} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {98CF7226-1D02-42E5-83B1-F30834CDCC92} - System32\Tasks\HPCeeScheduleFornetdisk => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {98DE7B0D-84BE-40D3-A4FE-3FE74018C23A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DD3B602-1179-4D46-AF2F-B2F331A8E309} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A0BD75FC-793B-4FC5-982E-D0EB7FE77B9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFC1842D-E476-4940-8D98-36C8DD28A9C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B191BF9B-506A-4E91-9769-F3508E2372A9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB8F0ED2-34DE-4B88-B937-574586052774} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BEAF8068-3E20-476A-BC8D-46883803FB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {C01E04FA-43A3-48C2-A799-1FB5BEB27A60} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core1d23719edf6773c => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {C40202E4-A449-4B08-A50F-FFF6AA3CBED9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5E83986-FC3F-42CA-B271-E76CCC7DC674} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D1EEA019-1A57-437D-BF19-8F900715E250} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D56C1DE8-889F-41F2-A8B6-D83FC71F3D48} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-31] (Microsoft Corporation)
Task: {DD48C4CB-B213-4219-903A-E0A510489496} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DEF48442-E6C2-407C-BDD9-C88DA55446C8} - System32\Tasks\HP WEP => C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exe [2007-04-25] ()
Task: {E162D131-AF61-455E-8053-1683C9394126} - System32\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000 => C:\Users\netdisk\AppData\Local\GoToMeeting\8569\g2mupload.exe [2018-03-28] (LogMeIn, Inc.)
Task: {E625366B-DAE4-451E-A134-8F183D67F169} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F9479381-F5BD-46D9-B26C-99B039358A8A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-31] (Microsoft Corporation)
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD50FCF1-5F05-4A6E-BE66-988024E47332} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core1d23719edf6773c.job => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA1d23719ee0c21a2.job => C:\Users\netdisk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2445136535-42582293-1619217398-1000.job => C:\Users\netdisk\AppData\Local\GoToMeeting\8569\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2445136535-42582293-1619217398-1000.job => C:\Users\netdisk\AppData\Local\GoToMeeting\8569\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000Core.job => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2445136535-42582293-1619217398-1000UA.job => C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP WEP.job => C:\Program Files (x86)\Hp\Dfawep\bin\hpbdfawep.exeWIN10TEST\visitor$Task for execution of hpbdfawep.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFornetdisk.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-24 02:14 - 2016-11-14 04:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-01 14:44 - 2012-06-01 14:44 - 000188416 _____ () C:\Program Files (x86)\Talkswitch\UDPLogger\UDPLogger.exe
2018-03-29 10:57 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-26 15:04 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-26 15:04 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-27 10:40 - 2018-03-27 10:41 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-27 10:40 - 2018-03-27 10:41 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-27 10:40 - 2018-03-27 10:41 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-27 10:40 - 2018-03-27 10:41 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-27 10:40 - 2018-03-27 10:40 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-16 08:35 - 2018-02-16 08:36 - 025843200 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-02-16 08:35 - 2018-02-16 08:36 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-16 08:35 - 2018-02-16 08:36 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-12-01 16:39 - 2017-12-01 16:40 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-25 20:46 - 2017-09-25 20:46 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-16 08:35 - 2018-02-16 08:36 - 005527040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2018-04-03 12:45 - 2018-04-03 12:46 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-04-03 12:45 - 2018-04-03 12:46 - 067038720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-03-29 11:58 - 2018-03-29 11:59 - 004123648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-04 12:39 - 2017-10-04 12:40 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-16 08:36 - 2018-02-16 08:37 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-29 11:58 - 2018-03-29 12:00 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-29 11:58 - 2018-03-29 12:00 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-03-29 11:58 - 2018-03-29 11:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-04-03 12:45 - 2018-04-03 12:46 - 015329792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-29 11:58 - 2018-03-29 11:59 - 003962368 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-04-03 12:45 - 2018-04-03 12:45 - 003250176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-01 23:45 - 2018-03-01 23:47 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-01 15:05 - 2018-02-01 15:06 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-29 11:58 - 2018-03-29 11:59 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-03-29 11:58 - 2018-03-29 12:00 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-29 11:58 - 2018-03-29 12:00 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-04-03 12:45 - 2018-04-03 12:46 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.0_x64__8wekyb3d8bbwe\SKU.dll
2018-04-06 10:33 - 2018-04-06 10:33 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 13:49 - 2018-03-09 13:50 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-29 13:34 - 2018-03-28 07:31 - 000746312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-03-29 13:34 - 2018-03-28 07:31 - 002079048 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-03-29 13:34 - 2018-03-28 07:30 - 000100312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000018896 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\select.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000020808 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000035808 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000694232 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000021856 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000130520 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 001856864 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000022880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000145880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-03-29 13:34 - 2018-03-28 07:31 - 000116696 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-03-29 13:34 - 2018-03-28 07:30 - 000105944 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000022872 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000063312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000024536 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000077120 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-03-29 13:34 - 2018-03-28 07:31 - 000392664 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-03-29 13:34 - 2018-03-28 07:30 - 000020952 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000124888 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000114136 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000392520 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000026464 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000043480 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000024024 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000175576 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000030168 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000026072 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000048600 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000057816 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000021840 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000023376 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000022864 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000066400 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 001798464 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000084944 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 001959232 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 003863880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000155472 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000521544 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000051024 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000043336 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000131400 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000219984 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000204104 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000025440 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000060888 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000054616 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000024024 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000022880 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000087904 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000028632 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000022368 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000021856 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000022368 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000027496 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-03-29 13:34 - 2018-03-28 07:30 - 000349144 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000101704 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2018-03-29 13:34 - 2018-03-28 07:33 - 000023904 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000025432 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-03-29 13:34 - 2018-03-28 07:31 - 000036312 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\librsync.dll
2018-03-29 13:34 - 2018-03-28 07:32 - 000032608 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2018-03-29 13:34 - 2018-03-28 07:31 - 000293392 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2018-03-29 13:34 - 2018-03-28 07:33 - 000021856 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000181064 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-03-29 13:34 - 2018-03-28 07:33 - 000030544 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000024384 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-03-29 13:34 - 2018-03-28 07:32 - 001638208 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-03-29 13:34 - 2018-03-28 07:33 - 000026464 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000546632 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000359744 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-03-29 13:34 - 2018-03-28 07:32 - 000038216 _____ () C:\Users\netdisk\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2009-02-26 13:46 - 2009-02-26 13:46 - 000064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 000434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2018-02-23 13:20 - 2018-03-31 04:02 - 000164528 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2011-05-26 20:18 - 2011-05-26 20:18 - 000136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
2015-11-11 04:41 - 2015-11-11 04:41 - 000756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2013-12-17 11:16 - 000001033 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 update.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\netdisk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp1.jpg
HKU\S-1-5-21-2445136535-42582293-1619217398-1029\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: Google Update => "C:\Users\netdisk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKU\S-1-5-21-2445136535-42582293-1619217398-1000\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DA368080-67D7-477F-AAA9-2BF5AB3D5094}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{FE8D9164-0C57-41AC-A0CF-85CFEEC511B4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{EBE7B0C1-D0D0-4CD6-BA2B-6CF27710F657}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{912C837C-ED5C-4DDB-8389-F13D8FE3127B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{83B0F4AD-FE09-432E-A133-B356D415121E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{22D38E6B-729A-4032-ABF7-826D200E9C76}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6576708F-8709-4360-8053-60EB3E8047D0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{CB126FBF-6A2E-4BC9-B846-7E87C20BAB7C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{3AE89656-EBFE-4D24-970F-83620B7B66B3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{C5BA4F1F-2601-411B-B586-2034F65ABBA0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{2625CE63-C463-447E-A8CE-2DD49483605D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{3A4E53AD-5217-45FC-97F6-55AEF202BFA9}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{A3FFDBF7-6D41-46BE-844F-F9BC2DF5C944}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{E5992308-4CBA-4EA3-90EA-1B1C33FC3DE8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{A9D9292E-A2BB-406B-B809-70D50F61B3AC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{029A5063-3DED-4793-93E2-974B74D1A676}] => (Allow) LPort=2869
FirewallRules: [{3850A6DE-E568-4121-9B8F-95FB028319FB}] => (Allow) LPort=1900
FirewallRules: [{E37B6E5A-C074-4246-9707-57C93A4CCAA8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{553D9413-EA3E-4AA1-A034-90702B868B1F}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe
FirewallRules: [UDP Query User{29F4CE1C-0473-4A45-B6D7-59D7D73DBFCA}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe
FirewallRules: [TCP Query User{10E2C4ED-F684-4371-8C3A-8B4FDA0CE6BE}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{8FB5DE5F-E1E9-48F3-B39A-A4954A0FE4A6}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [{6340EC22-2251-4EFC-9273-F769BC999B5E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{CDC1456A-53B6-4286-9F41-7FE0FC789C3C}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{4EBA76CD-D924-4E1A-9E6B-FAE08AEFDB46}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{3367EB99-1AE3-42B6-B499-E3175F694618}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{291B9F39-E1DC-4747-96A7-F9F649AC389F}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{73E55073-1004-464A-9585-D6B0601140C0}] => (Allow) C:\Program Files\UltraVNC\winvnc.exe
FirewallRules: [{C4C703FF-F930-4A74-890C-D23D79172E91}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [{9EFA11A1-C9F8-4B8D-9EBE-40BBFDA737ED}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [{0A2451AC-0710-4FBC-96C3-6B5E4061497D}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{7D5662E2-7B73-4D59-8485-1A0FA26E79A7}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [TCP Query User{54D71D64-5508-48A2-B2C5-B88551AFF8C3}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{93A04398-34DF-4FF3-90A1-154CAFD59756}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [TCP Query User{B60396A6-3637-41B9-8882-7D77C350AC17}C:\program files (x86)\iperf\iperf.exe] => (Allow) C:\program files (x86)\iperf\iperf.exe
FirewallRules: [UDP Query User{84249A13-348C-4511-953C-629F15ECC1E8}C:\program files (x86)\iperf\iperf.exe] => (Allow) C:\program files (x86)\iperf\iperf.exe
FirewallRules: [{D2C62451-4BDD-4665-9730-BBABF08A5487}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AA4E126D-072B-4379-8110-0A3433764453}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8FABDD46-8A80-42A9-BB29-C7AEC1EAE9CA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3076AD06-6AF1-41A5-BDAF-E3E58E438CDD}] => (Allow) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BEEA36AA-9B3E-4183-AE3E-17E557768636}] => (Allow) C:\Users\netdisk\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{13E1DD12-C109-4235-A3AE-30F821279F15}C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6A44B1F8-F333-47EE-8197-72B7D8151281}C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\netdisk\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AB6340D4-EDFE-4826-B474-53AF6449C8D7}] => (Allow) C:\Users\netdisk\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E646A1C4-D57B-4E4F-88E5-192D4F13A504}] => (Allow) C:\Users\netdisk\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{852E0C8F-299B-4582-91DF-5D2EE4CCC6A5}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{C6A56931-58C8-48D6-9817-55D118D2CB95}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{E24677C2-51D8-48DC-8254-40103BA7DDC0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{D16E9563-F7C3-40B0-9A6B-B56DA2B52C2B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{B5ADD53D-F97B-4792-A2BE-26EEB5A73B66}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3C951FB5-6F28-439F-8B8A-019F44D47445}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{B39568AB-23EE-4DB8-BF10-6EE845BD18C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{01318FBB-9EB0-4927-ACD9-8E750F8FAF18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{358F838A-FCF1-4950-981C-DADFEF7953C5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{FD11B76C-4953-4229-A210-8DAF185D86A2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{EF499C42-F794-42C0-B50B-15CD44A8B42C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DC9702E1-DD4F-4216-9946-7E8AB3BDBF82}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B0116B28-CC2F-46D3-A0E9-EFFF8D46ACB8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AF74B743-7191-474C-9214-D59A029E0E30}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CCC2F5EC-DA66-4746-9330-72548A12583F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BF76043C-4783-4063-9E2F-C8DB6CD1D9AC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BDF1DC14-9103-4DDD-9C7D-DC7F4B259CE2}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6092E1A-169D-4573-96F2-305EC1FA3B0E}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D0DBDD05-4B67-4839-B0AF-9B600058404A}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{3A076132-9836-4183-9928-8F1BAAEE39F7}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{4ED522E9-6F28-4FB0-9450-3CA34CC353AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FCA75B8B-BFAD-45DF-B635-F5F306A0618B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{75DF456D-D551-4B92-B13E-D6FD5CC1F5AD}C:\users\netdisk\downloads\winbox.exe] => (Allow) C:\users\netdisk\downloads\winbox.exe
FirewallRules: [UDP Query User{07F3057C-C110-4521-9117-85E9938ED18D}C:\users\netdisk\downloads\winbox.exe] => (Allow) C:\users\netdisk\downloads\winbox.exe
FirewallRules: [TCP Query User{579A0C57-A4F6-498C-AA8C-214CE903FE82}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [UDP Query User{D7E0C752-90A0-4900-8595-E1EE428EDFD8}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [TCP Query User{65995C51-B558-498D-BAB5-CA7CD7D1569A}C:\program files (x86)\intermapper\intermapper.exe] => (Allow) C:\program files (x86)\intermapper\intermapper.exe
FirewallRules: [UDP Query User{3447B81C-E499-450B-9226-CD8E4F34D021}C:\program files (x86)\intermapper\intermapper.exe] => (Allow) C:\program files (x86)\intermapper\intermapper.exe
FirewallRules: [{4AD1FA1E-3688-42E1-A281-D4D62C2F92AD}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{334EBA92-8161-4FEB-B9D6-384ACABB2704}] => (Allow) C:\Users\netdisk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FC12BD0-6D1A-4410-A800-EF70A17C7A97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{18095FCD-2965-41A8-9D9D-EB63982BA3DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [TCP Query User{550286B0-0D89-4AEE-8AAA-33E5E5DBBF8D}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [UDP Query User{698065C7-AED6-4BAE-AAD4-8B05348300A2}C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe] => (Allow) C:\program files (x86)\powersnmp\free manager\powersnmp free manager.exe
FirewallRules: [{1981F5B2-80C7-432C-8713-1715D1B7B96E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26CA206F-5191-4A77-9DA3-359148357ACE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9B662ECF-26A8-403E-9A95-FC9E685E3447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{64C6F69E-446D-4719-9E1F-114E05FD2952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{8375DCA4-8BFD-448B-BDFE-5C618D6DB405}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2A202E2-BF6D-4F04-88D6-B0D1AC44B3BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F69E845B-0CA9-48ED-B1D3-AE0AF15D8A13}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{DC7291E1-4365-4BCF-8D59-673CC8AB73EF}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{026D43D2-D443-4234-BAC4-16B5DAB3DD23}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{B2630212-1933-4E12-BE75-F81A8C98144F}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{30B01A47-BEC2-4F02-990C-D9CA3CF2348D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{72B3AA47-538E-4387-BAB5-303549E355C0}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{79B67C10-CC73-4635-9098-8546EE0496C7}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{79984AAE-0322-4768-A756-B531D70B96DC}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{C0469682-3AA3-42D9-9100-9E86DA641B36}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{091B0542-3277-498B-BE5E-817F56D9BCA6}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{CB645352-6051-4DD6-B098-A9D85E450199}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{5D0FA631-48C2-4450-A60F-21487B70250A}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{0CC6346A-BDF6-41EE-911C-F585A508A0F9}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [{307F8E90-D5B8-481D-8BE4-44B830EE9FF3}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [TCP Query User{EA806738-24E3-4BCD-931C-C03F4C2C8DB0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CB76023C-0243-42C0-811B-F709BE6962BC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F88D44A-2D78-49B8-B0F5-3FF4155AAF36}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{D22DA6FE-D172-4E54-87CC-7A7E37BE830D}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{22B888B8-DC4B-4A59-B1DE-ECCC0C32D130}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{6294759B-FAF5-4882-A49C-537AD331506B}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{B0C68E1D-DC90-43AA-B2CD-3055067A8A3A}] => (Allow) C:\Users\netdisk\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{50689D62-B015-44E5-BF3C-F475DC7AC75A}] => (Allow) C:\Users\netdisk\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{B6DB8221-88D6-451E-BB73-E33AFA2F8B7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{4323612D-475D-4554-93C0-1A50E3D3D888}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{48266613-E62B-48FF-B9B6-E8657633D8A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{02E82C3E-087E-4A7B-A8FD-A1D8D9E6BAA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{28379A10-3340-4FA7-9FA2-C7B103A8AB28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{98CD61E2-0FC9-477D-BDDB-8531AE8CC41B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{75A99DA4-36E7-4360-9B3B-19F72981D3A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EB5D5E11-6792-44D8-A148-DDAE89BB3E3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{115040A4-FE89-475A-ABAA-15115EE9EE6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{600225BF-E21F-45E4-BD0D-500B389ABDC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F9AB48AB-8D31-44E3-8D98-DB1C1C550AE2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A306180-1AA8-4662-9B30-6814DC1BAF43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D92CA14F-62FD-40C9-BA85-0025CCBD1D60}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8B7F4452-F302-4321-BB0A-DD5B01130450}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
26-03-2018 12:31:30 Scheduled Checkpoint
04-04-2018 14:48:08 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/05/2018 03:43:58 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/04/2018 03:43:59 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/03/2018 04:58:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000041
Faulting process id: 0x630
Faulting application start time: 0x01d3cba79ee4d254
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: e7145323-c5bf-4fa7-bd87-5efb9c59060d
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (04/03/2018 03:43:58 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/03/2018 03:13:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000041
Faulting process id: 0x348
Faulting application start time: 0x01d3cb99020380cc
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 89e53b2b-58b9-48e4-81db-2ed57faf1bfa
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (04/03/2018 01:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000041
Faulting process id: 0x3934
Faulting application start time: 0x01d3cb8d4d3040c4
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: b287436a-c607-4188-b26b-f3710d1b0f21
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (04/03/2018 12:09:16 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Enterprise 2007 - Update 'Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (04/03/2018 12:09:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office Enterprise 2007 -- Error 2902.An internal error has occurred.  (ixfAssemblyCopy                  ) Contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seePSS10R.CHM.

System errors:
=============
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/05/2018 09:39:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-03-23 11:22:34.267
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {06FF5EBB-1959-49FD-B386-824BD63313E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-03-09 10:16:42.488
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ABE279F6-D414-4C95-BACD-30EC7899669E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-02 18:21:53.771
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1805.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2018-04-02 18:21:53.770
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2018-04-02 18:20:50.590
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1805.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2018-04-02 18:20:50.589
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1805.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2018-04-02 18:20:50.589
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1805.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out
CodeIntegrity:
===================================
Date: 2018-04-06 10:48:18.581
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-04-06 10:48:18.579
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-04-06 10:34:25.995
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-04-06 10:34:25.992
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-04-06 10:34:22.819
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-04-06 10:34:22.818
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-04-06 10:33:43.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-04-06 10:33:43.381
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 66%
Total physical RAM: 6103.07 MB
Available physical RAM: 2062.12 MB
Total Virtual: 14039.07 MB
Available Virtual: 8071.46 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.92 GB) (Free:96.67 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.05 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{a6bde143-5bcd-11e0-879a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{e9189d1d-0000-0000-0000-5081e5000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E9189D1D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 06 April 2018 - 02:04 PM

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 thefamousmred

thefamousmred
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 06 April 2018 - 07:13 PM

Here is the fixlog, thanks!
 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users