Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got a malware that uses service for some reason (logs included)


  • Please log in to reply
16 replies to this topic

#1 Iwillsolo

Iwillsolo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 09 April 2018 - 10:18 AM

This is all i can get from process explorer

I got Comodo Antivirus ( the only was able to install, and malwarebyte)

any other antivirus / adware / malwares closes instantly when i try to install ( because of that virus/malware or whatever it is)

When i search for something like hacker,hack,adware it closes my browser instantly (Firefox,Chrome,IE,Edge)

when i try to restart my laptop i get BSOD

I tried to remove that Registry, but it comes again once i restart my laptop, but with different name.

I need a fast solution please, i will be available all the time looking for any respond on my thread.

 

frir6j4.png

 

 

 

 

 

nF1Po6A.png

 

 

 

KcXumbF.png

 

vj5RFD7.png

 

pCEZ0eT.png



BC AdBot (Login to Remove)

 


#2 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 10 April 2018 - 05:45 AM

All threads got answers but my thread....



#3 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 13 April 2018 - 10:57 AM

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Abdal (administrator) on DESKTOP-MD9A7SQ (13-04-2018 17:45:31)
Running from C:\Users\Abdal\Downloads\Programs
Loaded Profiles: Abdal & SSASTELEMETRY & SQLTELEMETRY & MSSQLServerOLAPService & MSSQLSERVER (Available Profiles: Abdal & SSASTELEMETRY & SQLTELEMETRY & MSSQLServerOLAPService & SQLSERVERAGENT & MSSQLSERVER)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\gxxsvc.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\bin\sqlceip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitsum LLC) C:\Program Files\ParkControl\ParkControl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswtrayutil.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Users\Abdal\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileCoAuth.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2018-01-10] ()
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [605992 2015-01-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-14] (Realtek Semiconductor)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2018-01-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [Win10PDF] => C:\Program Files\PDF Printer for Windows 10\PDF.exe [484352 2014-10-13] (Vivid Document Imaging Technologies)
HKLM-x32\...\Run: [FxSound Enhancer] => C:\Program Files (x86)\DFX\dfx.exe [1696248 2018-03-09] ()
HKLM-x32\...\Run: [chrome] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --headless --disable-gpu --remote-debugging-port=9222 hxxp://de-mi-nis-ner.info/cdn-38.html?t=0.4
HKLM-x32\...\Run: [XPE] => C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe [28672 2015-08-21] (XPExplorer.com - 2015)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [BitTorrent] => C:\Users\Abdal\AppData\Roaming\BitTorrent\BitTorrent.exe [2151616 2018-03-01] (BitTorrent Inc.)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-16] (Tonec Inc.)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Screenleap] => C:\Users\Abdal\AppData\Local\Screenleap\Screenleap.exe [10140136 2018-01-10] (Screenleap, Inc.)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Mikogo] => C:\Users\Abdal\AppData\Roaming\Mikogo\Mikogo-host.exe [7827784 2017-10-13] (BeamYourScreen GmbH)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799880 2017-10-30] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2017-09-06] (Voobly)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\MountPoints2: {d13e5ef6-dd48-11e7-95a6-e4f89ce10905} - "K:\SISetup.exe"
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
Startup: C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2018-02-08]
ShortcutTarget: GameRanger.lnk -> C:\Users\Abdal\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2018-01-22]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2939746906-1252596266-2071687770-1001] => 127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{531c56d8-0fc4-4a37-b7bf-d1dd43227539}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{583a3f12-176d-4009-a129-b504de9b238c}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5ef4c2b5-22ec-4173-9702-382a347e4922}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7ddbdef2-eadc-44b3-9099-ef280db4a1b3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{d23c9c53-90f4-4e09-9806-47324dc0f446}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{d23c9c53-90f4-4e09-9806-47324dc0f446}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_152\bin\ssv.dll [2017-12-22] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_152\bin\jp2ssv.dll [2017-12-22] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator-ie-helper.dll [2017-07-13] (Red Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-01] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator-ie-plugin.dll [2017-07-13] (Red Software)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1518911704128
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default [2018-04-13]
FF user.js: detected! => C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\user.js [2017-06-30]
FF Extension: (Hoxx VPN Proxy) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\@hoxx-vpn.xpi [2018-04-08]
FF Extension: (WebRTC Leak Shield) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\@webrtc-leak-shield.xpi [2018-04-08]
FF Extension: (Avira Browser Safety) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\abs@avira.com.xpi [2018-03-25]
FF Extension: (Adblock Plus) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-07]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\features\{195210a3-67c7-4249-a3f0-df869e873127}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-06] [Legacy]
FF HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Legacy]
FF HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Abdal\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Abdal\AppData\Roaming\IDM\idmmzcc5 [2018-04-13] [Legacy] [not signed]
FF HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\dtplugin\npDeployJava1.dll [2017-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.152.2 -> C:\Program Files\Java\jre1.8.0_152\bin\plugin2\npjp2.dll [2017-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2018-01-24] (Nitro Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-07-13] (Red Software)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://feed.online-live-streaming.com/?q={searchTerms}&publisher=live-streaming&barcodeid=521070000000000
CHR DefaultSearchKeyword: Default -> Live-Streaming Search
CHR DefaultSuggestURL: Default -> hxxp://suggest.online-live-streaming.com/suggest/get?q={searchTerms}
CHR Profile: C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default [2018-04-09]
CHR Extension: (Skip shorte.st ads) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhgkdnnlhmefhnkfilcaaibapeepkfok [2018-04-05]
CHR Extension: (Avira Password Manager) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-04-05]
CHR Extension: (Adblock Plus) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-05]
CHR Extension: (Allavsoft video downloader converter) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhancbnhabhandieicagelcddkdfgoif [2018-04-05]
CHR Extension: (Adobe Acrobat) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-05]
CHR Extension: (ARC Welder) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2018-04-05]
CHR Extension: (minerBlock) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2018-04-05]
CHR Extension: (EverWing Hacks) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbingkbgnhkfpmffjiekekmedohpmfef [2018-04-05]
CHR Extension: (Full Page Screen Capture) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-04-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-04-05]
CHR Extension: (IE Tab) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2018-04-05]
CHR Extension: (Sound Volume Booster that works! Bass audio!) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflaogbiblbidhaogjjagjpjcflipklo [2018-04-05]
CHR Extension: (InstaG Downloader) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-04-05]
CHR Extension: (Bigasoft Video Downloader Pro) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnkpjikgipojkofgjjkfgdhfanggcdm [2018-04-05]
CHR Extension: (Popup Blocker Pro) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-04-05]
CHR Extension: (Live-Streaming  Search) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkkaohmpdgnimeookehemkbgifgecmo [2018-04-05]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2018-04-05]
CHR Extension: (IDM Integration Module) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (AdSkipper) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2018-04-05]
CHR Extension: (Swimbi - CSS Menu Maker) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifipbbfaomegkfhpdbopinkndcdmaop [2018-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-05]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.15.4.6594\BVDChromeExt.crx [2018-01-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.15.3.6535\BVDChromeExt.crx [2018-01-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"MSSQLFDLauncher" => service was unlocked. <==== ATTENTION

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atiesrxx.exe [481768 2018-03-23] (AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-04-11] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-12-31] (Microsoft Corporation)
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [232528 2017-08-31] (CyberGhost S.A.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-03-29] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S4 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191000 2015-01-27] (Lenovo) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\gxxsvc.exe [319296 2018-04-04] (Garena Online )
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [183480 2017-08-10] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68336 2018-03-02] (Lenovo Group Limited)
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2720040 2015-01-30] (Lenovo(beijing) Limited)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S4 Mikogo-Service; C:\Users\Abdal\AppData\Roaming\Mikogo\Mikogo-Service.exe [1066848 2017-10-13] (BeamYourScreen GmbH)
U3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [60592 2017-08-22] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation)
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [356648 2015-01-30] (Lenovo(beijing) Limited)
S4 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2343728 2017-07-13] (Red Software)
S4 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [757552 2017-07-13] (Red Software)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-09-14] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-30] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-30] (Microsoft Corporation)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2018-01-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation)
R2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)
R2 SSASTELEMETRY; C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\Bin\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-12-05] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH) [File not signed]
S4 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
S4 Win10PDFPrinting; C:\Program Files\PDF Printer for Windows 10\win10PDFPrinting.exe [514048 2014-10-13] (Vivid Document Imaging Technologies) [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-12] (Windscribe Limited)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S3 Intel® SUR QC SAM; "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [X]
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmdag.sys [41595872 2018-03-23] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmpag.sys [546280 2018-03-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [98848 2017-11-03] (Advanced Micro Devices, Inc.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [53488 2017-12-22] (IVT Corporation.)
R3 cykbfltrService; C:\Windows\system32\DRIVERS\cykbfltr.sys [19968 2015-06-24] (Cypress Semiconductor, Inc.)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [39048 2017-06-19] (Windows ® Win 7 DDK provider)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [33320 2018-03-25] (ELAN Microelectronic Corp.)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2015-01-27] (Windows ® Win 7 DDK provider) [File not signed]
S3 GMLXDFltr01; C:\Windows\system32\drivers\GMLXDFltr01.sys [19488 2016-10-27] (LXD Development, Inc.)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed]
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed]
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed]
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44648 2015-09-18] (AnchorFree Inc.)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [232976 2017-08-10] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [38216 2017-12-10] (SoftEther Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3526392 2017-04-19] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S4 RsFx0500; C:\Windows\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1026896 2018-01-25] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [424384 2018-02-27] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-08-30] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-30] (Sandboxie Holdings, LLC)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-11] () [File not signed]
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51024 2018-01-22] (SoftEther Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [45024 2018-01-05] (The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2017-09-13] (The OpenVPN Project)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1143400 2018-04-13] (TENCENT)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [50224 2017-08-21] (USBPcap)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2018-03-16] (Microsoft Corporation)
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [57976 2017-04-06] (Shaul Eizikovich)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2018-03-27] (BigNox Corporation)
S3 taphss6; \SystemRoot\System32\drivers\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-13 17:35 - 2018-04-13 17:35 - 000000000 ___HD C:\OneDriveTemp
2018-04-13 01:57 - 2018-04-13 01:57 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Tencent
2018-04-12 18:28 - 2018-04-13 01:26 - 000007620 _____ C:\Users\Abdal\AppData\Local\Resmon.ResmonCfg
2018-04-12 05:12 - 2018-04-12 05:12 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-04-11 23:59 - 2018-04-11 23:59 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2018-04-11 22:53 - 2018-04-11 22:53 - 000000000 __SHD C:\ProgramData\FileItem
2018-04-11 22:48 - 2018-04-11 22:48 - 002754490 _____ C:\Users\Abdal\Downloads\Glutamin Cit R0S 1.0 Part 2.rar
2018-04-11 16:35 - 2018-04-11 16:35 - 000472476 _____ C:\Users\Abdal\Downloads\BlackSquadMacrosV1_mpgh.net.rar
2018-04-11 16:35 - 2018-04-11 16:35 - 000000000 ____D C:\Users\Abdal\Downloads\BlackSquadMacrosV1_mpgh.net
2018-04-11 14:29 - 2018-04-11 14:29 - 000000000 ____D C:\ProgramData\LHService
2018-04-11 14:27 - 2018-04-11 14:27 - 000237378 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-04-11 14:26 - 2018-04-11 14:26 - 000000000 ____D C:\ProgramData\LockHunter
2018-04-11 14:18 - 2018-04-11 14:18 - 000077824 _____ C:\Users\Abdal\Downloads\BERCon.exe
2018-04-11 13:21 - 2018-04-11 13:21 - 000000000 ___DL C:\Users\Abdal\OneDrive\Documents\BlackSquad
2018-04-11 02:36 - 2018-04-11 02:36 - 000190976 _____ C:\Windows\vitbo.dll
2018-04-11 02:32 - 2018-04-11 02:33 - 002754177 _____ C:\Users\Abdal\Downloads\Asparagin Cit R0S 9.0(1).rar
2018-04-11 01:05 - 2018-04-11 01:05 - 000000000 _____ C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2018-04-11 01:05 - 2018-03-13 17:17 - 000440512 _____ (COMODO) C:\ProgramData\cmdres.dll
2018-04-11 00:21 - 2018-04-11 00:21 - 000045960 ____N (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-11 00:13 - 2018-04-11 00:21 - 000109800 ____N (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-10 23:57 - 2018-04-10 23:59 - 015474789 _____ C:\Users\Abdal\Downloads\FhfvqxtOqq9G4Hz.rar
2018-04-10 23:37 - 2018-04-13 17:19 - 000000000 ____D C:\Windows\CbsTemp
2018-04-10 19:49 - 2018-04-10 19:49 - 002754177 _____ C:\Users\Abdal\Downloads\Asparagin Cit R0S 9.0.rar
2018-04-10 19:34 - 2018-04-10 19:34 - 000000000 ____D C:\Users\Abdal\Downloads\New folder
2018-04-10 19:29 - 2018-04-10 19:29 - 001349632 _____ C:\Users\Abdal\Downloads\3809.iso
2018-04-10 12:40 - 2018-04-10 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2018-04-10 12:40 - 2018-04-10 12:40 - 000000000 ____D C:\Program Files\Process Hacker 2
2018-04-09 20:08 - 2018-04-09 20:08 - 000000000 ____D C:\Garena
2018-04-09 20:03 - 2018-04-09 20:04 - 000000955 _____ C:\Windows\system32\default_error_stack-000011-000000.txt
2018-04-09 20:03 - 2018-04-09 20:03 - 000436344 _____ C:\Windows\system32\esrv_svc_2.1.0.3413_fc7b66f4-400b-4729-9eb1-8d65b28b4768_2018-04-09p18-03-26-608.dmp
2018-04-09 19:10 - 2018-04-09 19:11 - 000000000 ____D C:\Program Files\Recuva
2018-04-09 19:10 - 2018-04-09 19:10 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-04-09 19:10 - 2018-04-09 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-04-09 19:09 - 2018-04-09 19:10 - 005562976 _____ (Piriform Ltd) C:\Users\Abdal\Downloads\rcsetup153.exe
2018-04-09 18:10 - 2018-04-09 18:10 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Process Hacker 2
2018-04-09 17:28 - 2018-04-09 17:29 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\32230396.sys
2018-04-09 17:26 - 2018-04-09 18:18 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-09 17:22 - 2018-04-09 17:25 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Abdal\Downloads\mbar-1.10.3.1001.exe
2018-04-09 17:21 - 2018-04-09 17:22 - 008222496 _____ (Malwarebytes) C:\Users\Abdal\Downloads\adwcleaner_7.0.8.0.exe
2018-04-09 16:41 - 2018-04-09 16:41 - 000008507 _____ C:\Users\Abdal\Downloads\fixlist.txt
2018-04-09 15:27 - 2018-04-13 17:45 - 000000000 ____D C:\FRST
2018-04-09 13:31 - 2018-04-13 01:57 - 001143400 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2018-04-09 03:59 - 2018-04-09 14:31 - 000001205 _____ C:\Users\Public\Desktop\Garena.lnk
2018-04-09 03:59 - 2018-04-09 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2018-04-09 03:58 - 2018-04-09 03:58 - 000003484 _____ C:\Windows\System32\Tasks\gxx speed launcher
2018-04-09 03:58 - 2018-04-09 03:58 - 000000000 ____D C:\ProgramData\Garena
2018-04-09 03:58 - 2018-04-09 03:58 - 000000000 ____D C:\Program Files (x86)\Garena
2018-04-08 15:55 - 2018-04-08 16:03 - 000000000 ____D C:\Users\Abdal\AppData\Local\FreeReign
2018-04-08 15:55 - 2018-04-08 15:56 - 000000000 ___DL C:\Users\Abdal\OneDrive\Documents\FreeReign
2018-04-08 15:55 - 2018-04-08 15:55 - 000000000 ____D C:\Users\Abdal\AppData\Local\CrashRpt
2018-04-08 03:43 - 2018-04-08 03:43 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar Hide
2018-04-08 03:43 - 2018-04-08 03:43 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Eusing
2018-04-08 03:43 - 2018-04-08 03:43 - 000000000 ____D C:\Program Files (x86)\Taskbar Hide
2018-04-08 03:30 - 2018-04-08 03:31 - 000894561 _____ C:\Users\Abdal\Downloads\THSetup.exe
2018-04-07 21:48 - 2018-04-07 21:48 - 005112480 _____ (Husdawg, LLC) C:\Users\Abdal\Downloads\Detection.exe
2018-04-06 04:13 - 2018-04-06 04:15 - 009774670 _____ C:\Users\Abdal\Downloads\Fortnite FPS increase Pack By Panj.zip
2018-04-06 04:03 - 2018-04-06 04:06 - 000437434 _____ C:\TDSSKiller.2.8.16.0_06.04.2018_04.03.33_log.txt
2018-04-06 04:03 - 2018-04-06 04:03 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\45768521.sys
2018-04-06 03:14 - 2018-04-10 10:12 - 000000000 ____D C:\Windows\Minidump
2018-04-06 02:49 - 2018-03-25 22:19 - 000033320 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2018-04-06 02:49 - 2018-03-16 02:45 - 003938264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsDMFT64.dll
2018-04-06 02:49 - 2018-01-31 18:50 - 000227456 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
2018-04-06 02:49 - 2017-12-22 01:43 - 000053488 _____ (IVT Corporation.) C:\Windows\system32\Drivers\btcusb.sys
2018-04-06 02:49 - 2017-12-22 01:43 - 000038880 _____ (IVT Corporation.) C:\Windows\system32\btinstall.dll
2018-04-06 02:49 - 2017-11-03 09:13 - 000098848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2018-04-06 02:49 - 2017-10-17 11:06 - 000039504 _____ (Intel Corporation) C:\Windows\system32\Drivers\ICCWDT.sys
2018-04-06 02:49 - 2016-10-27 16:52 - 000019488 _____ (LXD Development, Inc.) C:\Windows\system32\Drivers\GMLXDFltr01.sys
2018-04-06 02:49 - 2016-07-14 02:40 - 009891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2018-04-06 02:49 - 2015-06-24 17:39 - 000019968 _____ (Cypress Semiconductor, Inc.) C:\Windows\system32\Drivers\cykbfltr.sys
2018-04-06 01:20 - 2018-04-06 01:20 - 000000072 ___SH C:\bootTel.dat
2018-04-06 01:15 - 2018-04-06 01:15 - 000003200 _____ C:\Windows\ntbtlog.txt
2018-04-06 00:57 - 2018-04-09 17:29 - 000000000 ____D C:\ProgramData\BSD
2018-04-05 23:54 - 2018-04-05 23:55 - 009183528 _____ (Smart Game Booster ) C:\Users\Abdal\Downloads\Smart_Game_Booster_setup.exe
2018-04-05 23:50 - 2018-04-05 23:50 - 000327168 _____ (WZT) C:\Users\Abdal\Downloads\DWS.exe
2018-04-05 23:50 - 2018-04-05 23:50 - 000327168 _____ (WZT) C:\Users\Abdal\Downloads\DWS(1).exe
2018-04-05 23:40 - 2018-04-10 21:27 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-04-05 04:05 - 2018-04-05 04:05 - 000000000 ____D C:\Windows\pss
2018-04-05 03:11 - 2018-04-11 00:32 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2018-04-05 02:53 - 2018-04-09 17:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-05 02:53 - 2018-04-05 02:53 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-05 02:53 - 2018-04-05 02:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-05 02:53 - 2018-01-18 08:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-05 02:49 - 2018-04-11 00:12 - 000000000 ____D C:\AdwCleaner
2018-04-05 02:36 - 2018-04-05 02:36 - 000014169 ____L C:\Users\Abdal\OneDrive\Documents\xxx.torrent
2018-04-05 02:33 - 2018-04-05 02:33 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2018-04-05 02:33 - 2018-04-05 02:33 - 000003074 _____ C:\Windows\System32\Tasks\StartDVR
2018-04-05 02:33 - 2018-04-05 02:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-04-05 00:08 - 2018-04-05 02:29 - 000000000 ____D C:\AMD
2018-04-05 00:06 - 2018-04-05 00:08 - 025910000 _____ (AMD Inc.) C:\Users\Abdal\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
2018-04-04 23:59 - 2018-04-04 23:59 - 000000000 ____D C:\Program Files (x86)\XPE Windows 10 DPI Fix
2018-04-04 23:44 - 2018-04-04 23:44 - 000000258 __RSH C:\Users\Abdal\ntuser.pol
2018-04-04 23:06 - 2018-04-04 23:06 - 000004945 _____ C:\Windows\system32\default_error_stack-000010-000000.txt
2018-04-04 22:35 - 2018-04-04 22:35 - 000004943 _____ C:\Windows\system32\default_error_stack-000009-000000.txt
2018-04-04 22:04 - 2018-04-04 22:04 - 000004945 _____ C:\Windows\system32\default_error_stack-000008-000000.txt
2018-04-04 21:33 - 2018-04-04 21:33 - 000004945 _____ C:\Windows\system32\default_error_stack-000007-000000.txt
2018-04-04 21:06 - 2018-04-05 03:19 - 000000000 ____D C:\Program Files (x86)\fly
2018-04-04 21:02 - 2018-04-04 21:02 - 000004945 _____ C:\Windows\system32\default_error_stack-000006-000000.txt
2018-04-04 20:31 - 2018-04-04 20:31 - 000004945 _____ C:\Windows\system32\default_error_stack-000005-000000.txt
2018-04-04 20:00 - 2018-04-04 20:00 - 000004945 _____ C:\Windows\system32\default_error_stack-000004-000000.txt
2018-04-04 19:29 - 2018-04-04 19:29 - 000004945 _____ C:\Windows\system32\default_error_stack-000003-000000.txt
2018-04-04 18:59 - 2018-04-04 18:59 - 000004945 _____ C:\Windows\system32\default_error_stack-000002-000000.txt
2018-04-04 18:47 - 2018-04-04 18:47 - 000004945 _____ C:\Windows\system32\default_error_stack-000001-000000.txt
2018-04-04 18:08 - 2018-04-04 18:08 - 000004945 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2018-04-03 18:01 - 2018-04-03 18:04 - 000000000 ____D C:\Users\Abdal\AppData\Local\game-debate
2018-04-03 18:01 - 2018-04-03 18:01 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\SocialWebTechLTD
2018-04-03 18:01 - 2018-04-03 18:01 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GD Hardware Scan
2018-04-03 18:01 - 2018-04-03 18:01 - 000000000 ____D C:\Program Files (x86)\GD Hardware Scan
2018-03-30 14:04 - 2018-03-30 14:04 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-30 14:04 - 2018-03-29 20:02 - 000000239 ___SH C:\Users\Public\Libraries.ini
2018-03-30 13:58 - 2018-03-30 13:58 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\EasyAntiCheat
2018-03-30 13:58 - 2018-03-30 13:58 - 000000000 ____D C:\Users\Abdal\AppData\Local\FortniteGame
2018-03-30 13:58 - 2018-03-30 13:58 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-29 02:22 - 2018-04-11 23:41 - 000001027 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-03-29 02:22 - 2018-03-29 02:22 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-03-27 22:42 - 2018-03-27 22:42 - 000000000 ____D C:\Users\Abdal\AppData\Local\MultiPlayerManager
2018-03-27 20:54 - 2018-04-08 20:55 - 000000000 ____D C:\Users\Abdal\vmlogs
2018-03-27 20:54 - 2018-04-08 20:55 - 000000000 ____D C:\Users\Abdal\.BigNox
2018-03-27 20:54 - 2018-03-27 20:54 - 000000066 _____ C:\Users\Abdal\inittk.ini
2018-03-27 20:54 - 2018-03-27 20:54 - 000000045 _____ C:\Users\Abdal\nuuid.ini
2018-03-27 20:54 - 2018-03-27 20:54 - 000000041 _____ C:\Users\Abdal\inst.ini
2018-03-27 20:54 - 2018-03-27 20:54 - 000000000 ____D C:\Users\Abdal\Nox_share
2018-03-27 20:54 - 2018-03-27 20:54 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2018-03-27 20:53 - 2018-03-27 20:54 - 000000000 ____D C:\Program Files (x86)\Bignox
2018-03-27 20:19 - 2018-04-08 21:46 - 000000000 ____D C:\Users\Abdal\AppData\Local\Nox
2018-03-27 16:02 - 2018-03-27 16:03 - 000517404 _____ C:\Users\Abdal\Downloads\projectv3_0_5_1.zip
2018-03-27 15:55 - 2018-03-27 15:57 - 013764510 _____ C:\Users\Abdal\Downloads\FuRoS Loader v.1.147074.147265_ ( undetected 27.03.2018 ).rar
2018-03-26 08:19 - 2018-03-26 08:19 - 000007879 _____ C:\Users\Abdal\Downloads\PUBGM QuantumV1.0.0.lua
2018-03-25 02:07 - 2018-03-25 02:07 - 022723434 _____ C:\Users\Abdal\Downloads\Installer + CRACK Files.rar
2018-03-25 01:12 - 2018-04-12 10:01 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\CC
2018-03-25 00:47 - 2018-03-25 00:47 - 000000686 _____ C:\Users\Public\Desktop\Rules of Survival.lnk
2018-03-25 00:47 - 2018-03-25 00:47 - 000000686 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rules of Survival.lnk
2018-03-25 00:47 - 2018-03-25 00:47 - 000000016 _____ C:\ProgramData\mntemp
2018-03-25 00:47 - 2018-03-25 00:47 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Netease
2018-03-25 00:05 - 2018-04-13 17:36 - 000000000 ____D C:\Users\Abdal\AppData\LocalLow\Mozilla
2018-03-25 00:05 - 2018-03-25 00:09 - 000000000 ____D C:\Users\Abdal\AppData\Local\Mozilla
2018-03-25 00:04 - 2018-04-05 23:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-25 00:04 - 2018-04-05 23:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 00:04 - 2018-04-05 23:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-25 00:04 - 2018-03-25 00:04 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-03-25 00:03 - 2018-03-25 00:06 - 000000000 ____D C:\Users\Abdal\Downloads\FIRE
2018-03-24 23:57 - 2018-03-25 00:03 - 039353920 _____ (Mozilla) C:\Users\Abdal\Downloads\Unconfirmed 402298.crdownload
2018-03-24 23:54 - 2018-03-24 23:54 - 000029273 _____ C:\Users\Abdal\Downloads\download.html
2018-03-23 22:03 - 2018-03-23 22:03 - 001064936 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2018-03-23 22:03 - 2018-03-23 22:03 - 000174568 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-03-23 22:03 - 2018-03-23 22:03 - 000151016 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-03-23 22:03 - 2018-03-23 22:03 - 000121392 _____ C:\Windows\system32\kapp_ci.sbin
2018-03-23 22:03 - 2018-03-23 22:03 - 000019272 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2018-03-23 22:03 - 2018-03-23 22:03 - 000019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2018-03-22 18:50 - 2018-03-22 18:50 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2018-03-22 18:50 - 2018-03-22 18:50 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2018-03-18 23:46 - 2018-03-18 23:46 - 000000000 ____D C:\Users\Abdal\AppData\Local\DFX
2018-03-18 23:43 - 2018-03-18 23:43 - 000001712 _____ C:\Users\Public\Desktop\FxSound Enhancer.lnk
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\WDAGUtilityAccount\AppData\Roaming\vlc
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\WDAGUtilityAccount
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\Guest
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\DefaultAccount\AppData\Roaming\vlc
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\DefaultAccount
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\Users\Administrator
2018-03-18 23:43 - 2018-03-18 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound Enhancer
2018-03-18 23:42 - 2018-03-18 23:43 - 000000000 ____D C:\Program Files (x86)\DFX
2018-03-18 02:51 - 2018-03-18 02:51 - 000000000 ____D C:\Windows\system32\Drivers\Lenovo
2018-03-18 02:51 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\Windows\system32\WudfUpdate_02000.dll
2018-03-16 22:34 - 2018-03-01 09:29 - 000733592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-03-16 22:34 - 2018-03-01 09:23 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-03-16 22:34 - 2018-03-01 09:17 - 000408984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-03-16 22:34 - 2018-03-01 09:14 - 007384576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-03-16 22:34 - 2018-03-01 09:14 - 000147872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2018-03-16 22:34 - 2018-03-01 09:11 - 000093600 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-03-16 22:34 - 2018-03-01 09:10 - 000075168 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-03-16 22:34 - 2018-03-01 08:28 - 006480616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-16 22:34 - 2018-03-01 08:28 - 002193168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-03-16 22:34 - 2018-03-01 08:03 - 002902528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-03-16 22:34 - 2018-03-01 08:03 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2018-03-16 22:34 - 2018-03-01 08:03 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-03-16 22:34 - 2018-03-01 08:03 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2018-03-16 22:34 - 2018-03-01 08:03 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-03-16 22:34 - 2018-03-01 08:01 - 019354624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-03-16 22:34 - 2018-03-01 08:01 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-03-16 22:34 - 2018-03-01 07:58 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-03-16 22:34 - 2018-03-01 07:57 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-03-16 22:34 - 2018-03-01 07:56 - 018922496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-03-16 22:34 - 2018-03-01 07:56 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-03-16 22:34 - 2018-03-01 07:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-03-16 22:34 - 2018-03-01 07:54 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-03-16 22:34 - 2018-03-01 07:52 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-03-16 22:34 - 2018-03-01 07:51 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2018-03-16 22:34 - 2018-03-01 07:50 - 003677184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-03-16 22:34 - 2018-02-22 04:10 - 000285080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2018-03-16 22:34 - 2018-02-22 04:03 - 000082848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-03-16 22:34 - 2018-02-22 04:02 - 000149400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2018-03-16 22:34 - 2018-02-22 04:00 - 000187296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2018-03-16 22:34 - 2018-02-22 03:54 - 000437144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2018-03-16 22:34 - 2018-02-22 03:51 - 000555424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2018-03-16 22:34 - 2018-02-22 03:51 - 000045472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2018-03-16 22:34 - 2018-02-22 03:50 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-03-16 22:34 - 2018-02-22 02:30 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-03-16 22:33 - 2018-03-02 05:36 - 017085440 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-03-16 22:33 - 2018-03-02 05:02 - 000037888 _____ C:\Windows\system32\SpectrumSyncClient.dll
2018-03-16 22:33 - 2018-03-02 05:01 - 000640000 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-03-16 22:33 - 2018-03-02 05:00 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Feedback.Analog.dll
2018-03-16 22:33 - 2018-03-02 05:00 - 000248320 _____ (Microsoft Corporation) C:\Windows\system32\svf.dll
2018-03-16 22:33 - 2018-03-02 05:00 - 000230912 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
2018-03-16 22:33 - 2018-03-02 04:59 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-03-16 22:33 - 2018-03-01 22:28 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2018-03-16 22:33 - 2018-03-01 09:50 - 000270744 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-16 22:33 - 2018-03-01 09:49 - 000389536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-16 22:33 - 2018-03-01 09:48 - 000664472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-16 22:33 - 2018-03-01 09:47 - 000749464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-16 22:33 - 2018-03-01 09:47 - 000035224 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2018-03-16 22:33 - 2018-03-01 09:46 - 002003352 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-16 22:33 - 2018-03-01 09:46 - 001568664 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-16 22:33 - 2018-03-01 09:46 - 000609176 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-16 22:33 - 2018-03-01 09:46 - 000138144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-16 22:33 - 2018-03-01 09:45 - 000070040 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2018-03-16 22:33 - 2018-03-01 09:40 - 002514936 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-03-16 22:33 - 2018-03-01 09:40 - 000461720 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-03-16 22:33 - 2018-03-01 09:40 - 000273304 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-16 22:33 - 2018-03-01 09:37 - 007831760 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-03-16 22:33 - 2018-03-01 09:31 - 008602520 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-16 22:33 - 2018-03-01 09:30 - 000540064 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-03-16 22:33 - 2018-03-01 09:30 - 000264040 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2018-03-16 22:33 - 2018-03-01 09:27 - 001173576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-16 22:33 - 2018-03-01 09:26 - 000170912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-16 22:33 - 2018-03-01 09:25 - 000377752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-03-16 22:33 - 2018-03-01 09:19 - 000710768 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-03-16 22:33 - 2018-03-01 09:17 - 002710736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-03-16 22:33 - 2018-03-01 09:17 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-03-16 22:33 - 2018-03-01 09:15 - 002574232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-03-16 22:33 - 2018-03-01 09:14 - 007675784 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-03-16 22:33 - 2018-03-01 09:14 - 005105664 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2018-03-16 22:33 - 2018-03-01 09:14 - 001694224 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2018-03-16 22:33 - 2018-03-01 09:14 - 000356952 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-03-16 22:33 - 2018-03-01 09:14 - 000128928 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2018-03-16 22:33 - 2018-03-01 09:12 - 000677272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-03-16 22:33 - 2018-03-01 09:12 - 000250264 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2018-03-16 22:33 - 2018-03-01 09:12 - 000189344 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll
2018-03-16 22:33 - 2018-03-01 09:10 - 001779936 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-03-16 22:33 - 2018-03-01 09:10 - 000022936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-03-16 22:33 - 2018-03-01 09:09 - 001054272 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-03-16 22:33 - 2018-03-01 08:51 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-16 22:33 - 2018-03-01 08:48 - 001930736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-16 22:33 - 2018-03-01 08:39 - 000213400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-03-16 22:33 - 2018-03-01 08:30 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-03-16 22:33 - 2018-03-01 08:29 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-03-16 22:33 - 2018-03-01 08:29 - 000574960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-03-16 22:33 - 2018-03-01 08:28 - 000115096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2018-03-16 22:33 - 2018-03-01 08:27 - 000284112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-03-16 22:33 - 2018-03-01 08:27 - 000221592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2018-03-16 22:33 - 2018-03-01 08:26 - 001524776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-03-16 22:33 - 2018-03-01 08:26 - 001057816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-03-16 22:33 - 2018-03-01 08:23 - 005105664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2018-03-16 22:33 - 2018-03-01 08:21 - 001558856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2018-03-16 22:33 - 2018-03-01 08:09 - 025251840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-03-16 22:33 - 2018-03-01 08:01 - 006575616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-03-16 22:33 - 2018-03-01 08:01 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-16 22:33 - 2018-03-01 08:00 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-16 22:33 - 2018-03-01 07:59 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-16 22:33 - 2018-03-01 07:58 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-03-16 22:33 - 2018-03-01 07:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
2018-03-16 22:33 - 2018-03-01 07:58 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-03-16 22:33 - 2018-03-01 07:55 - 000346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-03-16 22:33 - 2018-03-01 07:54 - 003664384 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-03-16 22:33 - 2018-03-01 07:54 - 003181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-03-16 22:33 - 2018-03-01 07:54 - 001296896 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-03-16 22:33 - 2018-03-01 07:54 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000536576 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-03-16 22:33 - 2018-03-01 07:53 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-03-16 22:33 - 2018-03-01 07:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\AcSpecfc.dll
2018-03-16 22:33 - 2018-03-01 07:53 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2018-03-16 22:33 - 2018-03-01 07:52 - 006030336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-03-16 22:33 - 2018-03-01 07:51 - 002329088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-03-16 22:33 - 2018-03-01 07:51 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-03-16 22:33 - 2018-03-01 07:51 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-16 22:33 - 2018-03-01 07:50 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-03-16 22:33 - 2018-03-01 07:50 - 000526336 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-03-16 22:33 - 2018-03-01 07:50 - 000118272 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-16 22:33 - 2018-03-01 07:50 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2018-03-16 22:33 - 2018-03-01 07:49 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-03-16 22:33 - 2018-03-01 07:49 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-03-16 22:33 - 2018-03-01 07:49 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountWAMExtension.dll
2018-03-16 22:33 - 2018-03-01 07:49 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-03-16 22:33 - 2018-03-01 07:48 - 000543232 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2018-03-16 22:33 - 2018-03-01 07:48 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2018-03-16 22:33 - 2018-03-01 07:47 - 023674368 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-03-16 22:33 - 2018-03-01 07:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Payments.dll
2018-03-16 22:33 - 2018-03-01 07:47 - 000484352 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2018-03-16 22:33 - 2018-03-01 07:46 - 004051968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-03-16 22:33 - 2018-03-01 07:46 - 000770048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2018-03-16 22:33 - 2018-03-01 07:46 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-03-16 22:33 - 2018-03-01 07:45 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-03-16 22:33 - 2018-03-01 07:45 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-03-16 22:33 - 2018-03-01 07:45 - 000386560 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-03-16 22:33 - 2018-03-01 07:44 - 008030720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-03-16 22:33 - 2018-03-01 07:44 - 005195776 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-03-16 22:33 - 2018-03-01 07:43 - 012830208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-03-16 22:33 - 2018-03-01 07:42 - 003505664 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-16 22:33 - 2018-03-01 07:42 - 002084352 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-03-16 22:33 - 2018-03-01 07:41 - 008103936 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-03-16 22:33 - 2018-03-01 07:41 - 004745728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-03-16 22:33 - 2018-03-01 07:41 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-03-16 22:33 - 2018-03-01 07:41 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-16 22:33 - 2018-03-01 07:41 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-03-16 22:33 - 2018-03-01 07:40 - 005833216 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-03-16 22:33 - 2018-03-01 07:39 - 002222592 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2018-03-16 22:33 - 2018-03-01 07:39 - 002035712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-03-16 22:33 - 2018-03-01 07:39 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2018-03-16 22:33 - 2018-03-01 07:39 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2018-03-16 22:33 - 2018-03-01 07:38 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-03-16 22:33 - 2018-03-01 07:38 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-03-16 22:33 - 2018-03-01 07:36 - 004050432 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-03-16 22:33 - 2018-03-01 07:36 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-03-16 22:33 - 2018-03-01 07:35 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-03-16 22:33 - 2018-03-01 07:35 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-03-16 22:33 - 2018-03-01 07:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-03-16 22:33 - 2018-02-22 04:23 - 001092016 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-03-16 22:33 - 2018-02-22 04:23 - 000924648 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-03-16 22:33 - 2018-02-22 04:13 - 000279456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2018-03-16 22:33 - 2018-02-22 04:13 - 000077216 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-03-16 22:33 - 2018-02-22 04:11 - 000109984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2018-03-16 22:33 - 2018-02-22 04:08 - 001206688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-03-16 22:33 - 2018-02-22 04:08 - 001055648 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-03-16 22:33 - 2018-02-22 04:08 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-03-16 22:33 - 2018-02-22 04:07 - 001415296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-03-16 22:33 - 2018-02-22 04:07 - 001209248 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-16 22:33 - 2018-02-22 04:07 - 000194456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2018-03-16 22:33 - 2018-02-22 04:03 - 000712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-03-16 22:33 - 2018-02-22 03:59 - 021351624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-03-16 22:33 - 2018-02-22 03:52 - 000103328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-03-16 22:33 - 2018-02-22 03:51 - 000097176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2018-03-16 22:33 - 2018-02-22 03:50 - 000229272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2018-03-16 22:33 - 2018-02-22 02:41 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-03-16 22:33 - 2018-02-22 02:31 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2018-03-16 22:33 - 2018-02-22 02:30 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2018-03-16 22:33 - 2018-02-22 02:30 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
2018-03-16 22:33 - 2018-02-22 02:30 - 000038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismp6.sys
2018-03-16 22:33 - 2018-02-22 02:27 - 001282048 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-03-16 22:33 - 2018-02-22 02:26 - 001015296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2018-03-16 22:33 - 2018-02-22 02:26 - 000441344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2018-03-16 22:33 - 2018-02-22 02:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2018-03-16 22:33 - 2018-02-22 02:16 - 001286144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-03-16 22:33 - 2018-02-22 02:12 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-03-16 21:08 - 2018-03-16 21:11 - 022011464 _____ C:\Users\Abdal\Downloads\You Are Your Own Gym v3.73.apk
2018-03-14 17:02 - 2018-04-10 23:31 - 000003812 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-13 17:39 - 2018-01-21 00:08 - 000045273 _____ C:\Windows\system32\InstallUtil.InstallLog
2018-04-13 17:39 - 2017-12-12 00:45 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-04-13 17:36 - 2018-01-17 00:57 - 000000000 ____D C:\ProgramData\Lenovo
2018-04-13 17:35 - 2017-12-07 02:17 - 000000000 __RDL C:\Users\Abdal\OneDrive
2018-04-13 17:34 - 2017-12-07 11:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-04-13 17:34 - 2017-12-07 02:30 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-13 17:34 - 2017-12-07 02:30 - 000000000 __SHD C:\Users\Abdal\IntelGraphicsProfiles
2018-04-13 17:20 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2018-04-13 17:14 - 2017-12-07 11:59 - 002338226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-13 17:11 - 2017-12-07 11:49 - 005078192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-13 17:11 - 2017-12-07 11:49 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-13 17:08 - 2017-12-07 02:35 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-13 17:08 - 2017-09-29 10:45 - 000786432 _____ C:\Windows\system32\config\BBI
2018-04-13 17:07 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-04-13 17:07 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\system32\F12
2018-04-13 17:07 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-13 17:07 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-04-13 03:06 - 2017-12-10 01:25 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\DMCache
2018-04-13 01:19 - 2017-12-18 23:42 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\vlc
2018-04-12 12:34 - 2018-02-19 00:33 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-11 15:21 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-04-11 13:20 - 2017-12-07 02:33 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-11 02:36 - 2017-12-07 16:59 - 000617896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2018-04-11 02:36 - 2017-12-07 16:59 - 000163480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2018-04-11 02:36 - 2017-12-07 16:59 - 000132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2018-04-11 01:38 - 2017-12-31 00:27 - 000000000 ____D C:\Users\Abdal\AppData\Local\CrashDumps
2018-04-11 01:32 - 2017-12-10 01:25 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\IDM
2018-04-10 23:35 - 2017-12-12 15:07 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-04-10 23:31 - 2018-02-03 07:52 - 000003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-10 23:10 - 2018-01-03 21:55 - 000000000 ____D C:\Users\Abdal\AppData\Local\ElevatedDiagnostics
2018-04-10 12:54 - 2018-02-11 00:17 - 000000000 ____D C:\Users\Abdal\AppData\Local\LogMeIn Hamachi
2018-04-10 12:32 - 2018-02-19 05:12 - 000000000 ____D C:\Users\Abdal\Downloads\Compressed
2018-04-10 01:42 - 2018-01-21 00:30 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-09 20:07 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-09 20:07 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness
2018-04-09 19:56 - 2017-12-07 02:13 - 000000000 ____D C:\Users\Abdal
2018-04-09 19:10 - 2017-12-07 02:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-09 18:23 - 2017-12-07 17:19 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Notepad++
2018-04-09 17:29 - 2017-12-10 13:38 - 000000000 ____D C:\Users\SSASTELEMETRY
2018-04-09 17:29 - 2017-12-10 13:38 - 000000000 ____D C:\Users\SQLTELEMETRY
2018-04-09 17:29 - 2017-12-10 13:38 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2018-04-09 16:54 - 2017-09-29 15:46 - 000000155 _____ C:\Windows\win.ini
2018-04-09 16:46 - 2017-12-10 13:38 - 000000000 ____D C:\Users\MSSQLSERVER
2018-04-09 15:31 - 2017-12-10 13:38 - 000000000 ____D C:\Users\MSSQLFDLauncher
2018-04-09 14:27 - 2017-12-19 23:26 - 000001852 _____ C:\Windows\Sandboxie.ini
2018-04-08 20:56 - 2017-12-07 20:22 - 000000000 ____D C:\Users\Abdal\.android
2018-04-07 16:36 - 2018-02-20 01:14 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2018-04-07 16:36 - 2018-02-20 01:14 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2018-04-07 16:36 - 2018-02-20 01:14 - 000122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2018-04-07 16:36 - 2018-02-20 01:14 - 000109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2018-04-07 01:00 - 2018-03-11 21:15 - 000002014 _____ C:\Users\Public\Desktop\AirDroid.lnk
2018-04-06 02:49 - 2017-12-24 00:45 - 000000000 ____D C:\Program Files\DIFX
2018-04-06 01:06 - 2017-12-10 01:14 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\BitTorrent
2018-04-06 00:26 - 2018-02-20 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fez [GOG.com]
2018-04-06 00:26 - 2018-02-03 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2018-04-06 00:26 - 2018-01-21 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2018-04-06 00:26 - 2018-01-19 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blood Knights
2018-04-06 00:26 - 2018-01-18 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gauntlet Slayer Edition
2018-04-06 00:26 - 2017-12-29 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-Developer1412
2018-04-06 00:26 - 2017-09-29 15:49 - 000000000 ____D C:\Windows\Setup
2018-04-06 00:26 - 2017-09-29 15:46 - 000000000 __RSD C:\Windows\media
2018-04-06 00:26 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Registration
2018-04-06 00:26 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Help
2018-04-05 04:48 - 2017-12-10 01:06 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-04-05 04:19 - 2018-01-19 08:21 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\libraries
2018-04-05 02:38 - 2018-01-21 02:15 - 000000000 ____D C:\Users\Abdal\AppData\Local\AMD
2018-04-05 02:32 - 2018-01-21 02:14 - 000000000 ____D C:\Program Files\AMD
2018-04-05 02:31 - 2018-01-21 02:14 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-04 21:08 - 2017-12-25 22:26 - 000007180 __RSH C:\ProgramData\ntuser.pol
2018-04-04 21:08 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-03 21:37 - 2017-12-22 21:54 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-03 21:37 - 2017-12-22 21:54 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-31 20:35 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\NDF
2018-03-30 23:08 - 2017-12-10 01:25 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-03-30 13:58 - 2018-01-17 18:35 - 000000000 ____D C:\Users\Abdal\AppData\Local\UnrealEngine
2018-03-29 21:37 - 2017-12-07 02:21 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2939746906-1252596266-2071687770-1001
2018-03-29 21:37 - 2017-12-07 02:17 - 000002367 _____ C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-27 20:44 - 2018-03-12 15:56 - 000000000 ____D C:\Users\Abdal\Downloads\MEmu Download
2018-03-25 23:23 - 2017-12-07 16:59 - 001077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2018-03-25 00:05 - 2017-12-07 02:56 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Mozilla
2018-03-24 03:25 - 2018-03-11 21:15 - 000000000 ____D C:\Program Files (x86)\AirDroid
2018-03-24 03:20 - 2018-03-11 22:00 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\AirDroid
2018-03-23 22:03 - 2018-01-18 18:41 - 016415208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 013993952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 002955752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 002563560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 001249256 _____ (AMD) C:\Windows\system32\coinst_17.50.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000875488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000709608 _____ (AMD) C:\Windows\system32\atieclxx.exe
2018-03-23 22:03 - 2018-01-18 18:41 - 000703464 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000556512 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000552936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000480232 _____ C:\Windows\system32\dgtrayicon.exe
2018-03-23 22:03 - 2018-01-18 18:41 - 000470504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000458720 _____ C:\Windows\system32\GameManager64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000382944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000366568 _____ C:\Windows\SysWOW64\GameManager32.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000180200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000159208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000151016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000135656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000069608 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000045544 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000042472 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2018-03-23 22:03 - 2018-01-18 18:41 - 000000700 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2018-03-23 22:03 - 2018-01-18 18:41 - 000000700 _____ C:\Windows\system32\amd-vulkan64.json
2018-03-23 22:03 - 2015-07-31 23:10 - 000548392 _____ C:\Windows\system32\amdmiracast.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000186368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000164504 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000154728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000145976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000131256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000121984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000121984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000119784 _____ C:\Windows\system32\atidxx64.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000116168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000114152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000103400 _____ C:\Windows\SysWOW64\atidxx32.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2018-03-23 22:03 - 2015-07-31 23:10 - 000099304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 001471968 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 001064936 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000467944 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000445928 _____ C:\Windows\system32\amdgfxinfo64.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000414696 _____ C:\Windows\system32\atieah64.exe
2018-03-23 22:03 - 2015-07-31 22:42 - 000361448 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000352232 _____ C:\Windows\system32\clinfo.exe
2018-03-23 22:03 - 2015-07-31 22:42 - 000334816 _____ C:\Windows\SysWOW64\atieah32.exe
2018-03-23 22:03 - 2015-07-31 22:42 - 000233448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000206312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000157672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000133600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2018-03-23 22:03 - 2015-07-31 22:42 - 000124904 _____ (AMD) C:\Windows\system32\atimuixx.dll
2018-03-23 22:03 - 2015-07-02 06:35 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2018-03-23 22:03 - 2015-07-02 06:35 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2018-03-23 22:03 - 2015-07-02 06:34 - 000871840 _____ C:\Windows\SysWOW64\atiapfxx.blb
2018-03-23 22:03 - 2015-07-02 06:34 - 000871840 _____ C:\Windows\system32\atiapfxx.blb
2018-03-20 22:34 - 2017-12-07 02:17 - 000000000 ____D C:\Users\Abdal\AppData\Local\Comms
2018-03-19 20:11 - 2017-12-10 07:29 - 000000000 ____D C:\Users\Abdal\AppData\Local\PlaceholderTileLogoFolder
2018-03-19 20:11 - 2017-12-07 02:15 - 000000000 ____D C:\Users\Abdal\AppData\Local\Packages
2018-03-18 21:29 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\rescache
2018-03-18 15:34 - 2017-12-07 02:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-18 15:34 - 2017-12-07 02:15 - 000000000 ___RD C:\Users\Abdal\3D Objects
2018-03-18 15:29 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\TextInput
2018-03-18 15:29 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-03-17 06:07 - 2017-12-12 01:43 - 000000000 ____D C:\Users\Abdal\AppData\Local\IE Tab
2018-03-16 22:47 - 2017-12-07 06:55 - 000000000 ____D C:\Windows\system32\MRT
2018-03-16 22:39 - 2017-12-07 06:55 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-16 22:39 - 2017-12-07 06:55 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-16 22:35 - 2017-09-29 15:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-03-16 22:35 - 2017-09-29 15:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-03-16 22:34 - 2017-09-29 15:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb80236.sys
2018-03-15 10:56 - 2018-01-22 05:32 - 000000601 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-03-14 17:04 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-14 17:04 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2018-04-11 01:05 - 2018-03-13 17:17 - 000440512 _____ (COMODO) C:\ProgramData\cmdres.dll
2018-02-23 00:16 - 2017-12-25 00:16 - 000000032 ____R () C:\ProgramData\hash.dat
2018-04-12 18:28 - 2018-04-13 01:26 - 000007620 _____ () C:\Users\Abdal\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-11 20:57

==================== End of FRST.txt ============================



#4 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 13 April 2018 - 12:10 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Abdal (13-04-2018 17:47:08)
Running from C:\Users\Abdal\Downloads\Programs
Windows 10 Pro Version 1709 16299.309 (X64) (2017-12-07 09:56:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Abdal (S-1-5-21-2939746906-1252596266-2071687770-1001 - Administrator - Enabled) => C:\Users\Abdal
Administrator (S-1-5-21-2939746906-1252596266-2071687770-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2939746906-1252596266-2071687770-503 - Limited - Disabled)
Guest (S-1-5-21-2939746906-1252596266-2071687770-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2939746906-1252596266-2071687770-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{569F29BA-2D46-439B-8B7C-01D999B9201D}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9F460796-0348-4B11-BCA0-714C4B85E3D7}) (Version: 3.1.2.2 - Intel) Hidden
3DP Chip Lite v17.11.1 (HKLM-x32\...\3DP Chip Lite) (Version: v17.11.1 - 3DP)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Account Verifier (HKLM-x32\...\Account Verifier_is1) (Version:  - )
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Age of Empires II HD The Forgotten (HKLM-x32\...\QWdlb2ZFbXBpcmVzSUlIRFRoZUZvcmdvdHRlbg==_is1) (Version: 1 - )
Age of Empires III (HKLM-x32\...\{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
AhMyth 1.0.0 (only current user) (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\a407c027-bbfb-5f19-8cca-75a9f5fa7adf) (Version: 1.0.0 - AhMyth)
AirDroid 3.6.2.0 (HKLM-x32\...\AirDroid) (Version: 3.6.2.0 - Sand Studio)
Allavsoft 3.15.4.6594 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version:  - Allavsoft Corporation)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.3.4 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Driver Updater 1.11.0.0 (HKLM-x32\...\Auslogics Driver Updater_is1) (Version: 1.11.0.0 - Auslogics Labs Pty Ltd)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.4.0.1226 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Behaviors SDK (XAML) for Visual Studio (HKLM-x32\...\{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Bigasoft Video Downloader Pro 3.15.3.6535 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version:  - Bigasoft Corporation)
BitTorrent (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\BitTorrent) (Version: 7.10.3.44359 - BitTorrent Inc.)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Call of Duty 2 version 1.3.0.0 (HKLM-x32\...\Call of Duty 2_is1) (Version: 1.3.0.0 - Mr DJ)
Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CpuCoreParking (HKLM-x32\...\{62733D95-4AB1-46F7-95AD-68F23E846012}) (Version: 2.0.0.0 - CpuCoreParking)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - )
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
DriverIdentifier 5.1 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Edraw Max (HKLM-x32\...\{AD620B22-EF7C-4BDC-9530-F286ECEFA578}) (Version: 8.7.0 - EdrawSoft) Hidden
Edraw Max (HKLM-x32\...\Edraw Max 8.7.0) (Version: 8.7.0 - EdrawSoft)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{3ECF91A4-EE22-4A3A-921F-36ECAA04C13D}) (Version: 1.1.147.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FIFA 08 (HKLM-x32\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
Friday the 13th: The Game (HKLM-x32\...\Friday the 13th: The Game_is1) (Version:  - )
FxSound Enhancer (HKLM-x32\...\DFX) (Version: 13.020 - FxSound)
GameRanger (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\GameRanger) (Version:  - GameRanger Technologies)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1804.0420 - Garena)
GD Hardware Scan (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD)
Generic USB Gamepad Vibration Driver (HKLM-x32\...\{50CD8B4D-CD82-49D1-9E0A-2B7887448068}) (Version: 1.0.0 - Generic USB Gamepad Vibration Driver)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Hello Neighbor (HKLM-x32\...\Hello Neighbor_is1) (Version:  - )
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HTTP Proxy Injector version 0.0.0.8 (HKLM-x32\...\{63596390-B010-4FEC-B5ED-689972736E50}_is1) (Version: 0.0.0.8 - A-Developer1412)
Human Fall Flat Holiday (HKLM-x32\...\Human Fall Flat Holiday_is1) (Version:  - )
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e7adbf16-34ad-490a-a4e8-feb60fb99973}) (Version: 3.1.2.2 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 152 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180152F0}) (Version: 8.0.1520.16 - Oracle Corporation)
Java SE Development Kit 8 Update 152 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180152}) (Version: 8.0.1520.16 - Oracle Corporation)
JavaScript Tooling (HKLM\...\{2044FC4C-4EA3-4113-BC1E-962DF568D201}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PyCharm Edu 4.0.2 (HKLM-x32\...\PyCharm Edu 4.0.2) (Version: 172.4539 - JetBrains s.r.o.)
join.me (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\JoinMe) (Version: 3.3.1.5358 - LogMeIn, Inc.)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LEGO Worlds (HKLM-x32\...\LEGO Worlds_is1) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.10 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MASS Facebook Account Creator (HKLM-x32\...\MASS Facebook Account Creator2.1.73) (Version: 2.1.73 - Easytech Software Solutions)
MB-Ruler (HKLM-x32\...\{7363206E-C7BD-45CD-89A0-792B28409811}_is1) (Version: 5.3 - Markus Bader)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Policies  (HKLM-x32\...\{256EDCB9-A64D-433C-A1DC-C76F02475915}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{BC247FE3-C61A-4678-86C6-15408F272D57}) (Version: 14.0.17213.0 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{F45421F6-76C3-47EE-8823-7D064A77E1F0}) (Version: 14.0.3881.1 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.4 (HKLM-x32\...\{ac84c935-8f13-4f73-b541-7b09a11bdea8}) (Version: 14.0.17213.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{9D78F5D4-79D2-4FC6-AC56-F364A0ABC54F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{9e6e5a9b-6f0e-40ff-84fb-19cab458402e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mikogo (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Mikogo) (Version: 5.6.0 - BeamYourScreen GmbH)
Mortal Kombat Komplete Edition (HKLM-x32\...\Mortal Kombat Komplete Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Netsparker - Web Application Security Scanner (4.9.5.17582) (HKLM-x32\...\Netsparker) (Version: 4.9.5.17582 - Netsparker Limited)
Nioh: Complete Edition (HKLM-x32\...\Nioh: Complete Edition_is1) (Version:  - )
Nitro Pro (HKLM\...\{ADC36FA0-52D2-46CB-8D3E-84D7F162652B}) (Version: 11.0.7.425 - Nitro)
Node.js (HKLM\...\{91F74847-89FC-44F0-802A-747D265FDA53}) (Version: 8.9.3 - Node.js Foundation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.7.0 - Duodian Technology Co. Ltd.)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
OneKey Optimizer (HKLM-x32\...\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.2.24.01 - Lenovo) Hidden
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.2.24.01 - Lenovo)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OWASP Site Generator v0.80 (HKLM-x32\...\{1455F71F-86DA-4211-8266-D0981C87916C}) (Version: 0.80.0 - OWASP)
ParkControl (HKLM-x32\...\ParkControl) (Version: 1.2.7.6 - Bitsum)
Patch - Edraw Max 8.7.0.588 (HKLM-x32\...\Patch - Edraw Max 8.7.0.588) (Version: 8.7.0.588 - Crackingpatching.com Team)
PDF Converter (HKLM-x32\...\{5BAEACFD-9AC7-4DF9-8E9E-87EE1C6538B4}) (Version: 1.0.0 - Code7248)
PDF Printer for Windows 10 (HKLM\...\PDF Printer for Windows 10_is1) (Version:  - Vivid Document Imaging Technologies)
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 2.0.35.34126 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{ED6ED3F9-31AC-4360-9F30-7909FC5B66CF}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{88332A12-914F-43C2-A1F2-F5E225642EBD}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{1494D0BD-6284-43C2-87A1-5B2F7A5CA5C1}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{37E3FFCA-6A24-4762-826F-4F43F0A97C2E}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{6F3B51B6-B27B-4D14-96C5-4B1C1D1149B7}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{2F895ED2-6998-4C39-8668-7117804D127A}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{9BC922F2-4D2F-4FD6-B7C8-9E1C63B3ED39}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{D20659F5-61A5-4385-A267-77CF442C1CB0}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{EC492F74-CD9C-419A-8FFA-C49319F59955}) (Version: 2.0.36.34130 - Red Software) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Pro Evolution Soccer 2017 (HKLM-x32\...\Pro Evolution Soccer 2017_is1) (Version:  - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Puffin Browser version 7.1.0.811 (HKLM-x32\...\Puffin Browser_is1) (Version: 7.1.0.811 - CloudMosa, Inc.)
Python 2.7.14 (HKLM-x32\...\{0398A685-FD8D-46B3-9816-C47319B0CF5E}) (Version: 2.7.14150 - Python Software Foundation)
Python 3.6.3 (32-bit) (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\{1bb10b8c-6e63-4897-9fb2-3873ce30d7e1}) (Version: 3.6.3150.0 - Python Software Foundation)
Python 3.6.3 Add to Path (32-bit) (HKLM-x32\...\{04AE65E4-FC7A-43A7-AC1E-E3E019EF07F5}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (32-bit debug) (HKLM-x32\...\{0DB6371A-ED50-4FD1-8495-5CEA9E17229A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (32-bit symbols) (HKLM-x32\...\{2A3DA847-A82A-4721-ADF4-7C2E8E67CAB0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (32-bit) (HKLM-x32\...\{52D39C34-E5F5-41AE-88CD-5DE66C9150B4}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (32-bit debug) (HKLM-x32\...\{A8AF8459-79E7-4FD1-A8B7-ECBB8AC12539}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (32-bit) (HKLM-x32\...\{F7D9BDE7-2C35-4F7E-AEBE-9F3028451087}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Documentation (32-bit) (HKLM-x32\...\{20EB04A7-B5EF-485E-9440-F36214C5501D}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit debug) (HKLM-x32\...\{4CB411DF-857C-4692-8C2F-5D8FF2C3810C}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit symbols) (HKLM-x32\...\{4F807546-1DFD-4CC1-9B71-5F651A1E0945}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit) (HKLM-x32\...\{CA16E2AA-4499-4FE5-A88C-174612920734}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 pip Bootstrap (32-bit) (HKLM-x32\...\{DA64A828-F7A9-4A19-97BD-3A9A63CEB972}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit debug) (HKLM-x32\...\{3BA3A409-15A7-416B-85EF-A3EDBE4F2F29}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit symbols) (HKLM-x32\...\{E3EA5E7C-9CC4-4641-8988-D9B7B5A95E98}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit) (HKLM-x32\...\{14843392-E9B3-4031-BCF6-FC00D5791AA8}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit debug) (HKLM-x32\...\{E35569AC-7C2B-446D-B356-098136E7DFFD}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit symbols) (HKLM-x32\...\{933E1EE6-4186-475E-B4BE-B8DD733E9F29}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AE89BB1E-1C06-4556-AA05-A6628DE07BA9}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit debug) (HKLM-x32\...\{3A8E1A30-6897-4E20-95A4-65D8BFF60415}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit symbols) (HKLM-x32\...\{A2FBB4D9-5DC2-4409-BA6F-9D5A9D0D5669}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit) (HKLM-x32\...\{63208505-67AD-4AAC-BD7B-00DE5B83BAF0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Utility Scripts (32-bit) (HKLM-x32\...\{6CF91DC2-CED3-410B-88BB-E048C994AA1A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
Python Tools Redirection Template (HKLM-x32\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
R.A.W. - Realms of Ancient War (HKLM-x32\...\R.A.W. - Realms of Ancient War_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roblox Player for Abdal (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Rules of Survival version 1.140497.141609 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.140497.141609 - Hong Kong Netease Interactive Entertainment Limited)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.22 (64-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC)
Scratch 2 Offline Editor (HKLM-x32\...\{7CD894B0-306F-6177-ECDD-B81E06BA4C83}) (Version: 255 - Massachusetts Institute of Technology) Hidden
Screenleap (HKLM-x32\...\{F5358512-741D-44AB-B397-121E5B2DBC90}) (Version: 13.3 - Screenleap, Inc.)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
SharePoint Client Components (HKLM\...\{95150001-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.24.9651 - SoftEther VPN Project)
SQL Server 2017 Analysis Services (HKLM\...\{318D7429-28C1-4F0A-B9DE-A25F0D1FA5CA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Analysis Services (HKLM\...\{5B485C7F-A833-40C1-9080-1A2F30CEB4E2}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{6CE9A8AA-C478-4706-BD28-95993D52B5A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{D17B5D3D-3BC7-4AFA-AD90-600B5453826E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Data quality service (HKLM\...\{85583F70-5D51-4A6A-A896-F51E190E35FB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Data quality service (HKLM\...\{93B2CA2D-9E55-447C-8AC8-E7CB81F8CC0E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Full text search (HKLM\...\{C37AD300-12CF-4911-9019-A05D66055EB4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{6BD8D100-B16C-409E-B0EA-BF508D7874EC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{91C5EE43-29D1-4720-AB65-5E2E0FE25990}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{6492E746-1C5D-48C2-A92A-97D431F74664}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{70C24F35-7E36-45FC-B289-3D2849E5556B}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Data Quality Common (HKLM\...\{CC2BCB9E-24C0-4681-B2E7-80B0DBC6211E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{1B8CFC46-1F08-4DA7-9FEA-E1F523FBD67F}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{F8ADD24D-F2F2-465C-A675-F12FDB70DB82}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{CC6997A7-1638-4E38-B6CF-E776997036B0}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{4DDEB555-26D2-4E68-98AF-8F96232C13F2}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{CFCC9F40-E234-499E-B3DA-BEF6CC724C35}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Taskbar Hide (HKLM-x32\...\Taskbar Hide) (Version:  - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.5640 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Cursed Crusade (HKLM-x32\...\The Cursed Crusade_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Tora (64 bit) (HKLM\...\{2C4A5817-F077-4D45-A155-82DDFCBBBD80}) (Version: 3.2.82.0 - TOra)
Trine 3: The Artifacts of Power (HKLM-x32\...\Trine 3: The Artifacts of Power_is1) (Version:  - )
Trinus AIOVR version 0.5.1 (HKLM-x32\...\{C5AC423D-84AC-45D8-B304-5A369C17D392}}_is1) (Version: 0.5.1 - Odd Sheep SL)
TrinusVR version 2.1.5 (HKLM-x32\...\{A66AD08F-FC5B-4583-9A7D-4636F5637B2C}_is1) (Version: 2.1.5 - Odd Sheep SL)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
UltraISO Premium V9.71 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unreal Development Kit: 2012-07 (HKLM\...\UDK-e108ef83-9abb-45d0-9ea2-78326e772eac) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: 2007.07.3 - )
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
Viscera Cleanup Detail (HKLM-x32\...\Viscera Cleanup Detail_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - AMD (amdkmpfd) System  (10/19/2017 17.50.0.0000) (HKLM\...\03B6CE97C907E6AC5322B429A93FD7F521E139FE) (Version: 10/19/2017 17.50.0.0000 - AMD)
Windows Driver Package - Cypress Semiconductor, Inc (cykbfltrService) Keyboard  (06/24/2015 2.5.1.72) (HKLM\...\1ECD12B803C107D8EDB315C6205B99B9E2265F43) (Version: 06/24/2015 2.5.1.72 - Cypress Semiconductor, Inc)
Windows Driver Package - ELAN SMBus (ETDSMBus) System  (12/14/2017 24.12.0.4) (HKLM\...\BCC38687BCFA2BC66E715AF3F36ABE30D5E0F413) (Version: 12/14/2017 24.12.0.4 - ELAN SMBus)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Intel (ICCWDT) System  (09/19/2017 11.7.0.1000) (HKLM\...\EEBA6EE175220DFB953515EBCFE35388B3811FA5) (Version: 09/19/2017 11.7.0.1000 - Intel)
Windows Driver Package - Intel (MEIx64) System  (01/16/2018 1803.12.0.1093) (HKLM\...\92903FEBE6DB7EE9B14CE034036E874FC1057826) (Version: 01/16/2018 1803.12.0.1093 - Intel)
Windows Driver Package - Intel Corporation (btmaux) BluetoothAuxiliary  (10/26/2017 20.20.0.2) (HKLM\...\EC18A039BBF142EB6AA1520888C9CA5546AAA6A4) (Version: 10/26/2017 20.20.0.2 - Intel Corporation)
Windows Driver Package - Intel hdc  (07/31/2013 9.5.0.1005) (HKLM\...\CFD986494125AFC7A58F5213B3FBFC32A051F5A8) (Version: 07/31/2013 9.5.0.1005 - Intel)
Windows Driver Package - INTEL System  (11/11/2017 10.1.1.44) (HKLM\...\78D370C32F6AEE963334E22E0E03A513FA752E53) (Version: 11/11/2017 10.1.1.44 - INTEL)
Windows Driver Package - INTEL System  (11/11/2017 10.1.1.44) (HKLM\...\ADCB706DCCD57F65A9DE792095F987C072853C9B) (Version: 11/11/2017 10.1.1.44 - INTEL)
Windows Driver Package - INTEL USB  (11/11/2017 10.1.1.44) (HKLM\...\6272235361BC75B12CD9F3E84F7335BC4D0C77CA) (Version: 11/11/2017 10.1.1.44 - INTEL)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (01/26/2018 15.11.28.184) (HKLM\...\28290D444D77F367B00F958125C128F40BB6C0D8) (Version: 01/26/2018 15.11.28.184 - Lenovo)
Windows Driver Package - LXD Company (HidUsb) HIDClass  (01/26/2013 21.8.1.319) (HKLM\...\CAAE11D4E4DF0C6208A674299DF9A85B6A5B30A7) (Version: 01/26/2013 21.8.1.319 - LXD Company)
Windows Driver Package - Qualcomm Atheros Communications (AthBTPort) BluetoothVirtual  (06/22/2016 4.0.0.688) (HKLM\...\01069D6802A68D1F83307E6BCAE2264CE16C91D4) (Version: 06/22/2016 4.0.0.688 - Qualcomm Atheros Communications)
Windows Driver Package - Realtek (rt640x64) Net  (01/19/2018 10.025.0119.2018) (HKLM\...\05E54C8BB51CAF1C3D957DBB29D9AEE097CD139E) (Version: 01/19/2018 10.025.0119.2018 - Realtek)
Windows Driver Package - Realtek Camera  (03/14/2018 10.0.16299.20029) (HKLM\...\64B5871FE2B085CBFAF78C83F865F19AD2617E13) (Version: 03/14/2018 10.0.16299.20029 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. (RTSUER) USB  (02/27/2018 10.0.16299.31241) (HKLM\...\2ED8ED7B356FF47FC213BB75680723BA40A8DDCA) (Version: 02/27/2018 10.0.16299.31241 - Realtek Semiconductor Corp.)
Windows Driver Package - Surface Battery  (05/23/2017 1.2.28.0) (HKLM\...\CAAD91B24DF4F14E41EF0AE59A69DE74F30A641F) (Version: 05/23/2017 1.2.28.0 - Surface)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wirecast (HKLM\...\{AE5F5637-A698-4ED2-87A3-F520A563DDBF}) (Version: 7.6.0 - Telestream LLC)
Wireshark 2.4.4 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.4 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Filmora(Build 8.0.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Workflow Manager Client 1.0 (HKLM\...\{199C6892-5DED-409B-88B2-3BE6421552B2}) (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{E1F79421-EC32-437F-8525-ABE902C85AC5}) (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Worms Reloaded - Game of the Year Edition (HKLM-x32\...\Worms Reloaded - Game of the Year Edition_is1) (Version:  - )
XSplit Broadcaster (HKLM-x32\...\{EAF6A5D2-2F0E-48B3-AAAC-D609C9CE6A86}) (Version: 3.2.1711.2907 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-12-05] ()
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2018-01-24] (Nitro Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-03-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-04-23] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {082FA49E-CA26-425D-B200-8E909739EAD8} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-03-22] (Advanced Micro Devices, Inc.)
Task: {144194D1-2205-4389-ACC9-BBEBB34E94BD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {17FDB31D-6307-4D0A-99A4-FCC297F167E8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {1EA9ABBD-4404-4BB6-AF08-AA6B56476F32} - System32\Tasks\ParkControl => C:\Program Files\ParkControl\parkcontrol.exe [2018-01-18] (Bitsum LLC)
Task: {250A9F0C-0078-4319-B45D-30ED526FDA8D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe
Task: {2670B637-64F1-468E-A338-9DE2956E0F49} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2018-04-04] (Garena Online )
Task: {3A727130-4DD4-4346-9FB8-184304C72BE6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-01] (Microsoft Corporation)
Task: {47822082-1648-452B-A8A3-D0A1BFD71996} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {5AA068AA-73A8-491B-9AD7-046A455B1159} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {5E0295B5-7C2E-4CAB-BEB7-0BD99A22D60D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {5F98BEE1-F8A7-48DC-8F6A-A201B6E998C6} - \Auslogics\Driver Updater\Start Driver Updater оn Abdal logon -> No File <==== ATTENTION
Task: {66496D6E-0E9D-4435-9207-C5F5EA9749B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-01] (Microsoft Corporation)
Task: {68015B03-342B-442E-A4AE-FE600F4AE0BB} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {736579A0-5FBB-41B3-B6EC-D2625CD6CE5B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {9B452081-5456-4694-BCA7-5925CEB387E6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2c9d19cf-fad8-480e-9486-a708fb163030 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {9E975910-4796-4D18-9606-8E403AA17367} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {AE6377D5-9251-43E0-BD46-6271713A8F2B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\600d49f4-7a6e-4af3-bd96-9e0865327bd5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {B3FD45F6-473B-4BE8-B89D-869CE140830B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\65088029-c685-40b1-abb2-72d435dae47c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {B98147C5-BB7A-46F6-BCCA-B3675ED97B9F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe
Task: {D5528807-7CDF-49A0-A8AC-BE7F6EB572F5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bd7c6ea8-1cd4-4d20-9ed8-bea86f3b1dc4 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {D9C2F8F9-BDE2-4F02-A6E8-06E2844220B6} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [2018-03-02] (Lenovo Group Limited)
Task: {D9E01480-2E1D-4B99-B9C1-C61A55043CA1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {F55809CC-9BD8-4F45-BED7-3329F0E336FB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-11-01] (@ByELDI)
Task: {FF1F52DD-ECCC-4D35-AE14-1B7E52F360A6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-03-22] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-09-29 15:41 - 2017-09-29 15:41 - 000419840 _____ () c:\windows\system32\SSDM.dll
2017-12-10 07:34 - 2012-08-31 15:03 - 000288768 _____ () C:\Windows\System32\HP1100LM.DLL
2017-12-10 07:34 - 2012-08-31 15:02 - 000074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2018-01-20 22:57 - 2015-01-30 11:03 - 000037672 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2018-01-20 22:57 - 2015-01-30 11:03 - 000166696 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2018-03-01 14:51 - 2018-03-01 14:51 - 008901800 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2018-03-16 22:33 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-16 22:33 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-24 03:15 - 2018-03-24 03:19 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-24 03:15 - 2018-03-24 03:19 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-24 03:15 - 2018-03-24 03:20 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-24 03:15 - 2018-03-24 03:19 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-24 03:15 - 2018-03-24 03:16 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-10 01:46 - 2018-01-10 01:46 - 000791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2018-01-10 01:46 - 2018-01-10 01:46 - 000097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2018-01-20 22:57 - 2015-01-30 11:03 - 000043304 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2017-12-15 21:17 - 2017-12-15 21:17 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-12-15 21:17 - 2017-12-15 21:17 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-01-20 22:57 - 2015-01-30 11:04 - 000036136 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2018-01-20 22:57 - 2015-01-27 15:34 - 000159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2017-10-13 08:46 - 2017-10-13 08:46 - 000266424 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\libprotobuf-lite.dll
2018-04-04 14:45 - 2018-04-04 14:45 - 001442624 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\libs\gxx_pipe_engine.dll
2018-04-04 14:45 - 2018-04-04 14:45 - 002206528 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\libs\FSFileSytem.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Program Files (x86)\Netsparker:{32006F00-6E00-5600-5800-5A0050006200} [620]
AlternateDataStreams: C:\Program Files (x86)\Netsparker:{38003100-6600-3700-6C00-300078003900} [192]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\AirDroid:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Allavsoft:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Assassin's Creed Revelations:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Bandicam:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Banished:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\BlackSquad:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\BloodKnights:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\FeedbackHub:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\FIFA 08:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\FreeReign:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\KoeiTecmo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\KONAMI:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Leapdroid:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Mikogo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\My ISO Files:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\MyEtherWallet:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Netsparker:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\SQL Server Management Studio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Tunngle:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Visual Studio 2015:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\WindowsPowerShell:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Wondershare Filmora:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2018-04-11 02:36 - 000005500 ____N C:\Windows\system32\Drivers\etc\hosts

92.222.90.20  localhost
92.222.90.20  www.puasaciter.com
92.222.90.20  puasaciter.com
92.222.90.20  mrcheat.us
92.222.90.20  www.mrcheat.us
92.222.90.20  citpekalongan.net
92.222.90.20  www.citpekalongan.net
92.222.90.20  www.pekalongan-kommuniti.net
92.222.90.20  wawcheatvip.blogspot.co.id
92.222.90.20  wawcheatvip.blogspot.com
92.222.90.20  waw-jakarta-cheater.blogspot.co.id
92.222.90.20  waw-jakarta-cheater.blogspot.com
92.222.90.20  pekalongan-kommuniti-cheat.blogspot.com
92.222.90.20  pekalongan-kommuniti-cheat.blogspot.co.id
92.222.90.20  www.pekalongankomuniti.com
92.222.90.20  pekalongan-kommunitiy.blogspot.com
92.222.90.20  pointblankidhack.xyz
92.222.90.20  pekalongan-kommuniti.net
92.222.90.20  rhm-files.blogspot.co.id
92.222.90.20  www.rhm-files.blogspot.co.id
92.222.90.20  rhm-files.blogspot.com
92.222.90.20  www.rhm-files.blogspot.com
92.222.90.20  rhm-files.blogspot.sg
92.222.90.20  www.rhm-files.blogspot.sg
92.222.90.20  rhm-files.blogspot.co.uk
92.222.90.20  www.rhm-files.blogspot.co.uk
92.222.90.20  rhm-files.blogspot.de
92.222.90.20  www.rezpektor-key.net
92.222.90.20  rezpektor-key.net
92.222.90.20  vista-tigabelas.blogspot.com

There are 125 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abdal\OneDrive\Desktop\backs\37.jpg
HKU\S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: CG6Service => 2
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: FastbootService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: KMS-R@1n => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MEmusvc => 2
MSCONFIG\Services: Mikogo-Service => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PDFescape Desktop => 3
MSCONFIG\Services: PDFescape Desktop Creator => 2
MSCONFIG\Services: PinnacleUpdateSvc => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: SEVPNCLIENT => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 3
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\Services: Win10PDFPrinting => 2
MSCONFIG\Services: WindscribeService => 2
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "USB Gamepad"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Win10PDF"
HKLM\...\StartupApproved\Run32: => "FxSound Enhancer"
HKLM\...\StartupApproved\Run32: => "chrome"
HKLM\...\StartupApproved\Run32: => "XPE"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\StartupFolder: => "GameRanger.lnk"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Google Updater"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A87E0604F90DEBC18D61BDF62CF57B38"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Mikogo"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Screenleap"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "ExpressVPN4"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "MicrosoftRuntime"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Voobly"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F291CB81-CB34-4395-A3FB-9DD9B798D774}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{C4681245-E550-4E49-80EB-34E08F2DBCC5}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{554EA3A6-A99D-495E-822F-C8F158EBBCDA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{3C1CF549-EB71-4557-B8A5-EABDC57B9F89}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{85757D0D-395C-4C0B-BE39-3CBCEAFFF560}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{E439C3C1-7985-4348-B4F1-E53596C4B531}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{D593BFB0-0AF2-4FFE-8FE3-8D4025291C11}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{ECC96B50-F58A-46E3-830A-CE7A5250935C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{25B4483C-05B7-451B-9220-519E8C07FE60}] => (Allow) C:\Users\Abdal\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CEEC8DF8-D015-4C4B-B643-B00F6B176363}] => (Allow) C:\Users\Abdal\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{72D48966-ECC5-47D6-B52A-02E9DF03F3B9}E:\offline games\7.days.to.die.alpha.15.steam.edition.x64\7daystodie.exe] => (Allow) E:\offline games\7.days.to.die.alpha.15.steam.edition.x64\7daystodie.exe
FirewallRules: [UDP Query User{A5CDD5DA-34E7-4698-9DA2-BAD4BFF5DA3A}E:\offline games\7.days.to.die.alpha.15.steam.edition.x64\7daystodie.exe] => (Allow) E:\offline games\7.days.to.die.alpha.15.steam.edition.x64\7daystodie.exe
FirewallRules: [TCP Query User{3959D3F1-4E41-485E-ACE4-50B1D5DFA394}C:\program files\telestream\wirecast\wirecast.exe] => (Allow) C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [UDP Query User{73AEFF15-3ACC-422A-B5AD-6494ABD53869}C:\program files\telestream\wirecast\wirecast.exe] => (Allow) C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [{48C1B8B5-58BC-49C3-83B7-E6E12332F806}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{BE9C8F4F-42A4-44BB-AC8E-88A70412267D}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.Core.exe
FirewallRules: [{4E52B4D9-C2CC-43F7-8798-B897A1A4EE1E}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.cam.exe
FirewallRules: [{A3D83EF8-3E6E-471A-BAC6-21E6F4784440}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.Core.exe
FirewallRules: [{946BAFF0-4215-4BF6-B9FE-180C6288C599}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.cam.exe
FirewallRules: [{3747E3D2-50E9-4E2C-BA4F-B5D50E3CF9EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{952C7957-048A-4ED9-BB3C-618FE9F1E315}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BCC7BB33-5C56-4530-9524-AF106790C485}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{277C92BD-B32F-48B2-803E-1C3CC1984A90}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB43AD77-1043-4725-A9FC-4D9CAD345095}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{34FC47C5-718A-4E0F-9E0F-C5BC83E069D8}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [TCP Query User{AF80F1F7-C28B-42F0-8AC4-DA19B3257A93}C:\python27\pythonw.exe] => (Allow) C:\python27\pythonw.exe
FirewallRules: [UDP Query User{223FBB00-39E4-4FE3-9A51-2EFB98CE43A4}C:\python27\pythonw.exe] => (Allow) C:\python27\pythonw.exe
FirewallRules: [TCP Query User{DDF75EA6-231E-4A24-B622-17F486F76EEB}C:\users\abdal\appdata\local\programs\ahmyth\ahmyth.exe] => (Allow) C:\users\abdal\appdata\local\programs\ahmyth\ahmyth.exe
FirewallRules: [UDP Query User{1FB825D7-7432-451F-A514-E5B0A723D67F}C:\users\abdal\appdata\local\programs\ahmyth\ahmyth.exe] => (Allow) C:\users\abdal\appdata\local\programs\ahmyth\ahmyth.exe
FirewallRules: [TCP Query User{C5D5E65B-7181-40A1-8E7F-0ABA33051F1F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{340CFD13-DC13-4DA0-AA57-9836EE93587E}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [TCP Query User{39D3F554-A8E1-4868-8AC1-031B12583407}C:\program files\java\jre1.8.0_152\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_152\bin\javaw.exe
FirewallRules: [UDP Query User{C56FAF4B-DE62-497D-AA41-EC2C5A4910CF}C:\program files\java\jre1.8.0_152\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_152\bin\javaw.exe
FirewallRules: [{E37216A8-631E-46DC-B0AB-AED7DD073D91}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{BA7FE374-000A-49E8-AD8A-0DFFEEB0F72A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{D2561ED4-7147-45F9-B45E-8845FB2C46FC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{DE3306F1-2792-4BC3-96F6-6859BF49DD17}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{502A2AE7-275A-4F7E-B127-167FA202F8E4}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{64D776DE-0AFB-44EB-8B4D-026538D97881}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{1DBBD090-EDFF-4E7C-89E2-F6511316634C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{723D5335-FEB2-493D-9CE8-6ADA2D50245E}] => (Allow) LPort=12292
FirewallRules: [{F4C871B7-DC44-4CEF-9C51-24D7B291C79C}] => (Allow) D:\Games\Mr DJ\Call of Duty 2\CoD2SP_s.exe
FirewallRules: [{76E487E5-97D3-4979-81AE-5494F9BE5682}] => (Allow) D:\Games\Mr DJ\Call of Duty 2\CoD2SP_s.exe
FirewallRules: [TCP Query User{E8F61A1A-3D04-4411-9786-D3C0C35F17A9}D:\games\mr dj\call of duty 2\cod2mp_s.exe] => (Allow) D:\games\mr dj\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{C1F7BDDC-DD5B-4DE8-91A7-6780C508FD19}D:\games\mr dj\call of duty 2\cod2mp_s.exe] => (Allow) D:\games\mr dj\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{B668B45A-E39D-4415-AF39-2FED0B4AD7A4}C:\program files (x86)\trinusvr\tgserver.exe] => (Allow) C:\program files (x86)\trinusvr\tgserver.exe
FirewallRules: [UDP Query User{BC0C17DC-D6F6-48B6-8DFF-C7724C509E50}C:\program files (x86)\trinusvr\tgserver.exe] => (Allow) C:\program files (x86)\trinusvr\tgserver.exe
FirewallRules: [TCP Query User{3BD1A34B-AEEA-44EA-98EB-28E0BFE04F59}C:\program files (x86)\trinus aiovr\trinusaiovr.exe] => (Allow) C:\program files (x86)\trinus aiovr\trinusaiovr.exe
FirewallRules: [UDP Query User{F03DF382-AA09-4531-9CA9-D69C0B5F9E59}C:\program files (x86)\trinus aiovr\trinusaiovr.exe] => (Allow) C:\program files (x86)\trinus aiovr\trinusaiovr.exe
FirewallRules: [{9867CDE5-DC0C-4B6B-8F3F-C248EF74EC3F}] => (Allow) D:\Online\Steam\Steam.exe
FirewallRules: [{FD702C03-F13E-4A7A-8CDD-D0B18F781A13}] => (Allow) D:\Online\Steam\Steam.exe
FirewallRules: [{4194865A-8EBC-42C4-A830-5DD47D00C172}] => (Allow) D:\Online\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F3DDAD3A-B2B2-47C8-BCA9-F76130B35D38}] => (Allow) D:\Online\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{36E1805E-C650-4821-B389-668E30331FA8}E:\offline games\multi\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) E:\offline games\multi\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{3F7F4CE2-B2FB-44CC-9223-BE468E08F756}E:\offline games\multi\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) E:\offline games\multi\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [{ED16F0DA-9815-4DB7-ABDE-383463B40F82}] => (Block) E:\offline games\multi\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [{674002A4-FE46-411F-B582-432D4851C243}] => (Block) E:\offline games\multi\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{123F6793-3D6B-466F-AE2A-8A1BB1F07DED}E:\offline games\multi\the cursed crusade\tcc.exe] => (Allow) E:\offline games\multi\the cursed crusade\tcc.exe
FirewallRules: [UDP Query User{69E589F8-211C-4C32-B6D5-C3AC3C914CDE}E:\offline games\multi\the cursed crusade\tcc.exe] => (Allow) E:\offline games\multi\the cursed crusade\tcc.exe
FirewallRules: [{F6639453-2005-4638-B905-BB6FBCCF043E}] => (Block) E:\offline games\multi\the cursed crusade\tcc.exe
FirewallRules: [{32AFDB0F-D1C8-424B-B586-665E9658F326}] => (Block) E:\offline games\multi\the cursed crusade\tcc.exe
FirewallRules: [TCP Query User{7D0044B0-D335-495C-82D3-42F35BC1DA57}E:\offline games\multi\castlecrashers.v2.7.inclu.dlc\castle.exe] => (Allow) E:\offline games\multi\castlecrashers.v2.7.inclu.dlc\castle.exe
FirewallRules: [UDP Query User{031BA9C2-1CE8-4AD8-ABD3-429BA5E3977D}E:\offline games\multi\castlecrashers.v2.7.inclu.dlc\castle.exe] => (Allow) E:\offline games\multi\castlecrashers.v2.7.inclu.dlc\castle.exe
FirewallRules: [{60DC555D-78D6-4A8F-A96A-060CA551991A}] => (Block) E:\offline games\multi\castlecrashers.v2.7.inclu.dlc\castle.exe
FirewallRules: [{7FD36813-1C8C-4CAF-B860-0170A32AACB1}] => (Block) E:\offline games\multi\castlecrashers.v2.7.inclu.dlc\castle.exe
FirewallRules: [TCP Query User{28F72A2D-AB3F-470A-81B4-E7AE7253F246}E:\offline games\far cry primal\bin\fcprimal.exe] => (Allow) E:\offline games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{B7833EE9-690F-47C0-8AB8-91732BDEF522}E:\offline games\far cry primal\bin\fcprimal.exe] => (Allow) E:\offline games\far cry primal\bin\fcprimal.exe
FirewallRules: [{7A2B7B8E-33AC-4AC9-A3D1-7F7F9B3AD771}] => (Block) E:\offline games\far cry primal\bin\fcprimal.exe
FirewallRules: [{A8442936-65B6-4EB4-97D2-664FBF499BA1}] => (Block) E:\offline games\far cry primal\bin\fcprimal.exe
FirewallRules: [{CE08AB19-F544-462A-A5C3-405AEB8A23F4}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{B4E312AA-E890-4E1B-9A5E-5B3DBBB55408}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{D9495973-8703-44E4-AA27-8AA2549343C6}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{46F541EA-31D8-4D1C-BD10-C7BC06CFAB08}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [TCP Query User{96FB48ED-FED8-418E-8360-C40B967F1ED4}E:\offline games\multi\mortal kombat komplete edition\mkke.exe] => (Allow) E:\offline games\multi\mortal kombat komplete edition\mkke.exe
FirewallRules: [UDP Query User{599FBDC3-2DF3-4C63-8641-897E0F32D758}E:\offline games\multi\mortal kombat komplete edition\mkke.exe] => (Allow) E:\offline games\multi\mortal kombat komplete edition\mkke.exe
FirewallRules: [{9ED50047-6768-4F12-BC8D-3057F41F8C1A}] => (Block) E:\offline games\multi\mortal kombat komplete edition\mkke.exe
FirewallRules: [{8FF17E4E-93B9-47C4-93BB-782B5B3D8898}] => (Block) E:\offline games\multi\mortal kombat komplete edition\mkke.exe
FirewallRules: [TCP Query User{1408D1C5-6A8E-4CF0-AD8E-81D969ECF13F}C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe
FirewallRules: [UDP Query User{844AD387-882E-4E55-A21C-6A624E0269BD}C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe
FirewallRules: [TCP Query User{2058021E-3D69-4651-A972-70FEC68EB279}E:\offline games\multi\gang beasts\gang beasts.exe] => (Allow) E:\offline games\multi\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{BCFA54AF-1163-4170-9238-852EA29A4824}E:\offline games\multi\gang beasts\gang beasts.exe] => (Allow) E:\offline games\multi\gang beasts\gang beasts.exe
FirewallRules: [{7B6D8BBA-18F6-4068-990B-895038788316}] => (Block) E:\offline games\multi\gang beasts\gang beasts.exe
FirewallRules: [{B12DA1F3-1B57-4672-84E0-55D2DB37B7D8}] => (Block) E:\offline games\multi\gang beasts\gang beasts.exe
FirewallRules: [{B82FAE76-8851-4CCB-B921-0B298A7AAE63}] => (Allow) LPort=8318
FirewallRules: [{1A8D1E3B-BB08-415D-9E9F-AC28D3FD670D}] => (Allow) D:\Online\Steam\steamapps\common\AdventureQuest3D\AQ3D.exe
FirewallRules: [{FDB8FD07-F9CE-4583-A0D0-C3BDA8A792CD}] => (Allow) D:\Online\Steam\steamapps\common\AdventureQuest3D\AQ3D.exe
FirewallRules: [{B018CCE0-2069-4FFE-9C6F-7364D7969159}] => (Allow) D:\Online\Steam\steamapps\common\Construct2\Construct2.exe
FirewallRules: [{1BB47A9A-9586-4711-B0B7-49A2D03D170C}] => (Allow) D:\Online\Steam\steamapps\common\Construct2\Construct2.exe
FirewallRules: [TCP Query User{DC148DBA-57FF-4248-BD10-506168B1CD36}E:\programs\android\anroidstudio\jre\bin\java.exe] => (Allow) E:\programs\android\anroidstudio\jre\bin\java.exe
FirewallRules: [UDP Query User{DA881723-FFC1-4FA3-BEFF-E199BD0BF6D7}E:\programs\android\anroidstudio\jre\bin\java.exe] => (Allow) E:\programs\android\anroidstudio\jre\bin\java.exe
FirewallRules: [TCP Query User{573C0794-CAF4-4F99-BD3C-A5D43F1EF857}E:\offline games\viscera cleanup detail\binaries\win32\udk.exe] => (Allow) E:\offline games\viscera cleanup detail\binaries\win32\udk.exe
FirewallRules: [UDP Query User{4705CC2E-2040-40CC-AD88-F4C6BB09EBB9}E:\offline games\viscera cleanup detail\binaries\win32\udk.exe] => (Allow) E:\offline games\viscera cleanup detail\binaries\win32\udk.exe
FirewallRules: [TCP Query User{DD2EB38A-743C-4420-B6B8-4FB9A15FEC58}E:\offline games\software.inc.v9.2.1\software inc.exe] => (Block) E:\offline games\software.inc.v9.2.1\software inc.exe
FirewallRules: [UDP Query User{4B04CF09-7488-4601-B2D9-E185F4FA63EE}E:\offline games\software.inc.v9.2.1\software inc.exe] => (Block) E:\offline games\software.inc.v9.2.1\software inc.exe
FirewallRules: [TCP Query User{9EAAB277-DB46-47D4-A1F4-11B7C49194C5}E:\offline games\acs\assassin's creed ii\assassinscreediigame.exe] => (Block) E:\offline games\acs\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [UDP Query User{72DFE766-1398-46EC-A641-06A222BD9415}E:\offline games\acs\assassin's creed ii\assassinscreediigame.exe] => (Block) E:\offline games\acs\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [{C525CAB3-8E51-4533-BB16-B69E489FC82A}] => (Allow) LPort=42474
FirewallRules: [{53F036C4-8B79-45AA-8C95-6FB996AE8F7D}] => (Allow) LPort=42474
FirewallRules: [{13B2F8AB-FFAA-47C7-8239-A50B4D1067AD}] => (Allow) LPort=42474
FirewallRules: [{B5AC961D-6B45-46C8-A142-920F9E610A50}] => (Allow) LPort=42474
FirewallRules: [TCP Query User{41768B09-DACE-4036-8535-47C2F34AD388}E:\programs\android\anroidstudio\jre\bin\java.exe] => (Allow) E:\programs\android\anroidstudio\jre\bin\java.exe
FirewallRules: [UDP Query User{D03BCC2E-3CB8-4FFF-A7F8-8732522A6BD9}E:\programs\android\anroidstudio\jre\bin\java.exe] => (Allow) E:\programs\android\anroidstudio\jre\bin\java.exe
FirewallRules: [TCP Query User{CC9DCEBC-9931-47E1-AA46-8647DD72C566}E:\offline games\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) E:\offline games\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [UDP Query User{C5F80D88-630F-400F-8867-CC61A3A98619}E:\offline games\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) E:\offline games\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [TCP Query User{D6FC9442-6E0E-48D2-99EE-6082FB6C4F68}C:\program files (x86)\internet download manager\idman.exe] => (Allow) C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [UDP Query User{9348B423-E3D6-4047-BD79-E522662A50B1}C:\program files (x86)\internet download manager\idman.exe] => (Allow) C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [{4D96F1E4-8BBB-425C-85F6-CBC5BC89BE5E}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{03189D04-7FE1-454A-8A51-F1F9999D6FA7}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{BE365732-2CED-4E9A-B96C-5F18F55E1FC2}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3FF05167-4939-4A46-ABA4-77D6E53D5527}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{7458F200-0DFE-47CB-A57A-129668DE077F}E:\offline games\worms reloaded\game\wormsreloaded.exe] => (Allow) E:\offline games\worms reloaded\game\wormsreloaded.exe
FirewallRules: [UDP Query User{BADB8678-8476-47E6-B4C6-2BCF269BFB1F}E:\offline games\worms reloaded\game\wormsreloaded.exe] => (Allow) E:\offline games\worms reloaded\game\wormsreloaded.exe
FirewallRules: [{CFECAFC6-CBB9-4C6D-A6ED-4A4F9E6F3D47}] => (Block) E:\offline games\worms reloaded\game\wormsreloaded.exe
FirewallRules: [{7A61A9DC-815A-4B26-9DEA-95009489BFD7}] => (Block) E:\offline games\worms reloaded\game\wormsreloaded.exe
FirewallRules: [TCP Query User{CC421852-1EC0-4E2C-BF30-8F0875002226}C:\users\abdal\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\abdal\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{E1263882-0B5E-4789-B67A-D7659CEE6406}C:\users\abdal\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\abdal\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{9153C0A5-5883-4204-9EF5-408D983D2AA4}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0D4B9D06-24C5-49CA-B16D-2E8B98E53740}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{F4384163-4F98-4DA1-BD5A-3E0AE4AFEE4D}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{0EA985D6-FB8A-41C5-B883-28B8EFA2D438}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{DE1E1AD4-687A-48A1-BDA2-9FD3D42AB168}D:\online\aoe series\age of empires iii\age3.exe] => (Allow) D:\online\aoe series\age of empires iii\age3.exe
FirewallRules: [UDP Query User{2CDA94FC-6FB1-41D3-BF86-49F81994774C}D:\online\aoe series\age of empires iii\age3.exe] => (Allow) D:\online\aoe series\age of empires iii\age3.exe
FirewallRules: [{B2896ED7-C566-40CE-897C-A10A5762313F}] => (Allow) D:\Online\Steam\steamapps\common\Way of Hero\WayOfHero.exe
FirewallRules: [{9C705676-88DD-46E2-A32A-1EC67B5D24BB}] => (Allow) D:\Online\Steam\steamapps\common\Way of Hero\WayOfHero.exe
FirewallRules: [TCP Query User{F769764D-1621-4295-9B24-1C849CE96953}E:\offline games\multi\gauntlet slayer edition\binaries\gauntlet.exe] => (Allow) E:\offline games\multi\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [UDP Query User{430B6209-C133-49AA-A99E-4AD1749988D7}E:\offline games\multi\gauntlet slayer edition\binaries\gauntlet.exe] => (Allow) E:\offline games\multi\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [{132E6A56-C110-4722-B428-2AFBBC46A7A1}] => (Block) E:\offline games\multi\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [{057323D6-0457-449A-B5D0-D73A0D7B2F22}] => (Block) E:\offline games\multi\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [{CF4E1EEA-55A8-4437-851C-7F5E4C8CDC26}] => (Allow) D:\Online\Steam\steamapps\common\Dawn\Dawn.exe
FirewallRules: [{FB55E169-2698-4365-B610-040911F20D05}] => (Allow) D:\Online\Steam\steamapps\common\Dawn\Dawn.exe
FirewallRules: [TCP Query User{BB98A80A-C5CA-47D0-9295-4B342ABC7E79}E:\offline games\acs\assassin's creed revelations\acrsp.exe] => (Allow) E:\offline games\acs\assassin's creed revelations\acrsp.exe
FirewallRules: [UDP Query User{CBD4677E-247A-46B2-92E7-441DC06DEBED}E:\offline games\acs\assassin's creed revelations\acrsp.exe] => (Allow) E:\offline games\acs\assassin's creed revelations\acrsp.exe
FirewallRules: [{19EAAE9F-24AD-4DB8-B90B-B6460C61443A}] => (Block) E:\offline games\acs\assassin's creed revelations\acrsp.exe
FirewallRules: [{E3A2286F-9431-4CF8-A858-D4B3CDC4F243}] => (Block) E:\offline games\acs\assassin's creed revelations\acrsp.exe
FirewallRules: [{5B26FC7F-70D2-4569-B28D-3AB07D9DFDF0}] => (Allow) D:\Online\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{4542032B-5DF6-481F-B840-D8E542C38410}] => (Allow) D:\Online\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{140CBF30-8544-4546-8509-253AD86E733C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{62225F6D-CBC5-435A-972B-0CCC1379EF1D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7242582E-3CA2-4587-9733-808C451BDA37}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A24D3C1C-AA34-4196-8074-C687BC3C7612}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F37C0016-C61B-4232-B675-F7B20D7D51C8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BB13CD6C-A49C-4F82-B27E-81451B26BC31}] => (Allow) D:\Online\Steam\steamapps\common\Blender\blender.exe
FirewallRules: [{DE5BD6F2-D808-4DA2-9B96-DCCC4B3CC940}] => (Allow) D:\Online\Steam\steamapps\common\Blender\blender.exe
FirewallRules: [TCP Query User{5288E62B-7599-4D1A-8158-CCFEA233C3FD}D:\online\steam\steamapps\common\dawn\dawn\binaries\win64\dawn-win64-shipping.exe] => (Allow) D:\online\steam\steamapps\common\dawn\dawn\binaries\win64\dawn-win64-shipping.exe
FirewallRules: [UDP Query User{19218145-A56C-4F5B-9742-A3FAE961390E}D:\online\steam\steamapps\common\dawn\dawn\binaries\win64\dawn-win64-shipping.exe] => (Allow) D:\online\steam\steamapps\common\dawn\dawn\binaries\win64\dawn-win64-shipping.exe
FirewallRules: [TCP Query User{5DD5FDE1-5B0C-4D56-80BD-41BA0C8559BB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{27D142C4-3320-4DB8-B5A7-6FE562122F05}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{3CFCD2AC-414C-4387-AE25-460627FBCA95}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{50ABA6CA-4037-4920-8D0F-B0F8004FBB3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8CA6AEB1-850C-4175-87BC-E4E5CD4D3661}D:\online\ros\ros.exe] => (Allow) D:\online\ros\ros.exe
FirewallRules: [UDP Query User{8A0079B6-92A5-419F-8597-D9C0B3A548C5}D:\online\ros\ros.exe] => (Allow) D:\online\ros\ros.exe
FirewallRules: [TCP Query User{44E68D57-4A12-42D6-85FE-8B1B6E1E4490}D:\online\ros\ccmini\ccmini.exe] => (Allow) D:\online\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{FB05F9F6-A452-463D-844F-66FC15324E7C}D:\online\ros\ccmini\ccmini.exe] => (Allow) D:\online\ros\ccmini\ccmini.exe
FirewallRules: [{728EC9D5-BD95-43F8-8B4F-3AC142765C7C}] => (Block) D:\online\ros\ccmini\ccmini.exe
FirewallRules: [{72CA8024-8068-42D2-977E-0470C2A9881C}] => (Block) D:\online\ros\ccmini\ccmini.exe
FirewallRules: [{42638CB1-95A2-41A2-BC67-F46A80731E69}] => (Allow) D:\Program Files\Nox\bin\Nox.exe
FirewallRules: [{1A142B19-91C7-4136-A47B-57BAA3977FD0}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [TCP Query User{5F122C91-6862-4227-B639-2DF3A740B39A}D:\online\epicgames\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\online\epicgames\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{346BE457-0568-4753-959F-429807F99EAD}D:\online\epicgames\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\online\epicgames\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{CAAE7BFB-36C5-4F0A-8CD5-7847065527E1}] => (Block) D:\online\epicgames\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{A24FF4EF-1A94-41E3-949F-020E50180EA0}] => (Block) D:\online\epicgames\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{34C792D1-84D3-43CA-B518-18164F86ADE3}D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{0EC4EBA8-871F-429E-BE8A-23F926F646A8}D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{F106B9F1-1716-4DF5-97AC-8E1FF24F4543}] => (Block) D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{A7B706BC-0DC4-4705-A5A0-9FB08D0763A9}] => (Block) D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{26179EA2-522C-4B1F-A144-4943881BB7F5}D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{6D4B7614-5D55-486C-805E-552F0B8BBBFC}D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{BF8BBD93-C202-4351-A1EF-75437B14C178}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{945EFE64-9C5A-4067-B6A1-6654A46953D9}] => (Allow) C:\Users\Abdal\AppData\Roaming\aWDyDl.exe
FirewallRules: [{EAE8E10F-015F-4C31-9D1D-E31B785EA957}] => (Allow) C:\Windows\SysWOW64\UAahcuIVUAmy.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{E916293A-02EC-459B-918B-3BA4CD4260D9}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{CCA3D7EE-B4F0-47A3-B955-3716A491DD8E}] => (Allow) D:\Online\Steam\steamapps\common\Horizon Source\GameClient.exe
FirewallRules: [{F6F9F198-961D-4490-BC81-2E3714FE7D58}] => (Allow) D:\Online\Steam\steamapps\common\Horizon Source\GameClient.exe
FirewallRules: [{3A3E33D1-5486-448D-A1B5-025E0C2E8166}] => (Allow) D:\Online\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [{8E180190-7AB4-4AAB-B821-D2B2FC1C15D6}] => (Allow) D:\Online\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [{B3E4A8B2-47D8-47C9-A3F2-51747385384B}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\gxxsvc.exe
FirewallRules: [{0D82189C-B6D7-4F80-905A-5E62E24C9089}] => (Allow) D:\Online\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{73F87BE5-843B-4338-9BE4-70C129181317}] => (Allow) D:\Online\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{824BC925-C29A-4C27-891B-075D58EE0F66}] => (Allow) D:\Online\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{49359EBD-64C8-4FC8-BE47-4EAF7318C77B}] => (Allow) D:\Online\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter #2
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2018 05:12:24 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (04/13/2018 05:12:24 PM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac.mdf for file number 1.  OS error: 2(The system cannot find the file specified.).

Error: (04/13/2018 05:12:24 PM) (Source: MSSQLSERVER) (EventID: 9954) (User: )
Description: SQL Server failed to communicate with filter daemon launch service  (OS error: The specified service does not exist as an installed service.
). Full-Text filter daemon process failed to start. Full-text search functionality will not be available.

Error: (04/12/2018 08:17:05 AM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (04/12/2018 08:17:05 AM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac.mdf for file number 1.  OS error: 2(The system cannot find the file specified.).

Error: (04/12/2018 08:17:05 AM) (Source: MSSQLSERVER) (EventID: 9954) (User: )
Description: SQL Server failed to communicate with filter daemon launch service  (OS error: The specified service does not exist as an installed service.
). Full-Text filter daemon process failed to start. Full-text search functionality will not be available.

Error: (04/12/2018 08:09:20 AM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (04/12/2018 08:09:20 AM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac.mdf for file number 1.  OS error: 2(The system cannot find the file specified.).


System errors:
=============
Error: (04/13/2018 05:39:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/13/2018 05:14:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: 2018-04 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4093112).

Error: (04/13/2018 05:11:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lenovo OKO Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/13/2018 05:11:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo OKO Service service to connect.

Error: (04/13/2018 05:11:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/13/2018 05:11:17 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS

Error: (04/13/2018 05:04:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSASTELEMETRY service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/13/2018 05:04:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSSQLSERVER service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2017-12-25 22:21:45.547
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
ID: 2147714384
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Abdal\Downloads\Compressed\phoenixcoin-win64-0.6.6.1.zip
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Signature Version: AV: 1.259.736.0, AS: 1.259.736.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-25 22:21:44.343
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vigorf.A&threatid=2147714384&enterprise=0
Name: Trojan:Win32/Vigorf.A
ID: 2147714384
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Abdal\Downloads\Compressed\phoenixcoin-win64-0.6.6.1.zip
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.259.736.0, AS: 1.259.736.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-25 22:21:43.819
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\Abdal\Downloads\Compressed\phoenixcoin-win64-0.6.6.1.zip;file:_C:\Users\Abdal\Downloads\Compressed\phoenixcoin-win64-0.6.6.1.zip->Phoenixcoin/phoenixcoin-qt.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.259.736.0, AS: 1.259.736.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-24 14:14:38.103
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0230D67F-5CB8-4F16-8A2D-CB3FDBD58146}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-12-24 01:00:19.890
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {60EFB4E5-BCC4-49A8-8D5E-D702E193CF7E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-12-14 12:48:26.299
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.254.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2017-12-14 12:48:26.299
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.254.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2017-12-14 12:48:26.299
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.254.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2017-12-10 13:18:28.590
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.112.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2017-12-10 13:18:28.590
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-04-11 01:05:46.904
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 00:44:27.236
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 00:44:27.123
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 00:44:25.678
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 00:44:25.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 00:37:33.515
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 00:30:52.556
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 00:30:51.034
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 8110.94 MB
Available physical RAM: 3752.12 MB
Total Virtual: 14254.94 MB
Available Virtual: 9398.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.17 GB) (Free:6.9 GB) NTFS
Drive d: () (Fixed) (Total:390.62 GB) (Free:46.94 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:58.83 GB) NTFS

\\?\Volume{23680329-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 23680329)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 PM

Posted 13 April 2018 - 07:35 PM

Hi

Welcome :)

Sorry for the delay. I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
 

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

Reviewing your logs I don't see any major problems.

  • Highlight the entire content of the quote box below.
Start::  
FirewallRules: [{723D5335-FEB2-493D-9CE8-6ADA2D50245E}] => (Allow) LPort=12292
FirewallRules: [{B82FAE76-8851-4CCB-B921-0B298A7AAE63}] => (Allow) LPort=8318
FirewallRules: [{C525CAB3-8E51-4533-BB16-B69E489FC82A}] => (Allow) LPort=42474
FirewallRules: [{53F036C4-8B79-45AA-8C95-6FB996AE8F7D}] => (Allow) LPort=42474
FirewallRules: [{13B2F8AB-FFAA-47C7-8239-A50B4D1067AD}] => (Allow) LPort=42474
FirewallRules: [{B5AC961D-6B45-46C8-A142-920F9E610A50}] => (Allow) LPort=42474
Task: {5F98BEE1-F8A7-48DC-8F6A-A201B6E998C6} - \Auslogics\Driver Updater\Start Driver Updater ?n Abdal logon -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {5F98BEE1-F8A7-48DC-8F6A-A201B6E998C6} - \Auslogics\Driver Updater\Start Driver Updater ?n Abdal logon -> No File <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
CMD: fltmc instances
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

 

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
  • Please copy and paste its contents in your next reply.

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

 

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

Edited by JSntgRvr, 13 April 2018 - 07:44 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 PM

Posted 13 April 2018 - 07:40 PM

Sorry. I edited my post above. Some information was missing.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 14 April 2018 - 10:25 AM

RogueKiller V12.12.12.0 (x64) [Apr  9 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Abdal [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/14/2018 13:48:54 (Duration : 01:18:15)

¤¤¤ Processes : 1 ¤¤¤
[VT.Detected] jswtrayutil.exe(11080) -- C:\Program Files (x86)\Jumpstart\jswtrayutil.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 8 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2939746906-1252596266-2071687770-1001\Software\eSupport.com -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2939746906-1252596266-2071687770-1001\Software\OCS -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2939746906-1252596266-2071687770-1001\Software\eSupport.com -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2939746906-1252596266-2071687770-1001\Software\OCS -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mikogo-Service (C:\Users\Abdal\AppData\Roaming\Mikogo\Mikogo-Service.exe) -> Deleted
[PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d23c9c53-90f4-4e09-9806-47324dc0f446} | NameServer : 1.1.1.1,1.0.0.1 ([AU][AU])  -> Replaced ()
[HJ.Hosts] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\services\Tcpip\Parameters | DataBasePath : %SystemRoot%\System32\drivers\  -> Replaced (%systemroot%\system32\drivers\etc)

¤¤¤ Tasks : 1 ¤¤¤
[PUP.HackTool|VT.Detected] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deleted

¤¤¤ Files : 5 ¤¤¤
[PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\Abdal\AppData\Roaming\Tencent -> Deleted
[PUP.Gen1][File] C:\Users\Abdal\AppData\Roaming\Tencent\Logs\TQMCenter.tlg -> Deleted
[PUP.Gen1][Folder] C:\Users\Abdal\AppData\Roaming\Tencent\Logs -> Deleted
[PUP.Gen1][Folder] C:\Users\Abdal\AppData\Roaming\Tencent\TXSSO\SSOTemp -> Deleted
[PUP.Gen1][Folder] C:\Users\Abdal\AppData\Roaming\Tencent\TXSSO -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Deleted
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk -> Deleted
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk -> Deleted
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk -> Deleted
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\AutoPico.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\installAll.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Groove -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLRegWOW.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Visio -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Lync -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\pkeyconfig-office.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\proplus.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\visio.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-bridge-office.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-root-bridge-test.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-root.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-stil.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Mondo -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\pkeyconfig-office.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Core -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Education\Education-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Education\Education-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Education -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-2-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-2-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Professional -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6\Business -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\pkeyconfig-embedded.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-VLBA-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-VLBA-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7\Embedded -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7\Professional -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Core -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreN\CoreN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreN\CoreN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\CoreN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage\CoreSingleLanguage-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage\CoreSingleLanguage-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN\EnterpriseN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN\EnterpriseN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Professional -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN\ProfessionalN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN\ProfessionalN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\Core -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\EmbeddedIndustry-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\EmbeddedIndustry-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\Professional -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\ServerDatacenter-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\ServerDatacenter-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard\ServerStandard-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard\ServerStandard-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\DM.bin -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\Cert.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\certELDI.pfx -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\OpenVPN.cer -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\tap-windows-9.21.0.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\UnInstallDriver.cmd -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\driver -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Error.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Information.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Question.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Warning.png -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\icons -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\KMSELDI.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\AutoPico.log -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\KMSELDI.log -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\Service_KMS.log -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\logs -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\AddExceptionsWD.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\AddExceptions_Defender.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\DisableSmartScreen.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\EnableSmartScreen.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\EnableSmartScreen.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Install_Service.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Install_Task.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Log.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\RemoveExceptionsWD.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Restore_Watermark.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Silent.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\scripts -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\Service_KMS.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\affirmative.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\begin.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\complete.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\diagnostic.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\enterauthorizationcode.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\incomingtransmission.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\inputfailed.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\inputok.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\processing.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\transfer.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\verified.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\warning.mp3 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\sounds -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Keys.txt -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\cache\cache.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows\cache -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\data.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\tokens.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\unins000.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\unins000.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\UninsHs.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\Vestris.ResourceLib.dll -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\WinDivert.dll -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\WinDivert.sys -> Deleted
[PUP.ModextTech][Folder] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable -> Deleted
[PUP.ModextTech][File] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon128.png -> Deleted
[PUP.ModextTech][File] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon16.png -> Deleted
[PUP.ModextTech][File] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon24.png -> Deleted
[PUP.ModextTech][File] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon32.png -> Deleted
[PUP.ModextTech][Folder] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon -> Deleted
[PUP.ModextTech][File] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js\background.js -> Deleted
[PUP.ModextTech][Folder] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js -> Deleted
[PUP.ModextTech][File] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\manifest.json -> Deleted
[PUP.ModextTech][Folder] C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPCX-24UE4T0 +++++
--- User ---
[MBR] 0d103c439f657c023369e82c00914603
[BSP] 5ecf9c0e87ed10147ce9c201ff19007f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 99499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204800000 | Size: 400000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024000000 | Size: 453868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
#--------------------------------
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-11.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-14-2018
# Duration: 00:00:09
# OS:       Windows 10 Pro
# Cleaned:  3
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Classes\INETCTLS.INET

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########



#8 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 14 April 2018 - 11:41 AM

But i find that services are so weird
zv4TImO.png

uX125Je.png

KR3okIj.png

JOzsSbV.png

s9ulWlU.png



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 PM

Posted 14 April 2018 - 03:09 PM

These are legit Windows services. Provides applications access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, applications that use this data might not work correctly.

 

The number or letters next to the service name, are the user's registry settings. These numbers and letters serve to identify the specific user that is logged in the computer.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 PM

Posted 17 April 2018 - 01:56 PM

How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 21 April 2018 - 12:51 PM

How is it doing?

after a while i got the same thing again

the empty null process that uses my cpu

sXtK4aV.png

 

using words to search online for adware or trying to run adware or malware-bytes instant close

GoogleChrome now keeps popup (while it's not the default browser) showing random ads / website



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 PM

Posted 21 April 2018 - 04:47 PM

Please re-scan with FRST and post the reports.

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 April 2018 - 10:15 AM

 

Please re-scan with FRST and post the reports.

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Abdal (administrator) on DESKTOP-MD9A7SQ (23-04-2018 17:10:21)
Running from C:\Users\Abdal\Downloads\Programs
Loaded Profiles: Abdal & SSASTELEMETRY & SQLTELEMETRY & MSSQLServerOLAPService & MSSQLSERVER (Available Profiles: Abdal & SSASTELEMETRY & SQLTELEMETRY & MSSQLServerOLAPService & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\bin\sqlceip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\fdhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswtrayutil.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\gxxsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Users\Abdal\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileCoAuth.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2018-01-10] ()
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [605992 2015-01-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-14] (Realtek Semiconductor)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2018-01-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [Win10PDF] => C:\Program Files\PDF Printer for Windows 10\PDF.exe [484352 2014-10-13] (Vivid Document Imaging Technologies)
HKLM-x32\...\Run: [FxSound Enhancer] => C:\Program Files (x86)\DFX\dfx.exe [1696248 2018-03-09] ()
HKLM-x32\...\Run: [XPE] => C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe [28672 2015-08-21] (XPExplorer.com - 2015)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [BitTorrent] => C:\Users\Abdal\AppData\Roaming\BitTorrent\BitTorrent.exe [2151616 2018-03-01] (BitTorrent Inc.)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-16] (Tonec Inc.)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Screenleap] => C:\Users\Abdal\AppData\Local\Screenleap\Screenleap.exe [10140136 2018-01-10] (Screenleap, Inc.)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Mikogo] => C:\Users\Abdal\AppData\Roaming\Mikogo\Mikogo-host.exe [7827784 2017-10-13] (BeamYourScreen GmbH)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799880 2017-10-30] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2017-09-06] (Voobly)
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\MountPoints2: {d13e5ef6-dd48-11e7-95a6-e4f89ce10905} - "K:\SISetup.exe"
Startup: C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2018-02-08]
ShortcutTarget: GameRanger.lnk -> C:\Users\Abdal\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2018-01-22]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{531c56d8-0fc4-4a37-b7bf-d1dd43227539}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{583a3f12-176d-4009-a129-b504de9b238c}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5ef4c2b5-22ec-4173-9702-382a347e4922}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7ddbdef2-eadc-44b3-9099-ef280db4a1b3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{d23c9c53-90f4-4e09-9806-47324dc0f446}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BC82791FF-5B12-4EEA-9C75-441CDDD45257%7D&gp=811142
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-04-14] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-14] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-01] (Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1518911704128
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default [2018-04-23]
FF Extension: (Hoxx VPN Proxy) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\@hoxx-vpn.xpi [2018-04-08]
FF Extension: (WebRTC Leak Shield) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\@webrtc-leak-shield.xpi [2018-04-08]
FF Extension: (Avira Browser Safety) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\abs@avira.com.xpi [2018-03-25]
FF Extension: (Adblock Plus) - C:\Users\Abdal\AppData\Roaming\Mozilla\Firefox\Profiles\6O69VsWQ.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-21]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-04-14] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Legacy]
FF HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Abdal\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Abdal\AppData\Roaming\IDM\idmmzcc5 [2018-04-23] [Legacy] [not signed]
FF HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2018-01-24] (Nitro Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-07-13] (Red Software)

Chrome:
=======
CHR HomePage: Default -> inline.go.mail.ru
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.23
CHR DefaultSearchKeyword: Default -> inline.go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default [2018-04-23]
CHR Extension: (Slides) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-21]
CHR Extension: (Docs) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-21]
CHR Extension: (Google Drive) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-21]
CHR Extension: (Skip shorte.st ads) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhgkdnnlhmefhnkfilcaaibapeepkfok [2018-04-05]
CHR Extension: (Mail.Ru) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2018-04-21]
CHR Extension: (YouTube) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-21]
CHR Extension: (Avira Password Manager) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-04-17]
CHR Extension: (Adblock Plus) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-21]
CHR Extension: (Allavsoft video downloader converter) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhancbnhabhandieicagelcddkdfgoif [2018-04-05]
CHR Extension: (Tampermonkey) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-04-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-05]
CHR Extension: (ARC Welder) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2018-04-05]
CHR Extension: (minerBlock) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2018-04-17]
CHR Extension: (EverWing Hacks) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbingkbgnhkfpmffjiekekmedohpmfef [2018-04-05]
CHR Extension: (Full Page Screen Capture) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-04-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-21]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2018-04-21]
CHR Extension: (IE Tab) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2018-04-21]
CHR Extension: (Sound Volume Booster that works! Bass audio!) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflaogbiblbidhaogjjagjpjcflipklo [2018-04-05]
CHR Extension: (InstaG Downloader) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-04-05]
CHR Extension: (Bigasoft Video Downloader Pro) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnkpjikgipojkofgjjkfgdhfanggcdm [2018-04-05]
CHR Extension: (Popup Blocker Pro) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-04-17]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhemechcanjmilllmccjbjldonmnnjjj [2018-04-21]
CHR Extension: (Kaspersky Protection) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-04-17]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2018-04-05]
CHR Extension: (IDM Integration Module) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (AdSkipper) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2018-04-05]
CHR Extension: (Swimbi - CSS Menu Maker) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifipbbfaomegkfhpdbopinkndcdmaop [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Abdal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-05]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.15.4.6594\BVDChromeExt.crx [2018-01-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.15.3.6535\BVDChromeExt.crx [2018-01-10]
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"iaLPSS2i_GPIO2_BXT_P" => service was unlocked. <==== ATTENTION
"iaLPSS2i_I2C_BXT_P" => service was unlocked. <==== ATTENTION

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S4 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atiesrxx.exe [481768 2018-03-23] (AMD)
S4 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-04-11] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-12-31] (Microsoft Corporation)
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [232528 2017-08-31] (CyberGhost S.A.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
S4 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-04-14] (EasyAntiCheat Ltd)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S4 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191000 2015-01-27] (Lenovo) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\gxxsvc.exe [319296 2018-04-04] (Garena Online )
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [183480 2017-08-10] (Intel Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)
S4 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68336 2018-03-02] (Lenovo Group Limited)
S4 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-04-14] (AO Kaspersky Lab)
S4 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S4 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2720040 2015-01-30] (Lenovo(beijing) Limited)
S4 LHDeleteOnRestartSvc; C:\Program Files\LockHunter\LHService.exe [1219168 2017-07-20] (Crystal Rich Ltd)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [60592 2017-08-22] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation)
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
S4 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [356648 2015-01-30] (Lenovo(beijing) Limited)
S4 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2343728 2017-07-13] (Red Software)
S4 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [757552 2017-07-13] (Red Software)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-09-14] (Realtek Semiconductor)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-30] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-30] (Microsoft Corporation)
S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5255104 2018-01-22] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation)
R2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)
R2 SSASTELEMETRY; C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\Bin\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-12-05] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH) [File not signed]
S4 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
S4 Win10PDFPrinting; C:\Program Files\PDF Printer for Windows 10\win10PDFPrinting.exe [514048 2014-10-13] (Vivid Document Imaging Technologies) [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-12] (Windscribe Limited)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S3 Intel® SUR QC SAM; "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [X]
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS14.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmdag.sys [41595872 2018-03-23] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmpag.sys [546280 2018-03-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [98848 2017-11-03] (Advanced Micro Devices, Inc.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [53488 2017-12-22] (IVT Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R3 cykbfltrService; C:\Windows\system32\DRIVERS\cykbfltr.sys [19968 2015-06-24] (Cypress Semiconductor, Inc.)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [39048 2017-06-19] (Windows ® Win 7 DDK provider)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [33320 2018-03-25] (ELAN Microelectronic Corp.)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2015-01-27] (Windows ® Win 7 DDK provider) [File not signed]
S3 GMLXDFltr01; C:\Windows\system32\drivers\GMLXDFltr01.sys [19488 2016-10-27] (LXD Development, Inc.)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed]
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed]
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed]
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44648 2015-09-18] (AnchorFree Inc.)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [232976 2017-08-10] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2018-04-14] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [120008 2018-04-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [207576 2018-04-14] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [594144 2018-04-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1055944 2018-04-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-04-14] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-08-15] (AO Kaspersky Lab)
R3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-04-14] (AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2018-04-14] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252600 2018-04-14] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [107656 2018-04-14] (AO Kaspersky Lab)
S3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [174664 2018-04-14] (AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [93888 2018-04-14] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [135904 2018-04-14] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2018-04-14] (AO Kaspersky Lab)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [38216 2017-12-10] (SoftEther Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3526392 2017-04-19] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S4 RsFx0500; C:\Windows\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1026896 2018-01-25] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [424384 2018-02-27] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-08-30] (Realtek Semiconductor Corp.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-30] (Sandboxie Holdings, LLC)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-11] () [File not signed]
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51024 2018-01-22] (SoftEther Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [45024 2018-01-05] (The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2017-09-13] (The OpenVPN Project)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1143400 2018-04-17] (TENCENT)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-04-21] ()
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [50224 2017-08-21] (USBPcap)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2018-03-16] (Microsoft Corporation)
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [57976 2017-04-06] (Shaul Eizikovich)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2018-03-27] (BigNox Corporation)
S3 taphss6; \SystemRoot\System32\drivers\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-21 19:58 - 2018-04-21 19:58 - 000799790 ____N C:\Windows\Minidump\042118-92781-01.dmp
2018-04-21 00:26 - 2018-04-21 00:26 - 000003910 _____ C:\Windows\System32\Tasks\{A4868951-1ED3-CB4F-0679-660CA04102AB}
2018-04-21 00:26 - 2018-04-21 00:26 - 000003766 _____ C:\Windows\System32\Tasks\{B7A3252A-FB84-9B70-FCD5-67A07442DD1A}
2018-04-21 00:26 - 2018-04-21 00:26 - 000003594 _____ C:\Windows\System32\Tasks\{5AB2BBCC-22B1-FACC-36D3-162889AE9C17}
2018-04-21 00:26 - 2018-04-21 00:26 - 000000002 _____ C:\Users\Abdal\AppData\Local\WMI.ini
2018-04-21 00:09 - 2018-04-21 00:10 - 015464029 _____ C:\Users\Abdal\Downloads\vcA2.rar
2018-04-18 02:38 - 2018-04-18 02:38 - 000000000 ____D C:\ProgramData\Riot Games
2018-04-18 02:37 - 2018-04-18 02:37 - 000000665 _____ C:\Users\Public\Desktop\League of Legends.lnk
2018-04-18 02:37 - 2018-04-18 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-04-18 02:37 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-04-18 02:37 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-04-18 02:37 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-04-18 02:29 - 2018-04-18 02:36 - 078839816 _____ (Riot Games, Inc) C:\Users\Abdal\Downloads\League of Legends installer EUNE.exe
2018-04-17 16:21 - 2018-04-17 16:21 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Google
2018-04-17 16:20 - 2018-04-17 16:20 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-17 16:20 - 2018-04-17 16:20 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-17 16:16 - 2018-04-17 16:16 - 001129816 _____ (Google Inc.) C:\Users\Abdal\Downloads\ChromeSetup.exe
2018-04-17 16:16 - 2018-04-17 16:16 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-17 16:16 - 2018-04-17 16:16 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-17 16:14 - 2018-04-17 16:15 - 015482814 _____ C:\Users\Abdal\Downloads\bQYsVFcVv9V.rar
2018-04-17 16:14 - 2018-04-17 16:15 - 001723064 _____ C:\Users\Abdal\Downloads\التطبيق السادس كامل.pdf
2018-04-17 16:12 - 2018-04-17 16:12 - 002605328 _____ C:\Users\Abdal\Downloads\الشيت الاول.pdf
2018-04-16 21:49 - 2018-04-16 21:49 - 001315790 _____ C:\Users\Abdal\Downloads\Hack RoE Pro Cit 6.0.rar
2018-04-16 21:28 - 2018-04-16 21:28 - 000358008 _____ C:\Users\Abdal\Downloads\9.43 Public.zip
2018-04-16 21:26 - 2018-04-16 21:26 - 000003484 _____ C:\Windows\System32\Tasks\gxx speed launcher
2018-04-16 01:32 - 2018-04-16 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive
2018-04-15 10:41 - 2018-04-15 10:41 - 000000000 ____D C:\Users\Abdal\AppData\Local\HirezLauncherUI
2018-04-15 09:58 - 2018-04-15 11:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2018-04-15 09:58 - 2018-04-15 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2018-04-14 21:50 - 2018-04-14 21:52 - 014572000 _____ (Microsoft Corporation) C:\Users\Abdal\Downloads\vc_redist.x64(1).exe
2018-04-14 21:50 - 2018-04-14 21:52 - 013767776 _____ (Microsoft Corporation) C:\Users\Abdal\Downloads\vc_redist.x86(1).exe
2018-04-14 21:22 - 2018-04-14 21:26 - 015222904 _____ (Microsoft Corporation) C:\Users\Abdal\Downloads\VC_redist.x64.exe
2018-04-14 21:22 - 2018-04-14 21:26 - 014426128 _____ (Microsoft Corporation) C:\Users\Abdal\Downloads\VC_redist.x86.exe
2018-04-14 20:58 - 2018-04-14 20:58 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-14 20:58 - 2018-04-14 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-14 20:58 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-14 20:42 - 2018-04-14 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2018-04-14 20:42 - 2018-04-14 20:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2018-04-14 20:26 - 2018-04-22 14:18 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-14 20:26 - 2018-04-14 20:26 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-14 20:06 - 2018-04-14 20:15 - 000000000 ____D C:\ProgramData\UCheck
2018-04-14 20:06 - 2018-04-14 20:06 - 000000837 _____ C:\Users\Public\Desktop\UCheck.lnk
2018-04-14 20:06 - 2018-04-14 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-04-14 20:06 - 2018-04-14 20:06 - 000000000 ____D C:\Program Files\UCheck
2018-04-14 20:03 - 2018-04-14 20:04 - 007197480 _____ (VS Revo Group ) C:\Users\Abdal\Downloads\revosetup.exe
2018-04-14 19:58 - 2018-04-14 20:05 - 021014120 _____ (Adlice Software ) C:\Users\Abdal\Downloads\UCheck_setup.exe
2018-04-14 19:10 - 2018-04-14 19:11 - 000000414 _____ C:\Users\Abdal\Downloads\exehelperlog.txt
2018-04-14 19:10 - 2018-04-14 19:10 - 000294400 _____ C:\Users\Abdal\Downloads\exeHelper.com
2018-04-14 18:34 - 2018-04-14 18:34 - 000000000 ___HD C:\OneDriveTemp
2018-04-14 15:52 - 2018-04-14 15:53 - 007256272 _____ (Malwarebytes) C:\Users\Abdal\Downloads\adwcleaner_7.1.0.0.exe
2018-04-14 13:48 - 2018-04-21 20:02 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-14 13:48 - 2018-04-14 15:48 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-14 13:48 - 2018-04-14 13:48 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-14 13:48 - 2018-04-14 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-14 13:48 - 2018-04-14 13:48 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-14 13:43 - 2018-04-14 13:47 - 036606712 _____ (Adlice Software ) C:\Users\Abdal\Downloads\setup.exe
2018-04-14 01:52 - 2018-04-14 01:52 - 000252600 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2018-04-14 01:51 - 2018-04-14 18:31 - 000001504 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-04-14 01:51 - 2018-04-14 18:29 - 000002289 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2018-04-14 01:51 - 2018-04-14 01:51 - 000231312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2018-04-14 01:51 - 2018-04-14 01:51 - 000174664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2018-04-14 01:51 - 2018-04-14 01:51 - 000107656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2018-04-14 01:51 - 2018-04-14 01:51 - 000087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2018-04-14 01:51 - 2018-04-14 01:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-04-14 01:51 - 2018-04-14 01:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-04-14 01:51 - 2018-04-14 01:51 - 000000000 ____D C:\Program Files\Common Files\AV
2018-04-14 01:50 - 2018-04-14 23:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-14 01:50 - 2018-04-14 01:54 - 001055944 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-04-14 01:50 - 2018-04-14 01:54 - 000594144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-04-14 01:50 - 2018-04-14 01:54 - 000207576 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-04-14 01:50 - 2018-04-14 01:54 - 000149304 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-04-14 01:50 - 2018-04-14 01:51 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-04-14 01:50 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2018-04-14 01:30 - 2018-04-14 01:30 - 002408496 _____ (Kaspersky Lab) C:\Users\Abdal\Downloads\kfa18.0.0.405aben_ar_13150.exe
2018-04-14 01:17 - 2018-04-14 01:18 - 015480425 _____ C:\Users\Abdal\Downloads\OJI.rar
2018-04-14 00:20 - 2018-04-14 01:16 - 000006074 _____ C:\Users\Abdal\Downloads\WEW8Xt3iri3m.rar
2018-04-13 18:25 - 2018-04-13 18:25 - 000001628 _____ C:\Users\Abdal\Desktop\JRT.txt
2018-04-13 18:22 - 2018-04-13 18:22 - 000000016 _____ C:\ProgramData\mntemp
2018-04-13 18:18 - 2018-04-13 18:18 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Abdal\Downloads\rkill64.exe
2018-04-13 18:15 - 2018-04-13 18:15 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Abdal\Downloads\rkill.exe
2018-04-13 18:15 - 2018-04-13 18:15 - 001790024 _____ (Malwarebytes) C:\Users\Abdal\Downloads\JRT.exe
2018-04-13 18:04 - 2018-04-16 21:50 - 001446427 _____ C:\Users\Abdal\Downloads\getservices.zip
2018-04-13 18:04 - 2018-04-13 18:04 - 000000000 _____ C:\Users\Abdal\Downloads\getservice.txt
2018-04-13 17:55 - 2018-04-13 17:55 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Macromedia
2018-04-12 18:28 - 2018-04-21 00:28 - 000007606 _____ C:\Users\Abdal\AppData\Local\Resmon.ResmonCfg
2018-04-12 05:12 - 2018-04-21 00:26 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-04-11 22:53 - 2018-04-11 22:53 - 000000000 __SHD C:\ProgramData\FileItem
2018-04-11 16:35 - 2018-04-14 01:18 - 000000000 ____D C:\Users\Abdal\Downloads\BlackSquadMacrosV1_mpgh.net
2018-04-11 16:35 - 2018-04-11 16:35 - 000472476 _____ C:\Users\Abdal\Downloads\BlackSquadMacrosV1_mpgh.net.rar
2018-04-11 14:29 - 2018-04-11 14:29 - 000000000 ____D C:\ProgramData\LHService
2018-04-11 14:27 - 2018-04-11 14:27 - 000237378 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-04-11 14:26 - 2018-04-11 14:26 - 000000000 ____D C:\ProgramData\LockHunter
2018-04-11 14:18 - 2018-04-11 14:18 - 000077824 _____ C:\Users\Abdal\Downloads\BERCon.exe
2018-04-11 13:21 - 2018-04-11 13:21 - 000000000 ___DL C:\Users\Abdal\OneDrive\Documents\BlackSquad
2018-04-11 02:36 - 2018-04-11 02:36 - 000190976 _____ C:\Windows\vitbo.dll
2018-04-11 01:05 - 2018-04-11 01:05 - 000000000 _____ C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2018-04-11 01:05 - 2018-03-13 17:17 - 000440512 _____ (COMODO) C:\ProgramData\cmdres.dll
2018-04-10 23:37 - 2018-04-22 01:19 - 000000000 ____D C:\Windows\CbsTemp
2018-04-10 19:34 - 2018-04-10 19:34 - 000000000 ____D C:\Users\Abdal\Downloads\New folder
2018-04-10 19:29 - 2018-04-10 19:29 - 001349632 _____ C:\Users\Abdal\Downloads\3809.iso
2018-04-10 12:40 - 2018-04-10 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2018-04-10 12:40 - 2018-04-10 12:40 - 000000000 ____D C:\Program Files\Process Hacker 2
2018-04-09 20:08 - 2018-04-09 20:08 - 000000000 ____D C:\Garena
2018-04-09 20:03 - 2018-04-09 20:04 - 000000955 _____ C:\Windows\system32\default_error_stack-000011-000000.txt
2018-04-09 20:03 - 2018-04-09 20:03 - 000436344 _____ C:\Windows\system32\esrv_svc_2.1.0.3413_fc7b66f4-400b-4729-9eb1-8d65b28b4768_2018-04-09p18-03-26-608.dmp
2018-04-09 19:10 - 2018-04-09 19:11 - 000000000 ____D C:\Program Files\Recuva
2018-04-09 19:10 - 2018-04-09 19:10 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-04-09 19:10 - 2018-04-09 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-04-09 19:09 - 2018-04-09 19:10 - 005562976 _____ (Piriform Ltd) C:\Users\Abdal\Downloads\rcsetup153.exe
2018-04-09 18:10 - 2018-04-09 18:10 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Process Hacker 2
2018-04-09 17:28 - 2018-04-09 17:29 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\32230396.sys
2018-04-09 17:26 - 2018-04-09 18:18 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-09 17:22 - 2018-04-09 17:25 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Abdal\Downloads\mbar-1.10.3.1001.exe
2018-04-09 17:21 - 2018-04-09 17:22 - 008222496 _____ (Malwarebytes) C:\Users\Abdal\Downloads\adwcleaner_7.0.8.0.exe
2018-04-09 16:41 - 2018-04-09 16:41 - 000008507 _____ C:\Users\Abdal\Downloads\fixlist.txt
2018-04-09 15:27 - 2018-04-23 17:10 - 000000000 ____D C:\FRST
2018-04-09 13:31 - 2018-04-17 15:06 - 001143400 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2018-04-09 03:59 - 2018-04-09 14:31 - 000001205 _____ C:\Users\Public\Desktop\Garena.lnk
2018-04-09 03:59 - 2018-04-09 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2018-04-09 03:58 - 2018-04-09 03:58 - 000000000 ____D C:\ProgramData\Garena
2018-04-09 03:58 - 2018-04-09 03:58 - 000000000 ____D C:\Program Files (x86)\Garena
2018-04-08 15:55 - 2018-04-08 16:03 - 000000000 ____D C:\Users\Abdal\AppData\Local\FreeReign
2018-04-08 15:55 - 2018-04-08 15:56 - 000000000 ___DL C:\Users\Abdal\OneDrive\Documents\FreeReign
2018-04-08 15:55 - 2018-04-08 15:55 - 000000000 ____D C:\Users\Abdal\AppData\Local\CrashRpt
2018-04-08 03:43 - 2018-04-08 03:43 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar Hide
2018-04-08 03:43 - 2018-04-08 03:43 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Eusing
2018-04-08 03:43 - 2018-04-08 03:43 - 000000000 ____D C:\Program Files (x86)\Taskbar Hide
2018-04-08 03:30 - 2018-04-08 03:31 - 000894561 _____ C:\Users\Abdal\Downloads\THSetup.exe
2018-04-07 21:48 - 2018-04-07 21:48 - 005112480 _____ (Husdawg, LLC) C:\Users\Abdal\Downloads\Detection.exe
2018-04-06 04:13 - 2018-04-06 04:15 - 009774670 _____ C:\Users\Abdal\Downloads\Fortnite FPS increase Pack By Panj.zip
2018-04-06 04:03 - 2018-04-06 04:06 - 000437434 _____ C:\TDSSKiller.2.8.16.0_06.04.2018_04.03.33_log.txt
2018-04-06 04:03 - 2018-04-06 04:03 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\45768521.sys
2018-04-06 03:14 - 2018-04-21 19:58 - 000000000 ____D C:\Windows\Minidump
2018-04-06 02:49 - 2018-03-25 22:19 - 000033320 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2018-04-06 02:49 - 2018-03-16 02:45 - 003938264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsDMFT64.dll
2018-04-06 02:49 - 2018-01-31 18:50 - 000227456 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
2018-04-06 02:49 - 2017-12-22 01:43 - 000053488 _____ (IVT Corporation.) C:\Windows\system32\Drivers\btcusb.sys
2018-04-06 02:49 - 2017-12-22 01:43 - 000038880 _____ (IVT Corporation.) C:\Windows\system32\btinstall.dll
2018-04-06 02:49 - 2017-11-03 09:13 - 000098848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2018-04-06 02:49 - 2017-10-17 11:06 - 000039504 _____ (Intel Corporation) C:\Windows\system32\Drivers\ICCWDT.sys
2018-04-06 02:49 - 2016-10-27 16:52 - 000019488 _____ (LXD Development, Inc.) C:\Windows\system32\Drivers\GMLXDFltr01.sys
2018-04-06 02:49 - 2016-07-14 02:40 - 009891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2018-04-06 02:49 - 2015-06-24 17:39 - 000019968 _____ (Cypress Semiconductor, Inc.) C:\Windows\system32\Drivers\cykbfltr.sys
2018-04-06 01:20 - 2018-04-06 01:20 - 000000072 ___SH C:\bootTel.dat
2018-04-06 01:15 - 2018-04-06 01:15 - 000003200 _____ C:\Windows\ntbtlog.txt
2018-04-06 00:57 - 2018-04-09 17:29 - 000000000 ____D C:\ProgramData\BSD
2018-04-05 23:54 - 2018-04-05 23:55 - 009183528 _____ (Smart Game Booster ) C:\Users\Abdal\Downloads\Smart_Game_Booster_setup.exe
2018-04-05 23:50 - 2018-04-05 23:50 - 000327168 _____ (WZT) C:\Users\Abdal\Downloads\DWS.exe
2018-04-05 23:50 - 2018-04-05 23:50 - 000327168 _____ (WZT) C:\Users\Abdal\Downloads\DWS(1).exe
2018-04-05 23:40 - 2018-04-21 19:59 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-04-05 04:05 - 2018-04-21 20:42 - 000000000 ____D C:\Windows\pss
2018-04-05 03:11 - 2018-04-22 00:49 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2018-04-05 02:53 - 2018-04-14 20:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-05 02:49 - 2018-04-14 15:54 - 000000000 ____D C:\AdwCleaner
2018-04-05 02:36 - 2018-04-05 02:36 - 000014169 ____L C:\Users\Abdal\OneDrive\Documents\xxx.torrent
2018-04-05 02:33 - 2018-04-05 02:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-04-05 00:08 - 2018-04-05 02:29 - 000000000 ____D C:\AMD
2018-04-05 00:06 - 2018-04-05 00:08 - 025910000 _____ (AMD Inc.) C:\Users\Abdal\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
2018-04-04 23:59 - 2018-04-04 23:59 - 000000000 ____D C:\Program Files (x86)\XPE Windows 10 DPI Fix
2018-04-04 23:44 - 2018-04-14 13:39 - 000000008 __RSH C:\Users\Abdal\ntuser.pol
2018-04-04 23:06 - 2018-04-04 23:06 - 000004945 _____ C:\Windows\system32\default_error_stack-000010-000000.txt
2018-04-04 22:35 - 2018-04-04 22:35 - 000004943 _____ C:\Windows\system32\default_error_stack-000009-000000.txt
2018-04-04 22:04 - 2018-04-04 22:04 - 000004945 _____ C:\Windows\system32\default_error_stack-000008-000000.txt
2018-04-04 21:33 - 2018-04-04 21:33 - 000004945 _____ C:\Windows\system32\default_error_stack-000007-000000.txt
2018-04-04 21:06 - 2018-04-05 03:19 - 000000000 ____D C:\Program Files (x86)\fly
2018-04-04 21:02 - 2018-04-04 21:02 - 000004945 _____ C:\Windows\system32\default_error_stack-000006-000000.txt
2018-04-04 20:31 - 2018-04-04 20:31 - 000004945 _____ C:\Windows\system32\default_error_stack-000005-000000.txt
2018-04-04 20:00 - 2018-04-04 20:00 - 000004945 _____ C:\Windows\system32\default_error_stack-000004-000000.txt
2018-04-04 19:29 - 2018-04-04 19:29 - 000004945 _____ C:\Windows\system32\default_error_stack-000003-000000.txt
2018-04-04 18:59 - 2018-04-04 18:59 - 000004945 _____ C:\Windows\system32\default_error_stack-000002-000000.txt
2018-04-04 18:47 - 2018-04-04 18:47 - 000004945 _____ C:\Windows\system32\default_error_stack-000001-000000.txt
2018-04-04 18:08 - 2018-04-04 18:08 - 000004945 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2018-04-03 18:01 - 2018-04-03 18:04 - 000000000 ____D C:\Users\Abdal\AppData\Local\game-debate
2018-04-03 18:01 - 2018-04-03 18:01 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\SocialWebTechLTD
2018-04-03 18:01 - 2018-04-03 18:01 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GD Hardware Scan
2018-04-03 18:01 - 2018-04-03 18:01 - 000000000 ____D C:\Program Files (x86)\GD Hardware Scan
2018-03-30 14:04 - 2018-03-30 14:04 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-30 14:04 - 2018-03-29 20:02 - 000000239 ___SH C:\Users\Public\Libraries.ini
2018-03-30 13:58 - 2018-04-15 11:35 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\EasyAntiCheat
2018-03-30 13:58 - 2018-03-30 13:58 - 000000000 ____D C:\Users\Abdal\AppData\Local\FortniteGame
2018-03-30 13:58 - 2018-03-30 13:58 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-29 02:22 - 2018-04-16 14:34 - 000000999 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-03-29 02:22 - 2018-03-29 02:22 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-03-27 22:42 - 2018-03-27 22:42 - 000000000 ____D C:\Users\Abdal\AppData\Local\MultiPlayerManager
2018-03-27 20:54 - 2018-04-22 23:12 - 000000000 ____D C:\Users\Abdal\.BigNox
2018-03-27 20:54 - 2018-04-21 21:51 - 000000000 ____D C:\Users\Abdal\vmlogs
2018-03-27 20:54 - 2018-03-27 20:54 - 000000066 _____ C:\Users\Abdal\inittk.ini
2018-03-27 20:54 - 2018-03-27 20:54 - 000000045 _____ C:\Users\Abdal\nuuid.ini
2018-03-27 20:54 - 2018-03-27 20:54 - 000000041 _____ C:\Users\Abdal\inst.ini
2018-03-27 20:54 - 2018-03-27 20:54 - 000000000 ____D C:\Users\Abdal\Nox_share
2018-03-27 20:54 - 2018-03-27 20:54 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2018-03-27 20:53 - 2018-03-27 20:54 - 000000000 ____D C:\Program Files (x86)\Bignox
2018-03-27 20:19 - 2018-04-22 22:41 - 000000000 ____D C:\Users\Abdal\AppData\Local\Nox
2018-03-27 16:02 - 2018-03-27 16:03 - 000517404 _____ C:\Users\Abdal\Downloads\projectv3_0_5_1.zip
2018-03-27 15:55 - 2018-03-27 15:57 - 013764510 _____ C:\Users\Abdal\Downloads\FuRoS Loader v.1.147074.147265_ ( undetected 27.03.2018 ).rar
2018-03-26 08:19 - 2018-03-26 08:19 - 000007879 _____ C:\Users\Abdal\Downloads\PUBGM QuantumV1.0.0.lua
2018-03-25 02:07 - 2018-03-25 02:07 - 022723434 _____ C:\Users\Abdal\Downloads\Installer + CRACK Files.rar
2018-03-25 01:12 - 2018-04-21 00:27 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\CC
2018-03-25 00:47 - 2018-03-25 00:47 - 000000686 _____ C:\Users\Public\Desktop\Rules of Survival.lnk
2018-03-25 00:47 - 2018-03-25 00:47 - 000000686 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rules of Survival.lnk
2018-03-25 00:47 - 2018-03-25 00:47 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Netease
2018-03-25 00:05 - 2018-04-23 16:32 - 000000000 ____D C:\Users\Abdal\AppData\LocalLow\Mozilla
2018-03-25 00:05 - 2018-03-25 00:09 - 000000000 ____D C:\Users\Abdal\AppData\Local\Mozilla
2018-03-25 00:04 - 2018-04-05 23:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-25 00:04 - 2018-04-05 23:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 00:04 - 2018-04-05 23:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-25 00:04 - 2018-03-25 00:04 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-03-25 00:03 - 2018-03-25 00:06 - 000000000 ____D C:\Users\Abdal\Downloads\FIRE
2018-03-24 23:57 - 2018-03-25 00:03 - 039353920 _____ (Mozilla) C:\Users\Abdal\Downloads\Unconfirmed 402298.crdownload
2018-03-24 23:54 - 2018-03-24 23:54 - 000029273 _____ C:\Users\Abdal\Downloads\download.html

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-23 17:08 - 2017-12-10 01:25 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\DMCache
2018-04-23 16:41 - 2018-02-19 05:12 - 000000000 ____D C:\Users\Abdal\Downloads\Compressed
2018-04-23 16:35 - 2017-12-12 00:45 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-04-23 16:34 - 2018-01-17 00:57 - 000000000 ____D C:\ProgramData\Lenovo
2018-04-23 16:33 - 2017-12-07 11:59 - 002629920 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-23 16:33 - 2017-12-07 02:17 - 000000000 __RDL C:\Users\Abdal\OneDrive
2018-04-23 16:27 - 2017-12-07 11:49 - 005078192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-23 16:27 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2018-04-23 16:26 - 2017-12-07 11:49 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-23 16:24 - 2017-12-07 02:35 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-23 16:23 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-04-23 16:23 - 2017-09-29 15:46 - 000000000 ___SD C:\Windows\system32\F12
2018-04-23 16:23 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-23 16:23 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-04-23 16:17 - 2017-12-10 13:38 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2018-04-23 16:17 - 2017-09-29 10:45 - 000786432 _____ C:\Windows\system32\config\BBI
2018-04-23 16:13 - 2017-12-10 13:38 - 000000000 ____D C:\Users\MSSQLFDLauncher
2018-04-23 16:12 - 2017-12-07 11:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-04-22 11:35 - 2017-12-07 02:22 - 000000000 ___DL C:\Users\Abdal\OneDrive\Documents\Visual Studio 2013
2018-04-22 01:19 - 2017-09-29 15:41 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\telnet.exe
2018-04-21 21:52 - 2017-12-07 20:22 - 000000000 ____D C:\Users\Abdal\.android
2018-04-21 21:41 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-04-21 21:26 - 2017-12-10 13:38 - 000000000 ____D C:\Users\SSASTELEMETRY
2018-04-21 21:26 - 2017-12-10 13:38 - 000000000 ____D C:\Users\SQLTELEMETRY
2018-04-21 21:26 - 2017-12-10 13:38 - 000000000 ____D C:\Users\MSSQLSERVER
2018-04-21 20:40 - 2017-12-31 00:27 - 000000000 ____D C:\Users\Abdal\AppData\Local\CrashDumps
2018-04-21 19:59 - 2017-12-07 02:13 - 000000000 ____D C:\Users\Abdal
2018-04-21 18:23 - 2017-12-12 01:43 - 000000000 ____D C:\Users\Abdal\AppData\Local\IE Tab
2018-04-21 00:29 - 2017-12-07 16:59 - 001077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2018-04-21 00:29 - 2017-12-07 16:59 - 000163480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2018-04-21 00:29 - 2017-12-07 16:59 - 000132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2018-04-21 00:26 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-20 21:56 - 2017-12-10 01:14 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\BitTorrent
2018-04-18 01:50 - 2017-12-07 02:15 - 000000000 ____D C:\Users\Abdal\AppData\Local\Packages
2018-04-17 16:20 - 2017-12-07 02:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-17 06:28 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\rescache
2018-04-16 01:32 - 2018-01-12 15:40 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-04-15 10:40 - 2017-12-07 02:33 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-15 09:57 - 2017-12-24 19:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-14 21:09 - 2017-12-07 17:06 - 000000000 ___HD C:\Users\Abdal\AppData\Local\Adobe
2018-04-14 20:40 - 2017-12-22 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-14 20:40 - 2017-12-22 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-04-14 20:40 - 2017-12-22 22:27 - 000000000 ____D C:\Program Files\Java
2018-04-14 20:39 - 2017-12-22 22:28 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-04-14 20:26 - 2018-02-19 00:33 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-14 19:58 - 2018-01-03 21:55 - 000000000 ____D C:\Users\Abdal\AppData\Local\ElevatedDiagnostics
2018-04-14 18:38 - 2018-01-21 00:08 - 000047916 _____ C:\Windows\system32\InstallUtil.InstallLog
2018-04-14 18:33 - 2017-12-07 02:30 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-14 18:33 - 2017-12-07 02:30 - 000000000 __SHD C:\Users\Abdal\IntelGraphicsProfiles
2018-04-14 13:31 - 2017-12-25 22:26 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-04-14 13:11 - 2017-12-10 07:31 - 000000000 ____D C:\Users\Abdal\AppData\LocalLow\Temp
2018-04-14 02:32 - 2017-12-18 23:42 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\vlc
2018-04-14 01:56 - 2017-08-15 18:41 - 000199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2018-04-14 01:56 - 2017-08-15 18:41 - 000135904 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2018-04-14 01:55 - 2016-12-22 07:13 - 000070880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupdisk.sys
2018-04-14 01:55 - 2016-12-20 17:51 - 000093888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwfp.sys
2018-04-14 01:54 - 2016-12-27 07:53 - 000120008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-04-14 01:54 - 2016-10-12 12:29 - 000057032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2018-04-14 01:50 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-04-11 02:36 - 2017-12-07 16:59 - 000617896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2018-04-11 01:32 - 2017-12-10 01:25 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\IDM
2018-04-10 12:54 - 2018-02-11 00:17 - 000000000 ____D C:\Users\Abdal\AppData\Local\LogMeIn Hamachi
2018-04-10 01:42 - 2018-01-21 00:30 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-09 20:07 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-09 20:07 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness
2018-04-09 18:23 - 2017-12-07 17:19 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Notepad++
2018-04-09 16:54 - 2017-09-29 15:46 - 000000155 _____ C:\Windows\win.ini
2018-04-09 14:27 - 2017-12-19 23:26 - 000001852 _____ C:\Windows\Sandboxie.ini
2018-04-07 16:36 - 2018-02-20 01:14 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2018-04-07 16:36 - 2018-02-20 01:14 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2018-04-07 16:36 - 2018-02-20 01:14 - 000122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2018-04-07 16:36 - 2018-02-20 01:14 - 000109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2018-04-07 01:00 - 2018-03-11 21:15 - 000002014 _____ C:\Users\Public\Desktop\AirDroid.lnk
2018-04-06 02:49 - 2017-12-24 00:45 - 000000000 ____D C:\Program Files\DIFX
2018-04-06 00:26 - 2018-02-20 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fez [GOG.com]
2018-04-06 00:26 - 2018-02-03 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2018-04-06 00:26 - 2018-01-21 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2018-04-06 00:26 - 2018-01-19 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blood Knights
2018-04-06 00:26 - 2018-01-18 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gauntlet Slayer Edition
2018-04-06 00:26 - 2017-12-29 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-Developer1412
2018-04-06 00:26 - 2017-09-29 15:49 - 000000000 ____D C:\Windows\Setup
2018-04-06 00:26 - 2017-09-29 15:46 - 000000000 __RSD C:\Windows\media
2018-04-06 00:26 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Registration
2018-04-06 00:26 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Help
2018-04-05 04:48 - 2017-12-10 01:06 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-04-05 04:19 - 2018-01-19 08:21 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\libraries
2018-04-05 02:38 - 2018-01-21 02:15 - 000000000 ____D C:\Users\Abdal\AppData\Local\AMD
2018-04-05 02:32 - 2018-01-21 02:14 - 000000000 ____D C:\Program Files\AMD
2018-04-05 02:31 - 2018-01-21 02:14 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-03 21:37 - 2017-12-22 21:54 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-03 21:37 - 2017-12-22 21:54 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-31 20:35 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\NDF
2018-03-30 23:08 - 2017-12-10 01:25 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-03-30 13:58 - 2018-01-17 18:35 - 000000000 ____D C:\Users\Abdal\AppData\Local\UnrealEngine
2018-03-29 21:37 - 2017-12-07 02:21 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2939746906-1252596266-2071687770-1001
2018-03-29 21:37 - 2017-12-07 02:17 - 000002367 _____ C:\Users\Abdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-27 20:44 - 2018-03-12 15:56 - 000000000 ____D C:\Users\Abdal\Downloads\MEmu Download
2018-03-25 00:05 - 2017-12-07 02:56 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\Mozilla
2018-03-24 03:25 - 2018-03-11 21:15 - 000000000 ____D C:\Program Files (x86)\AirDroid
2018-03-24 03:20 - 2018-03-11 22:00 - 000000000 ____D C:\Users\Abdal\AppData\Roaming\AirDroid

==================== Files in the root of some directories =======

2018-04-11 01:05 - 2018-03-13 17:17 - 000440512 _____ (COMODO) C:\ProgramData\cmdres.dll
2018-02-23 00:16 - 2017-12-25 00:16 - 000000032 ____R () C:\ProgramData\hash.dat
2017-09-29 15:42 - 2017-09-29 15:42 - 000174592 ____N (Microsoft Corporation) C:\Program Files (x86)\EUcTyIuu.exe
2017-09-29 15:42 - 2017-09-29 15:42 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\oEslOk.exe
2018-04-12 18:28 - 2018-04-21 00:28 - 000007606 _____ () C:\Users\Abdal\AppData\Local\Resmon.ResmonCfg
2018-04-21 00:26 - 2018-04-21 00:26 - 000000002 _____ () C:\Users\Abdal\AppData\Local\WMI.ini

Some files in TEMP:
====================
2018-04-21 20:02 - 2018-02-10 08:15 - 001954048 _____ (Microsoft Corporation) C:\Users\Abdal\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-22 01:32

==================== End of FRST.txt ============================


Edited by Iwillsolo, 23 April 2018 - 10:16 AM.


#14 Iwillsolo

Iwillsolo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 April 2018 - 10:17 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by Abdal (23-04-2018 17:11:55)
Running from C:\Users\Abdal\Downloads\Programs
Windows 10 Pro Version 1709 16299.309 (X64) (2017-12-07 09:56:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Abdal (S-1-5-21-2939746906-1252596266-2071687770-1001 - Administrator - Enabled) => C:\Users\Abdal
Administrator (S-1-5-21-2939746906-1252596266-2071687770-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2939746906-1252596266-2071687770-503 - Limited - Disabled)
Guest (S-1-5-21-2939746906-1252596266-2071687770-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2939746906-1252596266-2071687770-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{569F29BA-2D46-439B-8B7C-01D999B9201D}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9F460796-0348-4B11-BCA0-714C4B85E3D7}) (Version: 3.1.2.2 - Intel) Hidden
3DP Chip Lite v17.11.1 (HKLM-x32\...\3DP Chip Lite) (Version: v17.11.1 - 3DP)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Account Verifier (HKLM-x32\...\Account Verifier_is1) (Version:  - )
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Age of Empires II HD The Forgotten (HKLM-x32\...\QWdlb2ZFbXBpcmVzSUlIRFRoZUZvcmdvdHRlbg==_is1) (Version: 1 - )
Age of Empires III (HKLM-x32\...\{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
AhMyth 1.0.0 (only current user) (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\a407c027-bbfb-5f19-8cca-75a9f5fa7adf) (Version: 1.0.0 - AhMyth)
AirDroid 3.6.2.0 (HKLM-x32\...\AirDroid) (Version: 3.6.2.0 - Sand Studio)
Allavsoft 3.15.4.6594 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version:  - Allavsoft Corporation)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.3.4 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Driver Updater 1.11.0.0 (HKLM-x32\...\Auslogics Driver Updater_is1) (Version: 1.11.0.0 - Auslogics Labs Pty Ltd)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.4.0.1226 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Behaviors SDK (XAML) for Visual Studio (HKLM-x32\...\{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Bigasoft Video Downloader Pro 3.15.3.6535 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version:  - Bigasoft Corporation)
BitTorrent (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\BitTorrent) (Version: 7.10.3.44359 - BitTorrent Inc.)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Call of Duty 2 version 1.3.0.0 (HKLM-x32\...\Call of Duty 2_is1) (Version: 1.3.0.0 - Mr DJ)
Camtasia 9 (HKLM\...\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}) (Version: 9.0.4.1948 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{5957dd25-bb4e-4234-9dc0-b3e10a70f636}) (Version: 9.0.4.1948 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Counter-Strike Global Offensive No-Steam (HKLM\...\Counter-Strike Global Offensive_is1) (Version: 1.36.3.1 - Valve Software)
CpuCoreParking (HKLM-x32\...\{62733D95-4AB1-46F7-95AD-68F23E846012}) (Version: 2.0.0.0 - CpuCoreParking)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Edraw Max (HKLM-x32\...\{AD620B22-EF7C-4BDC-9530-F286ECEFA578}) (Version: 8.7.0 - EdrawSoft) Hidden
Edraw Max (HKLM-x32\...\Edraw Max 8.7.0) (Version: 8.7.0 - EdrawSoft)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{3ECF91A4-EE22-4A3A-921F-36ECAA04C13D}) (Version: 1.1.147.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FIFA 08 (HKLM-x32\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
Friday the 13th: The Game (HKLM-x32\...\Friday the 13th: The Game_is1) (Version:  - )
FxSound Enhancer (HKLM-x32\...\DFX) (Version: 13.020 - FxSound)
GameRanger (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\GameRanger) (Version:  - GameRanger Technologies)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1804.0420 - Garena)
GD Hardware Scan (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD)
Generic USB Gamepad Vibration Driver (HKLM-x32\...\{50CD8B4D-CD82-49D1-9E0A-2B7887448068}) (Version: 1.0.0 - Generic USB Gamepad Vibration Driver)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Hello Neighbor (HKLM-x32\...\Hello Neighbor_is1) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HTTP Proxy Injector version 0.0.0.8 (HKLM-x32\...\{63596390-B010-4FEC-B5ED-689972736E50}_is1) (Version: 0.0.0.8 - A-Developer1412)
Human Fall Flat Holiday (HKLM-x32\...\Human Fall Flat Holiday_is1) (Version:  - )
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e7adbf16-34ad-490a-a4e8-feb60fb99973}) (Version: 3.1.2.2 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java SE Development Kit 8 Update 152 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180152}) (Version: 8.0.1520.16 - Oracle Corporation)
JavaScript Tooling (HKLM\...\{2044FC4C-4EA3-4113-BC1E-962DF568D201}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PyCharm Edu 4.0.2 (HKLM-x32\...\PyCharm Edu 4.0.2) (Version: 172.4539 - JetBrains s.r.o.)
join.me (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\JoinMe) (Version: 3.3.1.5358 - LogMeIn, Inc.)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LEGO Worlds (HKLM-x32\...\LEGO Worlds_is1) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.10 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MASS Facebook Account Creator (HKLM-x32\...\MASS Facebook Account Creator2.1.73) (Version: 2.1.73 - Easytech Software Solutions)
MB-Ruler (HKLM-x32\...\{7363206E-C7BD-45CD-89A0-792B28409811}_is1) (Version: 5.3 - Markus Bader)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Policies  (HKLM-x32\...\{256EDCB9-A64D-433C-A1DC-C76F02475915}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{BC247FE3-C61A-4678-86C6-15408F272D57}) (Version: 14.0.17213.0 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{F45421F6-76C3-47EE-8823-7D064A77E1F0}) (Version: 14.0.3881.1 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.4 (HKLM-x32\...\{ac84c935-8f13-4f73-b541-7b09a11bdea8}) (Version: 14.0.17213.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{9D78F5D4-79D2-4FC6-AC56-F364A0ABC54F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{9e6e5a9b-6f0e-40ff-84fb-19cab458402e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mikogo (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\Mikogo) (Version: 5.6.0 - BeamYourScreen GmbH)
Mortal Kombat Komplete Edition (HKLM-x32\...\Mortal Kombat Komplete Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Netsparker - Web Application Security Scanner (4.9.5.17582) (HKLM-x32\...\Netsparker) (Version: 4.9.5.17582 - Netsparker Limited)
Nioh: Complete Edition (HKLM-x32\...\Nioh: Complete Edition_is1) (Version:  - )
Nitro Pro (HKLM\...\{ADC36FA0-52D2-46CB-8D3E-84D7F162652B}) (Version: 11.0.7.425 - Nitro)
Node.js (HKLM\...\{91F74847-89FC-44F0-802A-747D265FDA53}) (Version: 8.9.3 - Node.js Foundation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.7.0 - Duodian Technology Co. Ltd.)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
OneKey Optimizer (HKLM-x32\...\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.2.24.01 - Lenovo) Hidden
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.2.24.01 - Lenovo)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OWASP Site Generator v0.80 (HKLM-x32\...\{1455F71F-86DA-4211-8266-D0981C87916C}) (Version: 0.80.0 - OWASP)
ParkControl (HKLM-x32\...\ParkControl) (Version: 1.2.7.6 - Bitsum)
Patch - Edraw Max 8.7.0.588 (HKLM-x32\...\Patch - Edraw Max 8.7.0.588) (Version: 8.7.0.588 - Crackingpatching.com Team)
PDF Converter (HKLM-x32\...\{5BAEACFD-9AC7-4DF9-8E9E-87EE1C6538B4}) (Version: 1.0.0 - Code7248)
PDF Printer for Windows 10 (HKLM\...\PDF Printer for Windows 10_is1) (Version:  - Vivid Document Imaging Technologies)
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 2.0.35.34126 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{ED6ED3F9-31AC-4360-9F30-7909FC5B66CF}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{88332A12-914F-43C2-A1F2-F5E225642EBD}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{1494D0BD-6284-43C2-87A1-5B2F7A5CA5C1}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{37E3FFCA-6A24-4762-826F-4F43F0A97C2E}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{6F3B51B6-B27B-4D14-96C5-4B1C1D1149B7}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{2F895ED2-6998-4C39-8668-7117804D127A}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{9BC922F2-4D2F-4FD6-B7C8-9E1C63B3ED39}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{D20659F5-61A5-4385-A267-77CF442C1CB0}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{EC492F74-CD9C-419A-8FFA-C49319F59955}) (Version: 2.0.36.34130 - Red Software) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Pro Evolution Soccer 2017 (HKLM-x32\...\Pro Evolution Soccer 2017_is1) (Version:  - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Puffin Browser version 7.1.0.811 (HKLM-x32\...\Puffin Browser_is1) (Version: 7.1.0.811 - CloudMosa, Inc.)
Python 2.7.14 (HKLM-x32\...\{0398A685-FD8D-46B3-9816-C47319B0CF5E}) (Version: 2.7.14150 - Python Software Foundation)
Python 3.6.3 (32-bit) (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\{1bb10b8c-6e63-4897-9fb2-3873ce30d7e1}) (Version: 3.6.3150.0 - Python Software Foundation)
Python 3.6.3 Add to Path (32-bit) (HKLM-x32\...\{04AE65E4-FC7A-43A7-AC1E-E3E019EF07F5}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (32-bit debug) (HKLM-x32\...\{0DB6371A-ED50-4FD1-8495-5CEA9E17229A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (32-bit symbols) (HKLM-x32\...\{2A3DA847-A82A-4721-ADF4-7C2E8E67CAB0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (32-bit) (HKLM-x32\...\{52D39C34-E5F5-41AE-88CD-5DE66C9150B4}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (32-bit debug) (HKLM-x32\...\{A8AF8459-79E7-4FD1-A8B7-ECBB8AC12539}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (32-bit) (HKLM-x32\...\{F7D9BDE7-2C35-4F7E-AEBE-9F3028451087}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Documentation (32-bit) (HKLM-x32\...\{20EB04A7-B5EF-485E-9440-F36214C5501D}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit debug) (HKLM-x32\...\{4CB411DF-857C-4692-8C2F-5D8FF2C3810C}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit symbols) (HKLM-x32\...\{4F807546-1DFD-4CC1-9B71-5F651A1E0945}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (32-bit) (HKLM-x32\...\{CA16E2AA-4499-4FE5-A88C-174612920734}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 pip Bootstrap (32-bit) (HKLM-x32\...\{DA64A828-F7A9-4A19-97BD-3A9A63CEB972}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit debug) (HKLM-x32\...\{3BA3A409-15A7-416B-85EF-A3EDBE4F2F29}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit symbols) (HKLM-x32\...\{E3EA5E7C-9CC4-4641-8988-D9B7B5A95E98}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (32-bit) (HKLM-x32\...\{14843392-E9B3-4031-BCF6-FC00D5791AA8}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit debug) (HKLM-x32\...\{E35569AC-7C2B-446D-B356-098136E7DFFD}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit symbols) (HKLM-x32\...\{933E1EE6-4186-475E-B4BE-B8DD733E9F29}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AE89BB1E-1C06-4556-AA05-A6628DE07BA9}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit debug) (HKLM-x32\...\{3A8E1A30-6897-4E20-95A4-65D8BFF60415}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit symbols) (HKLM-x32\...\{A2FBB4D9-5DC2-4409-BA6F-9D5A9D0D5669}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (32-bit) (HKLM-x32\...\{63208505-67AD-4AAC-BD7B-00DE5B83BAF0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Utility Scripts (32-bit) (HKLM-x32\...\{6CF91DC2-CED3-410B-88BB-E048C994AA1A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
Python Tools Redirection Template (HKLM-x32\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
R.A.W. - Realms of Ancient War (HKLM-x32\...\R.A.W. - Realms of Ancient War_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roblox Player for Abdal (HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
RogueKiller version 12.12.12.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.12.0 - Adlice Software)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Rules of Survival version 1.140497.141609 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.140497.141609 - Hong Kong Netease Interactive Entertainment Limited)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.22 (64-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC)
Scratch 2 Offline Editor (HKLM-x32\...\{7CD894B0-306F-6177-ECDD-B81E06BA4C83}) (Version: 255 - Massachusetts Institute of Technology) Hidden
Screenleap (HKLM-x32\...\{F5358512-741D-44AB-B397-121E5B2DBC90}) (Version: 13.3 - Screenleap, Inc.)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
SharePoint Client Components (HKLM\...\{95150001-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.24.9651 - SoftEther VPN Project)
SQL Server 2017 Analysis Services (HKLM\...\{318D7429-28C1-4F0A-B9DE-A25F0D1FA5CA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Analysis Services (HKLM\...\{5B485C7F-A833-40C1-9080-1A2F30CEB4E2}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{6CE9A8AA-C478-4706-BD28-95993D52B5A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{D17B5D3D-3BC7-4AFA-AD90-600B5453826E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Data quality service (HKLM\...\{85583F70-5D51-4A6A-A896-F51E190E35FB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Data quality service (HKLM\...\{93B2CA2D-9E55-447C-8AC8-E7CB81F8CC0E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Full text search (HKLM\...\{C37AD300-12CF-4911-9019-A05D66055EB4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{6BD8D100-B16C-409E-B0EA-BF508D7874EC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{91C5EE43-29D1-4720-AB65-5E2E0FE25990}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{6492E746-1C5D-48C2-A92A-97D431F74664}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{70C24F35-7E36-45FC-B289-3D2849E5556B}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Data Quality Common (HKLM\...\{CC2BCB9E-24C0-4681-B2E7-80B0DBC6211E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{1B8CFC46-1F08-4DA7-9FEA-E1F523FBD67F}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{F8ADD24D-F2F2-465C-A675-F12FDB70DB82}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{CC6997A7-1638-4E38-B6CF-E776997036B0}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{4DDEB555-26D2-4E68-98AF-8F96232C13F2}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{CFCC9F40-E234-499E-B3DA-BEF6CC724C35}) (Version: 14.0.17213.0 - Microsoft Corporation) Hidden
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Taskbar Hide (HKLM-x32\...\Taskbar Hide) (Version:  - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.5640 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Cursed Crusade (HKLM-x32\...\The Cursed Crusade_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Tora (64 bit) (HKLM\...\{2C4A5817-F077-4D45-A155-82DDFCBBBD80}) (Version: 3.2.82.0 - TOra)
Trine 3: The Artifacts of Power (HKLM-x32\...\Trine 3: The Artifacts of Power_is1) (Version:  - )
Trinus AIOVR version 0.5.1 (HKLM-x32\...\{C5AC423D-84AC-45D8-B304-5A369C17D392}}_is1) (Version: 0.5.1 - Odd Sheep SL)
TrinusVR version 2.1.5 (HKLM-x32\...\{A66AD08F-FC5B-4583-9A7D-4636F5637B2C}_is1) (Version: 2.1.5 - Odd Sheep SL)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
UCheck version 2.3.3.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.3.0 - Adlice Software)
UltraISO Premium V9.71 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unreal Development Kit: 2012-07 (HKLM\...\UDK-e108ef83-9abb-45d0-9ea2-78326e772eac) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: 2007.07.3 - )
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
Viscera Cleanup Detail (HKLM-x32\...\Viscera Cleanup Detail_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - AMD (amdkmpfd) System  (10/19/2017 17.50.0.0000) (HKLM\...\03B6CE97C907E6AC5322B429A93FD7F521E139FE) (Version: 10/19/2017 17.50.0.0000 - AMD)
Windows Driver Package - Cypress Semiconductor, Inc (cykbfltrService) Keyboard  (06/24/2015 2.5.1.72) (HKLM\...\1ECD12B803C107D8EDB315C6205B99B9E2265F43) (Version: 06/24/2015 2.5.1.72 - Cypress Semiconductor, Inc)
Windows Driver Package - ELAN SMBus (ETDSMBus) System  (12/14/2017 24.12.0.4) (HKLM\...\BCC38687BCFA2BC66E715AF3F36ABE30D5E0F413) (Version: 12/14/2017 24.12.0.4 - ELAN SMBus)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Intel (ICCWDT) System  (09/19/2017 11.7.0.1000) (HKLM\...\EEBA6EE175220DFB953515EBCFE35388B3811FA5) (Version: 09/19/2017 11.7.0.1000 - Intel)
Windows Driver Package - Intel (MEIx64) System  (01/16/2018 1803.12.0.1093) (HKLM\...\92903FEBE6DB7EE9B14CE034036E874FC1057826) (Version: 01/16/2018 1803.12.0.1093 - Intel)
Windows Driver Package - Intel Corporation (btmaux) BluetoothAuxiliary  (10/26/2017 20.20.0.2) (HKLM\...\EC18A039BBF142EB6AA1520888C9CA5546AAA6A4) (Version: 10/26/2017 20.20.0.2 - Intel Corporation)
Windows Driver Package - Intel hdc  (07/31/2013 9.5.0.1005) (HKLM\...\CFD986494125AFC7A58F5213B3FBFC32A051F5A8) (Version: 07/31/2013 9.5.0.1005 - Intel)
Windows Driver Package - INTEL System  (11/11/2017 10.1.1.44) (HKLM\...\78D370C32F6AEE963334E22E0E03A513FA752E53) (Version: 11/11/2017 10.1.1.44 - INTEL)
Windows Driver Package - INTEL System  (11/11/2017 10.1.1.44) (HKLM\...\ADCB706DCCD57F65A9DE792095F987C072853C9B) (Version: 11/11/2017 10.1.1.44 - INTEL)
Windows Driver Package - INTEL USB  (11/11/2017 10.1.1.44) (HKLM\...\6272235361BC75B12CD9F3E84F7335BC4D0C77CA) (Version: 11/11/2017 10.1.1.44 - INTEL)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device  (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (01/26/2018 15.11.28.184) (HKLM\...\28290D444D77F367B00F958125C128F40BB6C0D8) (Version: 01/26/2018 15.11.28.184 - Lenovo)
Windows Driver Package - LXD Company (HidUsb) HIDClass  (01/26/2013 21.8.1.319) (HKLM\...\CAAE11D4E4DF0C6208A674299DF9A85B6A5B30A7) (Version: 01/26/2013 21.8.1.319 - LXD Company)
Windows Driver Package - Qualcomm Atheros Communications (AthBTPort) BluetoothVirtual  (06/22/2016 4.0.0.688) (HKLM\...\01069D6802A68D1F83307E6BCAE2264CE16C91D4) (Version: 06/22/2016 4.0.0.688 - Qualcomm Atheros Communications)
Windows Driver Package - Realtek (rt640x64) Net  (01/19/2018 10.025.0119.2018) (HKLM\...\05E54C8BB51CAF1C3D957DBB29D9AEE097CD139E) (Version: 01/19/2018 10.025.0119.2018 - Realtek)
Windows Driver Package - Realtek Camera  (03/14/2018 10.0.16299.20029) (HKLM\...\64B5871FE2B085CBFAF78C83F865F19AD2617E13) (Version: 03/14/2018 10.0.16299.20029 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. (RTSUER) USB  (02/27/2018 10.0.16299.31241) (HKLM\...\2ED8ED7B356FF47FC213BB75680723BA40A8DDCA) (Version: 02/27/2018 10.0.16299.31241 - Realtek Semiconductor Corp.)
Windows Driver Package - Surface Battery  (05/23/2017 1.2.28.0) (HKLM\...\CAAD91B24DF4F14E41EF0AE59A69DE74F30A641F) (Version: 05/23/2017 1.2.28.0 - Surface)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wirecast (HKLM\...\{AE5F5637-A698-4ED2-87A3-F520A563DDBF}) (Version: 7.6.0 - Telestream LLC)
Wireshark 2.4.4 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.4 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Filmora(Build 8.0.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Workflow Manager Client 1.0 (HKLM\...\{199C6892-5DED-409B-88B2-3BE6421552B2}) (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{E1F79421-EC32-437F-8525-ABE902C85AC5}) (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Worms Reloaded - Game of the Year Edition (HKLM-x32\...\Worms Reloaded - Game of the Year Edition_is1) (Version:  - )
XSplit Broadcaster (HKLM-x32\...\{EAF6A5D2-2F0E-48B3-AAAC-D609C9CE6A86}) (Version: 3.2.1711.2907 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939746906-1252596266-2071687770-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-12-05] ()
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-14] (AO Kaspersky Lab)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2018-01-24] (Nitro Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-14] (AO Kaspersky Lab)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-14] (AO Kaspersky Lab)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-03-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-04-23] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-04-14] (AO Kaspersky Lab)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DE6BEA6-A9CD-4A24-8ECE-A1CF25AFC1ED} - System32\Tasks\{5AB2BBCC-22B1-FACC-36D3-162889AE9C17} => C:\Program Files (x86)\Common Files\oEslOk.exe [2017-09-29] (Microsoft Corporation)
Task: {111FD19A-7F3C-4453-9CD1-31FE6605C471} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {144194D1-2205-4389-ACC9-BBEBB34E94BD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {14E5AE29-CBAC-4C51-A191-D99E3447D130} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0080fd25-99ea-4d41-984b-95f263d2f305 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {17FDB31D-6307-4D0A-99A4-FCC297F167E8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {2F3DC70B-ECF0-4C59-B806-0B154081C3C5} - \MailRuUpdater -> No File <==== ATTENTION
Task: {3A727130-4DD4-4346-9FB8-184304C72BE6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-01] (Microsoft Corporation)
Task: {511BA8B8-8F1D-4A9B-B8B0-AB40BE0C5C2B} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2018-04-04] (Garena Online )
Task: {570A78C3-B083-499F-B125-957D6428A3C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {66496D6E-0E9D-4435-9207-C5F5EA9749B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-01] (Microsoft Corporation)
Task: {7603A4EC-16AC-4B93-AEDA-4024598BBEB3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2d9ea82d-4397-49ce-b93c-6bdfc3a2f058 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {9CF14C59-384F-429E-BB9C-33EB045DEB85} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a309b27d-4c10-4693-b0f8-ab90a1730cb0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {A84E586B-ACD4-4594-A452-6C7757101628} - System32\Tasks\{A4868951-1ED3-CB4F-0679-660CA04102AB} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://jijitel.net/cl/?guid=184n4izi0f5ey61t1n4q1jbhpsddti5k&prid=1&pid=5_1301_98496
Task: {B97E74A6-6794-4BA1-AEB0-5D94EB9757EA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2135c60f-b2b2-4866-b559-24cce9ecefc8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {BBEC1DA4-9118-438A-8279-B60D63DCFE7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-17] (Google Inc.)
Task: {C84FB0D0-E1F2-465E-881D-3B80912C570E} - System32\Tasks\{B7A3252A-FB84-9B70-FCD5-67A07442DD1A} => C:\Windows\SysWOW64\iyAEYCAn.exe [2017-09-29] (Microsoft Corporation)
Task: {D244BBCC-D8F9-4530-A410-60E76AA5C195} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-17] (Google Inc.)
Task: {D9E01480-2E1D-4B99-B9C1-C61A55043CA1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-09-29 15:41 - 2017-09-29 15:41 - 000419840 _____ () c:\windows\system32\SSDM.dll
2017-12-10 07:34 - 2012-08-31 15:03 - 000288768 _____ () C:\Windows\System32\HP1100LM.DLL
2017-12-10 07:34 - 2012-08-31 15:02 - 000074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2018-01-20 22:57 - 2015-01-30 11:03 - 000037672 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2018-01-20 22:57 - 2015-01-30 11:03 - 000166696 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2018-03-01 14:51 - 2018-03-01 14:51 - 008901800 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2018-03-16 22:33 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-16 22:33 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-24 03:15 - 2018-03-24 03:19 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-24 03:15 - 2018-03-24 03:19 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-24 03:15 - 2018-03-24 03:20 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-24 03:15 - 2018-03-24 03:19 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-24 03:15 - 2018-03-24 03:16 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-10 01:46 - 2018-01-10 01:46 - 000791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2018-01-10 01:46 - 2018-01-10 01:46 - 000097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2018-01-20 22:57 - 2015-01-30 11:03 - 000043304 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2018-01-20 22:57 - 2015-01-30 11:04 - 000036136 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2018-01-20 22:57 - 2015-01-27 15:34 - 000159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2017-12-05 23:20 - 2017-12-05 23:20 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-10-13 08:46 - 2017-10-13 08:46 - 000266424 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\libprotobuf-lite.dll
2018-04-04 14:45 - 2018-04-04 14:45 - 001442624 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\libs\gxx_pipe_engine.dll
2018-04-04 14:45 - 2018-04-04 14:45 - 002206528 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\libs\FSFileSytem.dll
2018-04-11 22:10 - 2018-04-11 22:10 - 016533472 _____ () D:\Online\ros\ros.exe
2018-03-25 00:45 - 2018-03-02 15:05 - 002097480 _____ () D:\Online\ros\NtUniSdkMpayOversea.dll
2018-03-25 01:12 - 2018-01-16 12:18 - 000191336 _____ () C:\Users\Abdal\AppData\Roaming\CC\ccipc.dll
2018-03-25 00:45 - 2018-01-16 12:18 - 000682344 _____ () D:\Online\ros\ccmini\AudioEngine.dll
2018-03-25 00:45 - 2018-01-16 12:18 - 001188200 _____ () D:\Online\ros\ccmini\AudioCC.dll
2018-03-25 00:45 - 2018-01-16 12:18 - 000354664 _____ () D:\Online\ros\ccmini\AudioCore.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Program Files (x86)\Netsparker:{32006F00-6E00-5600-5800-5A0050006200} [620]
AlternateDataStreams: C:\Program Files (x86)\Netsparker:{38003100-6600-3700-6C00-300078003900} [192]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\AirDroid:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Allavsoft:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Assassin's Creed Revelations:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Bandicam:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Banished:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\BlackSquad:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\BloodKnights:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\FeedbackHub:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\FIFA 08:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\FreeReign:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\KoeiTecmo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\KONAMI:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Leapdroid:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Mikogo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\My ISO Files:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\MyEtherWallet:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Netsparker:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\SQL Server Management Studio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Tunngle:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Visual Studio 2015:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\WindowsPowerShell:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Abdal\OneDrive\Documents\Wondershare Filmora:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2018-04-21 00:29 - 000005824 _____ C:\Windows\system32\Drivers\etc\hosts

182.253.238.102 localhost
182.253.238.102 www.puasaciter.com
182.253.238.102 puasaciter.com
182.253.238.102 citpekalongan.net
182.253.238.102 www.citpekalongan.net
182.253.238.102 www.pekalongan-kommuniti.net
182.253.238.102 wawcheatvip.blogspot.co.id
182.253.238.102 wawcheatvip.blogspot.com
182.253.238.102 waw-jakarta-cheater.blogspot.co.id
182.253.238.102 waw-jakarta-cheater.blogspot.com
182.253.238.102 pekalongan-kommuniti-cheat.blogspot.com
182.253.238.102 pekalongan-kommuniti-cheat.blogspot.co.id
182.253.238.102 www.pekalongankomuniti.com
182.253.238.102 pekalongan-kommunitiy.blogspot.com
182.253.238.102 pointblankidhack.xyz
182.253.238.102 pekalongan-kommuniti.net
182.253.238.102 rhm-files.blogspot.co.id
182.253.238.102 www.rhm-files.blogspot.co.id
182.253.238.102 rhm-files.blogspot.com
182.253.238.102 sites.google.com
182.253.238.102 www.rhm-files.blogspot.com
182.253.238.102 rhm-files.blogspot.sg
182.253.238.102 www.rhm-files.blogspot.sg
182.253.238.102 mrcheat.us
182.253.238.102 www.mrcheat.us
182.253.238.102 www.mrcheat.net
182.253.238.102 mrcheat.net
182.253.238.102 rhm-files.blogspot.co.uk
182.253.238.102 www.rhm-files.blogspot.co.uk
182.253.238.102 rhm-files.blogspot.de

There are 126 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abdal\OneDrive\Desktop\backs\37.jpg
HKU\S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AVP18.0.0 => 2
MSCONFIG\Services: CG6Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DSAService => 2
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FastbootService => 2
MSCONFIG\Services: GarenaPlatform => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: ImControllerService => 2
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: klvssbridge64_18.0.0 => 3
MSCONFIG\Services: KMS-R@1n => 2
MSCONFIG\Services: KSDE2.0.0 => 2
MSCONFIG\Services: Lenovo OKO Service => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LHDeleteOnRestartSvc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MEmusvc => 2
MSCONFIG\Services: Mikogo-Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: OKOControlSvc => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PDFescape Desktop => 3
MSCONFIG\Services: PDFescape Desktop Creator => 2
MSCONFIG\Services: PinnacleUpdateSvc => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: SEVPNCLIENT => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 3
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\Services: Win10PDFPrinting => 2
MSCONFIG\Services: WindscribeService => 2
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "USB Gamepad"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Win10PDF"
HKLM\...\StartupApproved\Run32: => "FxSound Enhancer"
HKLM\...\StartupApproved\Run32: => "chrome"
HKLM\...\StartupApproved\Run32: => "XPE"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\StartupFolder: => "GameRanger.lnk"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Google Updater"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A87E0604F90DEBC18D61BDF62CF57B38"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Mikogo"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Screenleap"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "ExpressVPN4"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "MicrosoftRuntime"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "Voobly"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{34BB6FDE-D525-4592-A393-1F3E2F8EF480}D:\online\ros\ros.exe] => (Allow) D:\online\ros\ros.exe
FirewallRules: [UDP Query User{A013245F-1F86-49BE-AEF0-EE41A6758362}D:\online\ros\ros.exe] => (Allow) D:\online\ros\ros.exe
FirewallRules: [TCP Query User{6BF9D593-057C-4BBB-8439-BC9C62A89144}D:\online\ros\ccmini\ccmini.exe] => (Allow) D:\online\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{EAB15BA9-997A-460A-BC8C-9E0BEFAA01FD}D:\online\ros\ccmini\ccmini.exe] => (Allow) D:\online\ros\ccmini\ccmini.exe
FirewallRules: [{2DC7FE83-6B7E-4152-A5AD-7F0922AD3D2B}] => (Allow) D:\Online\Steam\Steam.exe
FirewallRules: [{D8F84E0D-3BA1-4066-AFD0-C55BA51CBCE1}] => (Allow) D:\Online\Steam\Steam.exe
FirewallRules: [{11BD655E-0D49-4AA9-81DF-18926277179D}] => (Allow) D:\Online\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{64F9B570-66F7-44B5-ADC4-BB1B58907EFC}] => (Allow) D:\Online\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A741C67A-E350-4005-9012-C164DFE5D32A}] => (Allow) D:\Online\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D5F4B327-08A7-46CB-A19E-BB4EC9CA26D9}] => (Allow) D:\Online\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{FC75E2CF-ABE5-4C86-92EB-910C9BACA3B2}D:\online\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\online\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [UDP Query User{AA557C49-53D2-44A3-BDBC-A6FF0200ADBC}D:\online\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\online\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [TCP Query User{7AC869E8-6138-49E9-BD9D-3E5938F606B6}C:\users\abdal\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\abdal\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{57E4B978-6020-4013-AFCD-979BE1DD5198}C:\users\abdal\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\abdal\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{E49FA48D-6705-486E-A7ED-D927140B7286}E:\offline games\csgo\csgo.exe] => (Allow) E:\offline games\csgo\csgo.exe
FirewallRules: [UDP Query User{C66F686B-DE3C-4036-9A8D-D0294B1A2312}E:\offline games\csgo\csgo.exe] => (Allow) E:\offline games\csgo\csgo.exe
FirewallRules: [TCP Query User{745DC95B-E69C-421D-ADF2-D679DB956FC6}D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{F96A1F76-3364-4CBF-AD85-379D5FD17697}D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\online\epicgames\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{2A4DDDF1-3EB5-47D2-B71F-CD579B7B2302}D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{7C106BE9-3F02-4368-B56F-FF56A8EEEC5A}D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\online\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{31DDE920-8053-4C9C-AB61-CFF447ECD483}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{939AF9B2-F0FC-4B0D-B3A4-0C1397D21266}D:\online\riotgames\lol\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\online\riotgames\lol\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{124B3D5C-EB3C-44B5-821F-66884C1ABFE1}D:\online\riotgames\lol\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) D:\online\riotgames\lol\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{81E0E29B-8F2D-406C-836B-EA5C3385FA1F}] => (Allow) D:\Online\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{7AF16062-3E22-4342-9840-DB416A3EA8F0}] => (Allow) D:\Online\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{15C94BF6-3492-4B07-BA61-2D3813650212}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8FABED65-660B-49AE-A58C-C19EB23270E6}] => (Allow) C:\Windows\SysWOW64\iyAEYCAn.exe
FirewallRules: [{A5738BBC-29D0-48A2-9539-406853D2021A}] => (Allow) C:\Program Files (x86)\Common Files\oEslOk.exe
FirewallRules: [{CF330547-FEC1-4591-8B58-0CA2E637952A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [TCP Query User{87006709-BB77-44BB-8E9F-83AD82BC8E2A}C:\program files (x86)\shareit technologies\shareit\shareit.exe] => (Allow) C:\program files (x86)\shareit technologies\shareit\shareit.exe
FirewallRules: [UDP Query User{7721A2D2-444D-4481-AA39-FE1E3C13DE4B}C:\program files (x86)\shareit technologies\shareit\shareit.exe] => (Allow) C:\program files (x86)\shareit technologies\shareit\shareit.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter #2
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2018 04:28:00 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (04/23/2018 04:27:59 PM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac.mdf for file number 1.  OS error: 2(The system cannot find the file specified.).

Error: (04/23/2018 04:21:04 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (04/23/2018 04:21:04 PM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac.mdf for file number 1.  OS error: 2(The system cannot find the file specified.).

Error: (04/23/2018 04:13:53 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (04/23/2018 04:13:53 PM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac.mdf for file number 1.  OS error: 2(The system cannot find the file specified.).

Error: (04/21/2018 09:28:29 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (04/21/2018 09:28:29 PM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA\mac.mdf for file number 1.  OS error: 2(The system cannot find the file specified.).


System errors:
=============
Error: (04/23/2018 04:47:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/23/2018 04:30:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: 2018-04 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4093112).

Error: (04/23/2018 04:26:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/23/2018 04:26:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS

Error: (04/23/2018 04:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/23/2018 04:19:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS

Error: (04/23/2018 04:14:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (04/23/2018 04:12:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading


==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 67%
Total physical RAM: 8110.94 MB
Available physical RAM: 2653.22 MB
Total Virtual: 10030.94 MB
Available Virtual: 4131.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.17 GB) (Free:3.25 GB) NTFS
Drive d: () (Fixed) (Total:390.62 GB) (Free:58.75 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:43.4 GB) NTFS

\\?\Volume{23680329-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 23680329)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:40 PM

Posted 23 April 2018 - 01:56 PM

  • Highlight the entire content of the quote box below.

Start::
2018-04-21 00:26 - 2018-04-21 00:26 - 000003910 _____ C:\Windows\System32\Tasks\{A4868951-1ED3-CB4F-0679-660CA04102AB}
2018-04-21 00:26 - 2018-04-21 00:26 - 000003766 _____ C:\Windows\System32\Tasks\{B7A3252A-FB84-9B70-FCD5-67A07442DD1A}
2018-04-21 00:26 - 2018-04-21 00:26 - 000003594 _____ C:\Windows\System32\Tasks\{5AB2BBCC-22B1-FACC-36D3-162889AE9C17}
Task: {0DE6BEA6-A9CD-4A24-8ECE-A1CF25AFC1ED} - System32\Tasks\{5AB2BBCC-22B1-FACC-36D3-162889AE9C17} => C:\Program Files (x86)\Common Files\oEslOk.exe [2017-09-29] (Microsoft Corporation)
Task: {A84E586B-ACD4-4594-A452-6C7757101628} - System32\Tasks\{A4868951-1ED3-CB4F-0679-660CA04102AB} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://jijitel.net/cl/?guid=184n4izi0f5ey61t1n4q1jbhpsddti5k&prid=1&pid=5_1301_98496
Task: {C84FB0D0-E1F2-465E-881D-3B80912C570E} - System32\Tasks\{B7A3252A-FB84-9B70-FCD5-67A07442DD1A} => C:\Windows\SysWOW64\iyAEYCAn.exe [2017-09-29] (Microsoft Corporation)
C:\Users\Abdal\Downloads\vcA2.rar
C:\82ace7d6-0197-474d-bf4b-a2043e72329b
Task: {2F3DC70B-ECF0-4C59-B806-0B154081C3C5} - \MailRuUpdater -> No File <==== ATTENTION
Task: {2F3DC70B-ECF0-4C59-B806-0B154081C3C5} - \MailRuUpdater -> No File <==== ATTENTION
Task: {A84E586B-ACD4-4594-A452-6C7757101628} - System32\Tasks\{A4868951-1ED3-CB4F-0679-660CA04102AB} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://jijitel.net/cl/?guid=184n4izi0f5ey61t1n4q1jbhpsddti5k&prid=1&pid=5_1301_98496
HKU\S-1-5-21-2939746906-1252596266-2071687770-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A87E0604F90DEBC18D61BDF62CF57B38"
FirewallRules: [{A5738BBC-29D0-48A2-9539-406853D2021A}] => (Allow) C:\Program Files (x86)\Common Files\oEslOk.exe
FirewallRules: [{8FABED65-660B-49AE-A58C-C19EB23270E6}] => (Allow) C:\Windows\SysWOW64\iyAEYCAn.exe
HOSTS:
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users