Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A very strange virus or failed MS update


  • This topic is locked This topic is locked
No replies to this topic

#1 hw_g

hw_g

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:02:54 AM

Posted 16 April 2018 - 10:53 PM

Hello,
 
Last night everything was running perfectly.  I only had Firefox opened and was on the internet watching youtube videos and on Facebook.  I closed down the program and shutdown the machine before going to bed.  When I woke up this morning and turned on the pc, all my desktop icons were different!  They had moved, half of them were gone and my recycle bin was full of files.  Programs and files were missing which I did not delete.  Then when I opened up Firefox EVERYTHING was gone!  All my bookmarks which was at least 10 years of research, all my history was gone.  I never delete history and no one uses this machine but me.  What has happened?  IS this a nasty virus?
 
Here is my FRST file:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by roe (administrator) on MININT-VMD2VAN (16-04-2018 19:07:52)
Running from \\NAS1\media\Applications\Backup material for Dell 4-16-2018
Loaded Profiles: roe &  (Available Profiles: roe) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Farbar) \\NAS1\media\Applications\Backup material for Dell 4-16-2018\FRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-02-06] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [416_175010231671] => C:\Program Files (x86)\LMIR0002.tmp_r.bat [512 2018-04-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-10-11]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-10-11]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-04-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\TEMP\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F5597A09-EA09-4DA6-BA7D-F3C18DB797A3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155538327 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155559910 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155538888 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155600570 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Handler: ipp - No CLSID Value
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tlpx6ura.default
FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\tlpx6ura.default [2018-04-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\tlpx6ura.default\features\{5eec5e4d-2de6-4b66-a1bb-543faeb01af0}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-16] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-01-26] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-01-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @citrixonline.com/appdetectorplugin -> C:\Users\roe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @talk.google.com/GoogleTalkPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @talk.google.com/O1DPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @tools.google.com/Google Update;version=3 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @tools.google.com/Google Update;version=9 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @citrixonline.com/appdetectorplugin -> C:\Users\roe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @talk.google.com/GoogleTalkPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @talk.google.com/O1DPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @tools.google.com/Google Update;version=3 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @tools.google.com/Google Update;version=9 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome Canary.5FNUW2REDWPRAH4USZQPBWQJJY - C:\Users\roe\AppData\Local\Google\Chrome SxS\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730048 2015-02-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-23] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-16] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-09-13] ()
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
U0 aswVmm; no ImagePath
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S1 imbqnrju; \??\C:\Windows\system32\drivers\imbqnrju.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 17:19 - 2018-04-15 23:14 - 015728640 _____ C:\Users\TEMP\Desktop\places.sqlite
2018-04-16 17:15 - 2018-04-16 17:15 - 000000703 _____ C:\Program Files (x86)\LMIR0002.tmp.bat
2018-04-16 17:15 - 2018-04-16 17:15 - 000000512 _____ C:\Program Files (x86)\LMIR0002.tmp_r.bat
2018-04-16 16:56 - 2018-04-16 16:58 - 000000000 ____D C:\ProgramData\WRData
2018-04-16 16:53 - 2018-04-16 16:53 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2018-04-16 16:52 - 2018-04-16 17:16 - 000000000 ____D C:\Users\TEMP\AppData\Local\LogMeIn Rescue Applet
2018-04-16 16:52 - 2018-04-16 16:52 - 002185768 _____ (LogMeIn, Inc.) C:\Users\TEMP\Downloads\Support-LogMeInRescue.exe
2018-04-16 16:26 - 2018-04-16 16:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\TeamViewer
2018-04-16 16:18 - 2018-04-16 16:18 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-16 16:18 - 2018-04-16 16:18 - 000001037 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-04-16 16:18 - 2018-04-16 16:18 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\TeamViewer
2018-04-16 16:16 - 2018-04-16 16:16 - 020367104 _____ (TeamViewer GmbH) C:\Users\TEMP\Downloads\TeamViewer_Setup.exe
2018-04-16 15:52 - 2018-04-16 16:59 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000001873 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-16 15:52 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-16 15:51 - 2018-04-16 15:51 - 073446016 _____ (Malwarebytes ) C:\Users\TEMP\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4756.exe
2018-04-16 11:43 - 2018-04-16 11:43 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\WinRAR
2018-04-16 11:27 - 2018-04-16 18:07 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2018-04-16 11:27 - 2018-04-16 11:31 - 000000000 ____D C:\Users\TEMP\AppData\Local\Mozilla
2018-04-16 11:27 - 2018-04-16 11:27 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2018-04-16 11:24 - 2018-04-16 11:24 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Sun
2018-04-16 11:24 - 2018-04-16 11:24 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Sun
2018-04-16 11:20 - 2018-04-16 11:20 - 000000000 ____D C:\Users\TEMP\AppData\Local\Intuit
2018-04-16 11:19 - 2018-04-16 16:36 - 000108608 _____ C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-16 11:19 - 2018-04-16 11:26 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Canon
2018-04-16 11:19 - 2018-04-16 11:19 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Apple Computer
2018-04-16 11:18 - 2018-04-16 11:18 - 000001419 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-16 11:18 - 2018-04-16 11:18 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2018-04-16 11:18 - 2018-04-16 11:18 - 000000000 ____D C:\Users\TEMP\AppData\Local\Google
2018-04-16 11:17 - 2018-04-16 11:17 - 000000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2018-04-16 11:16 - 2018-04-16 11:18 - 000000000 ____D C:\Users\TEMP
2018-04-16 11:16 - 2018-04-16 11:16 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2018-04-16 11:16 - 2010-11-21 00:16 - 000000000 ___HD C:\Users\TEMP\AppData\Roaming\Media Center Programs
2018-04-14 10:51 - 2018-03-30 19:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-14 10:51 - 2018-03-30 19:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-14 10:51 - 2018-03-30 19:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-14 10:51 - 2018-03-30 19:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-14 10:51 - 2018-03-30 19:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-14 10:51 - 2018-03-30 18:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-14 10:51 - 2018-03-30 18:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-14 10:51 - 2018-03-30 18:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-14 10:51 - 2018-03-30 18:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-14 10:51 - 2018-03-30 18:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-14 10:51 - 2018-03-30 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-14 10:51 - 2018-03-30 18:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-14 10:51 - 2018-03-30 18:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-14 10:51 - 2018-03-30 18:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-14 10:51 - 2018-03-30 18:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-14 10:51 - 2018-03-30 17:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-14 10:51 - 2018-03-30 17:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-14 10:51 - 2018-03-30 17:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-14 10:51 - 2018-03-28 00:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-14 10:51 - 2018-03-23 11:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-14 10:51 - 2018-03-23 10:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-14 10:51 - 2018-03-22 16:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-14 10:51 - 2018-03-22 14:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-14 10:51 - 2018-03-22 14:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-14 10:51 - 2018-03-22 14:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-14 10:51 - 2018-03-22 14:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-14 10:51 - 2018-03-22 14:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-14 10:51 - 2018-03-22 14:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-14 10:51 - 2018-03-22 14:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-14 10:51 - 2018-03-22 14:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-14 10:51 - 2018-03-22 14:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-14 10:51 - 2018-03-22 14:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-14 10:51 - 2018-03-22 14:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-14 10:51 - 2018-03-22 14:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-14 10:51 - 2018-03-22 14:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-14 10:51 - 2018-03-22 14:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-14 10:51 - 2018-03-22 14:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-14 10:51 - 2018-03-22 13:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-14 10:51 - 2018-03-22 13:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-14 10:51 - 2018-03-22 13:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-14 10:51 - 2018-03-22 13:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-14 10:51 - 2018-03-22 13:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-14 10:51 - 2018-03-22 13:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-14 10:51 - 2018-03-22 13:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-14 10:51 - 2018-03-22 13:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-14 10:51 - 2018-03-22 13:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-14 10:51 - 2018-03-22 13:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-14 10:51 - 2018-03-22 13:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-14 10:51 - 2018-03-22 13:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-14 10:51 - 2018-03-22 13:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-14 10:51 - 2018-03-22 13:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-14 10:51 - 2018-03-22 13:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-14 10:51 - 2018-03-22 13:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-14 10:51 - 2018-03-22 13:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-14 10:51 - 2018-03-22 13:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-14 10:51 - 2018-03-22 13:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-14 10:51 - 2018-03-22 13:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-14 10:51 - 2018-03-22 13:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-14 10:51 - 2018-03-22 13:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-14 10:51 - 2018-03-22 13:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-14 10:51 - 2018-03-22 13:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-14 10:51 - 2018-03-22 13:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-14 10:51 - 2018-03-22 13:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-14 10:51 - 2018-03-22 13:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-14 10:51 - 2018-03-22 13:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-14 10:51 - 2018-03-22 13:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-14 10:51 - 2018-03-22 13:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-14 10:51 - 2018-03-22 13:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-14 10:51 - 2018-03-22 13:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-14 10:51 - 2018-03-22 13:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-14 10:51 - 2018-03-22 13:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-14 10:51 - 2018-03-22 12:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-14 10:51 - 2018-03-22 12:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-14 10:51 - 2018-03-22 12:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-14 10:51 - 2018-03-22 12:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-14 10:51 - 2018-03-10 10:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-14 10:51 - 2018-03-09 11:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-14 10:51 - 2018-03-09 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-14 10:51 - 2018-03-09 11:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-14 10:51 - 2018-03-09 11:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-14 10:51 - 2018-03-09 10:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-14 10:51 - 2018-03-06 11:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-14 10:51 - 2018-03-06 11:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-14 10:51 - 2018-03-06 11:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-14 10:51 - 2018-03-06 11:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-14 10:51 - 2018-03-06 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-14 10:51 - 2018-03-06 11:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-12 07:53 - 2018-03-14 10:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-12 07:53 - 2018-03-14 10:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-12 07:53 - 2018-03-14 06:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-12 07:39 - 2018-04-12 07:39 - 000000000 ____D C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-31 13:39 - 2018-03-31 13:40 - 293312529 _____ C:\Users\roe\Downloads\CutYourCravings.com.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 19:07 - 2014-09-11 17:52 - 000000000 ____D C:\FRST
2018-04-16 19:04 - 2015-06-17 18:23 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA.job
2018-04-16 18:48 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-16 18:48 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-16 17:24 - 2009-07-13 22:13 - 000801124 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 17:24 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-04-16 16:20 - 2012-03-25 19:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-16 15:52 - 2014-09-11 05:19 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-04-16 15:52 - 2013-01-20 12:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-16 11:45 - 2012-01-26 15:06 - 000000376 _____ C:\Windows\ODBC.INI
2018-04-16 11:17 - 2015-03-04 18:24 - 000000000 ____D C:\ProgramData\VMware
2018-04-16 11:16 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-15 23:15 - 2017-05-12 16:42 - 000000000 ____D C:\Users\roe\AppData\Roaming\Yahoo Messenger
2018-04-15 13:37 - 2016-11-18 08:36 - 000000000 ____D C:\Users\roe\AppData\LocalLow\Mozilla
2018-04-15 11:53 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2018-04-15 11:07 - 2012-01-06 09:00 - 000000000 ____D C:\ProgramData\Sonic
2018-04-15 11:04 - 2009-07-13 21:45 - 000424464 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-15 11:00 - 2018-02-15 09:31 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-14 21:55 - 2013-08-14 21:11 - 000000000 ____D C:\Windows\system32\MRT
2018-04-14 21:45 - 2017-10-11 19:47 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-14 21:45 - 2012-01-30 13:26 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-13 08:04 - 2015-06-17 18:23 - 000000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core.job
2018-04-12 07:39 - 2014-10-29 09:12 - 000000000 ____D C:\Users\roe\AppData\Roaming\Dropbox
2018-04-10 16:44 - 2018-03-14 08:50 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 16:44 - 2012-07-30 09:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 16:44 - 2012-07-10 21:55 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 16:44 - 2012-01-26 14:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 16:44 - 2012-01-26 14:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 16:44 - 2012-01-26 14:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-09 07:54 - 2016-11-30 21:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-09 07:54 - 2014-06-09 18:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-08 18:13 - 2017-10-25 17:50 - 000000979 _____ C:\Users\roe\Desktop\PotPlayer 64 bit.lnk
2018-03-31 13:09 - 2013-02-19 10:33 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-28 11:38 - 2015-06-17 18:23 - 000000000 ____D C:\Users\roe\AppData\Local\Dropbox
2018-03-23 20:38 - 2018-02-03 20:28 - 000000000 ____D C:\Users\roe\AppData\Local\JDownloader v2.0
2018-03-23 14:25 - 2012-03-11 19:24 - 000002421 _____ C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 14:25 - 2012-03-11 19:24 - 000002384 _____ C:\Users\roe\Desktop\Google Chrome.lnk
2018-03-20 16:57 - 2016-05-15 21:09 - 000002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-20 16:57 - 2016-05-15 21:09 - 000002108 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-02-12 15:55 - 2012-02-12 15:55 - 038808920 _____ (Microsoft Corporation) C:\Users\roe\FileFormatConverters.exe
2018-04-16 17:15 - 2018-04-16 17:15 - 000000703 _____ () C:\Program Files (x86)\LMIR0002.tmp.bat
2018-04-16 17:15 - 2018-04-16 17:15 - 000000512 _____ () C:\Program Files (x86)\LMIR0002.tmp_r.bat

Some files in TEMP:
====================
2018-02-03 20:24 - 2018-02-03 20:24 - 001411636 _____ (Tulofeh                                                     ) C:\Users\roe\AppData\Local\Temp\13162188278645998187.exe
2017-09-19 16:55 - 2017-09-19 16:55 - 000290304 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2016-10-29 10:50 - 2016-10-29 10:50 - 000737856 _____ (Oracle Corporation) C:\Users\roe\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-06-30 12:52 - 2016-06-30 12:52 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\roe\AppData\Local\Temp\libeay32.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000970912 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\msvcr120.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 _____ () C:\Users\roe\AppData\Local\Temp\proxy_vole3374764832993152694.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 ____N () C:\Users\roe\AppData\Local\Temp\proxy_vole7998529427446338251.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000772672 _____ () C:\Users\roe\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-08 10:49

==================== End of FRST.txt ============================
 
Here is the addition file:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by roe (16-04-2018 19:26:24)
Running from \\NAS1\media\Applications\Backup material for Dell 4-16-2018
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-26 20:50:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1927623987-4140155028-186429215-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1927623987-4140155028-186429215-1006 - Limited - Enabled)
Guest (S-1-5-21-1927623987-4140155028-186429215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1927623987-4140155028-186429215-1004 - Limited - Enabled)
roe (S-1-5-21-1927623987-4140155028-186429215-1003 - Administrator - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active@ File Recovery 10 (HKLM-x32\...\{3CC0667D-93D8-40F9-8614-1A02C20411BE}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.5.2.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{7A073C16-B3B5-4913-8457-262B6E17947A}) (Version: 2.5.0 - Kovid Goyal)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
ConverterLite 1.6.3 (HKLM-x32\...\ConverterLite) (Version: 1.6.3 - ConverterLite)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Download Manager (HKLM-x32\...\Download Manager) (Version:  - WiseDownloads)
Dropbox (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
DVDFab 8.2.2.6 (25/12/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Google Chrome SxS) (Version: 67.0.3364.1 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Google Chrome SxS) (Version: 67.0.3364.1 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
iExplorer (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malware Hunter Suite version 4.26.12.4815 (HKLM-x32\...\Malware Hunter Suite_is1) (Version: 4.26.12.4815 - Malware Hunter Suite)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{6E586250-4F69-44AC-8502-153592B01033}) (Version: 8.3.59 - Nero AG)
Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.10667 - Kakao Corp.)
PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8557 - Kakao Corp.)
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.1.24 - Intuit)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
Seagate Manager Installer (HKLM-x32\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SuperBird version 33.0.1750.12 (HKLM-x32\...\{057C6E61-96A1-4502-B00D-E52A5F7E50E9}_is1) (Version: 33.0.1750.12 - )
SupportSoft Agent Controls (HKLM-x32\...\{D0BC2DE7-CA1D-41DA-B096-68695B4AC5C3}) (Version: 1.02.0006 - SupportSoft)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.6.64.0 - 2BrightSparks)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.8 - Tweaking.com)
VdhCoApp 1.0.10 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 11.1.0 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.0 - VMware, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.10 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)
WinSCP 3.6.7 (HKLM-x32\...\winscp3_is1) (Version: 3.6.7 - Martin Prikryl)
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
Yahoo Messenger (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Yahoo Messenger (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
YTD Toolbar v7.0 (HKLM-x32\...\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}) (Version: 7.0 - Spigot, Inc.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-02-28] (Nero AG)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers1-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2015-02-06] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2015-02-06] (VMware, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers4-x32: [DiskInternals_Uneraser] -> {0AF221E8-29B6-46EB-B420-DC696F042596} => C:\Program Files (x86)\DiskInternals\Uneraser\contmenu.dll [2005-01-15] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-31] (Intel Corporation)
ContextMenuHandlers6: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094959DC-7CD9-4A1C-8B35-4E260D1E22DC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {283BD316-94ED-4DFE-9070-9B29225823E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {29F6B296-E806-4B90-B3CB-63165044C58E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3F6C81A2-8DB0-46A6-9BD6-A4D5D90EABA1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {42020D79-F83E-4349-BA15-5BA0CDD68114} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {75D1F6B4-2CF0-4C70-AB19-09779510C909} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {82C4D4E4-FE1D-40E6-AD64-0D2A21DC912B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A3726D9B-857C-4A7F-AE40-29E83C00B862} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA => C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C25A2164-942F-4F56-8A90-1046C809F03A} - System32\Tasks\{DEBEF7ED-D1E4-4012-B8A4-F292FAA13F50} => C:\Windows\system32\pcalua.exe -a C:\Users\roe\Downloads\mx860swin64102ea24.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CCFC23FA-5A02-4906-AF0A-BF4926D798E1} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe
Task: {D305AEAA-8A84-4B67-85F3-372CDA191CCD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {EF9D38BE-C4D2-433D-A088-764E8D4BE53A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-01] (AVAST Software)
Task: {F89BB78F-7C4D-418C-91CE-AF45EED0E9D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core => C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FA21289F-2D33-48CE-A77E-648428408D0B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core.job => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA.job => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-16 16:08 - 2017-03-16 16:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 012730048 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2012-01-06 10:23 - 2011-01-27 06:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-04-16 15:52 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-16 15:52 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 000098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-09 20:20 - 2011-10-20 12:47 - 000193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-02-06 19:40 - 2015-02-06 19:40 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 000191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 000388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 000194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:9E00596C [376]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-02-14 18:50 - 000002688 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1927623987-4140155028-186429215-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539263\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155601103\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\Control Panel\Desktop\\Wallpaper -> C:\Users\roe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\Control Panel\Desktop\\Wallpaper -> C:\Users\roe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightShot => C:\Users\roe\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02DB270C-5AF2-4BF9-B4F0-404FD13DD03A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{B30759AA-65ED-4FBE-9498-097EA4886014}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{9D8A85E1-9EF9-422C-ADCD-C92D4FECD11D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{90C08369-A3AE-4A46-BCEE-E35B6F2EE440}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F37995A6-9BF9-43F4-B756-456566E30407}] => (Allow) svchost.exe
FirewallRules: [{FE5FD8FE-B3D9-4B77-9CF2-1766E6264195}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A9657E08-4FA3-4B37-9D57-056DF014BD47}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{38E8CFD8-06BA-477A-9E1F-D9230328E1D8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{992FBC1F-6228-4F45-BE31-11050D0D6164}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A6CB0659-71D6-42F0-9000-B4A826D201D8}] => (Allow) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{23EB1640-6664-4E9E-BA0F-FCF1938B8BD2}] => (Allow) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{755F1A47-52F2-465F-ABDB-1A0197B7BE6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D02871FE-A561-4783-BD04-4B3A9FA142C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{95F33A3C-A7D8-440C-888D-F56BF04402B0}C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9AF2E337-7473-4E53-A021-8F219E2C9B3F}C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{344E5DF7-4C11-46B7-926D-6CCD1F87E539}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1FF7FCC5-B101-43DD-A950-B88D518678DD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{5A2C344F-1CB1-4252-854A-76A3257EA9AC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C981B44F-5458-4C25-9F62-90AAAB85F409}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{C422658C-82B7-4E7E-8B13-029646DC5D81}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{32AF91DB-6F80-41B6-A5AD-B9977A1F9E7A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A5240355-2638-4D00-BF61-4904418BB0B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A62DF2E-90B3-4123-8D69-DCF71E8CFE5E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FEA8979-780D-4CA2-9D3B-3DAADCB8822C}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{DA7DD000-CD19-47BD-AEC5-49873BB35869}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{E5073A2F-89B6-429F-BB7D-BEAB59A3A8C0}\\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe] => (Allow) \\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe
FirewallRules: [UDP Query User{062C3D4A-5A87-41D7-9D07-AFF4DC6B6BD2}\\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe] => (Allow) \\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe
FirewallRules: [TCP Query User{678F1852-101F-4A95-BF22-88F8E444E364}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{E3A941B8-2B5F-4A86-BA49-3A9C7F78DA56}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{E8B96D11-C117-45AC-AB1D-28F1FB18DF28}] => (Allow) C:\Users\roe\AppData\Local\Google\Chrome SxS\Application\chrome.exe
FirewallRules: [{C7D8CDBF-3494-4A37-9745-0F75BF92E796}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F766A6CE-9124-4C55-85FB-1C2E23EC0BC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA79DF5B-2686-4AEB-AD9D-6F36E6BC84AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{298239FD-9806-4630-B292-BE30A63E58EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{287DB61D-E062-4A64-AA3E-D402438CEB09}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DFC1E867-CDD5-4AA6-9FC3-1855EF21CBD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F2953CA2-769D-478B-9F6B-F15741745C42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{505A0864-252F-4B20-A843-EC1AF5824D79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{28818685-50AA-4BA9-970B-23174BF01C6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2ED194ED-D25E-4F01-9A4B-63679F53CD7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

12-04-2018 20:09:13 Windows Update
14-04-2018 21:39:53 Windows Update

==================== Faulty Device Manager Devices =============

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2018 06:30:06 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{6f617495-388c-11e1-8b93-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/16/2018 06:29:46 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).

Error: (04/16/2018 06:28:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9366ec5a-0ad9-4cb9-af49-ce081dc11f08}

Error: (04/16/2018 06:23:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9366ec5a-0ad9-4cb9-af49-ce081dc11f08}

Error: (04/16/2018 06:19:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9366ec5a-0ad9-4cb9-af49-ce081dc11f08}

Error: (04/16/2018 06:04:32 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).

Error: (04/16/2018 05:54:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {328ebb11-2f6b-4df2-859e-4bdfb9d1db77}

Error: (04/16/2018 11:30:32 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.


System errors:
=============
Error: (04/16/2018 06:30:06 PM) (Source: volsnap) (EventID: 8) (User: )
Description: The flush and hold writes operation on volume C: timed out while waiting for a release writes command.

Error: (04/15/2018 11:16:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/14/2018 09:55:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/13/2018 09:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/12/2018 08:10:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/10/2018 08:46:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/10/2018 08:46:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (04/09/2018 08:53:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 6056.63 MB
Available physical RAM: 3002.13 MB
Total Virtual: 12111.43 MB
Available Virtual: 9202.46 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:585.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.11 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 81BD192C)
Partition 1: (Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Any help would be appreciated!  Thank you!

Edited by Platypus, 17 April 2018 - 12:33 AM.
Deleted duplicates


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users