Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads keeps getting blocked when launching chrome


  • This topic is locked This topic is locked
2 replies to this topic

#1 ninjamushroom

ninjamushroom

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 12 June 2018 - 08:56 AM

Hi all,

 

I noticed every time i opened up chrome, Malwarebytes is blocking some ad website.

Can i check how can i permanently remove this?.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by don (administrator) on DON-PC (12-06-2018 21:58:02)
Running from C:\Users\don\Downloads
Loaded Profiles: don (Available Profiles: don)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
() C:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Program Files (x86)\Chart Installer\NavService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(BitTorrent Inc.) C:\Users\don\AppData\Roaming\uTorrent\uTorrent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(BitTorrent Inc.) C:\Users\don\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\don\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mdm.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Innovative Digital Technologies) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Innovative Digital Technologies) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\don\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393200 2017-10-20] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-01-30] (ABBYY Production LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3829328 2014-04-04] (Tonec Inc.)
HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2783232 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15780840 2017-10-05] (Plex, Inc.)
Startup: C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NavService.lnk [2016-03-02]
ShortcutTarget: NavService.lnk -> C:\Program Files (x86)\Chart Installer\NavService.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1557ff4a-993a-4bc1-b38c-c059be31b8bd}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{a85951cd-32c4-4666-8dac-bb74bdfdb0fc}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-776239502-268334968-1693538412-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-sg/?ocid=iehp
SearchScopes: HKU\S-1-5-21-776239502-268334968-1693538412-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-04-02] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-12-02] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-12-02] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-04-02] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\don\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\don\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\don\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\don\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\don\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\don\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\Users\don\AppData\Local\Temp\f5tmp\f5syschk.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\don\AppData\Roaming\Mozilla\Firefox\Profiles\hxm7peqb.default-1493279174688 [2018-06-12]
FF Homepage: Mozilla\Firefox\Profiles\hxm7peqb.default-1493279174688 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\hxm7peqb.default-1493279174688 -> about:newtab
FF Extension: (Selenium IDE) - C:\Users\don\AppData\Roaming\Mozilla\Firefox\Profiles\hxm7peqb.default-1493279174688\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2017-12-02] [Legacy]
FF HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\don\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\don\AppData\Roaming\IDM\idmmzcc5 [2014-04-06] [Legacy] [not signed]
FF HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\don\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\don\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-02-01] [Legacy]
FF HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\don\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-12-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-12-02] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components\npIPcamCloud.dll [2015-12-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2016-12-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-776239502-268334968-1693538412-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\don\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.ask.com/?l=dis&o=101702cr
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\don\AppData\Local\Google\Chrome\User Data\Default [2018-06-12]
CHR Extension: (Docs) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-06-11]
CHR Extension: (IDM Integration Module) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-02-27]
CHR Extension: (Ace Script) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-25]
CHR HKU\S-1-5-21-776239502-268334968-1693538412-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-04-03]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 FosIPCameraPluginService; C:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe [190352 2018-03-29] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-22] (Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2091496 2017-10-05] (Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2016-12-08] (F5 Networks, Inc.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2014-09-12] (Sony Mobile Communications)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-31] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-06-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-06-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-06-12] (Malwarebytes)
R3 urvpndrv; C:\WINDOWS\System32\drivers\covpnv64.sys [45776 2016-12-08] (F5 Networks, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-12 21:56 - 2018-06-12 21:56 - 002413056 _____ (Farbar) C:\Users\don\Downloads\FRST64 (1).exe
2018-06-12 19:07 - 2018-06-12 19:07 - 000000000 ____D C:\Users\don\AppData\LocalLow\uTorrent
2018-06-09 17:51 - 2018-06-09 17:51 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-03 18:46 - 2018-06-08 09:13 - 000000000 ____D C:\Users\don\Downloads\Tomb.Raider.2018.720p.BluRay.H264.AAC-RARBG
2018-06-03 18:45 - 2018-06-03 18:45 - 000029732 _____ C:\Users\don\Downloads\Tomb.Raider.2018.720p.BluRay.H264.AAC-RARBG-[rarbg.to].torrent
2018-06-02 09:56 - 2018-06-02 09:56 - 000006656 _____ C:\Users\don\Downloads\CC_TXN_History_02062018095735.xls
2018-06-02 09:54 - 2018-06-02 09:54 - 000009728 _____ C:\Users\don\Downloads\CC_TXN_History_02062018095449.xls
2018-06-02 09:52 - 2018-06-02 09:52 - 000001471 _____ C:\Users\don\Downloads\TransactionHistory_20180602095304.csv
2018-05-29 09:01 - 2018-05-29 09:01 - 014499461 _____ C:\Users\don\Downloads\FI9821P V3 (1).zip
2018-05-24 22:41 - 2018-05-24 22:42 - 014499461 _____ C:\Users\don\Desktop\FI9821P V3_3.zip
2018-05-24 22:40 - 2018-05-24 22:40 - 014499461 _____ C:\Users\don\Downloads\FI9821P V3.zip
2018-05-24 22:37 - 2018-05-24 22:37 - 034273197 _____ C:\Users\don\Downloads\FI9831P V2.zip
2018-05-24 22:36 - 2018-05-24 22:36 - 000586236 _____ C:\Users\don\Downloads\FI9831P V2 Patch.zip
2018-05-24 22:27 - 2018-05-24 22:27 - 009062641 _____ C:\Users\don\Downloads\FI9821P.zip
2018-05-23 21:35 - 2018-05-23 21:35 - 070494633 _____ C:\Users\don\Downloads\IMG_7961.MOV
2018-05-19 15:37 - 2018-05-19 15:37 - 000000000 ____D C:\Users\don\AppData\Roaming\NaclFosSdkLog
2018-05-19 15:32 - 2018-05-19 15:32 - 001456867 _____ C:\Users\don\Downloads\SearchTool v1.0.0.7.zip
2018-05-19 15:32 - 2018-01-05 15:18 - 003079680 _____ C:\Users\don\Desktop\IPCamera.exe
2018-05-19 08:21 - 2018-05-19 08:21 - 000442679 _____ C:\Users\don\Downloads\Zoo & River Safari Dual-park Pass.pdf
2018-05-14 16:23 - 2018-05-14 16:23 - 000001417 _____ C:\Users\don\Desktop\Microsoft Edge.lnk
2018-05-14 16:23 - 2018-05-14 16:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-14 16:20 - 2018-05-14 16:20 - 000000020 ___SH C:\Users\don\ntuser.ini
2018-05-14 16:19 - 2018-06-12 21:45 - 000004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F0ED4BB-DDB3-4C10-8749-5ACA6F31BFA9}
2018-05-14 16:19 - 2018-06-12 20:00 - 000005182 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DON-PC-don DON-PC
2018-05-14 16:19 - 2018-06-12 19:13 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2018-05-14 16:19 - 2018-06-09 17:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-14 16:19 - 2018-05-19 15:29 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-14 16:19 - 2018-05-19 15:29 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-14 16:19 - 2018-05-14 16:20 - 000002936 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-776239502-268334968-1693538412-1001
2018-05-14 16:19 - 2018-05-14 16:19 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-776239502-268334968-1693538412-1001
2018-05-14 16:19 - 2018-05-14 16:19 - 000002762 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DON-PC-don
2018-05-14 16:19 - 2018-05-14 16:19 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-14 16:19 - 2018-05-14 16:19 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-05-14 16:19 - 2018-05-14 16:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-05-14 16:18 - 2018-05-14 16:19 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-14 16:18 - 2018-05-14 16:19 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-14 16:10 - 2018-06-09 18:21 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-14 16:01 - 2018-05-14 16:01 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-14 15:58 - 2018-05-14 16:20 - 000000000 ____D C:\Users\don
2018-05-14 15:58 - 2018-05-14 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-05-14 15:58 - 2018-04-12 07:34 - 000001105 _____ C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-14 15:58 - 2016-10-03 20:36 - 000000000 ____D C:\Users\don\AppData\Roaming\ATI
2018-05-14 15:58 - 2016-10-03 20:36 - 000000000 ____D C:\Users\don\AppData\Local\ATI
2018-05-14 15:57 - 2018-05-14 15:57 - 000000000 ____D C:\ProgramData\USOShared
2018-05-14 15:56 - 2018-04-12 07:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-14 15:53 - 2018-06-12 21:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-14 15:53 - 2018-05-14 16:04 - 005052912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-13 19:27 - 2018-06-12 20:40 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-13 19:27 - 2018-06-09 17:51 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-13 19:27 - 2018-06-09 17:51 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-13 19:27 - 2018-03-31 09:10 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-13 19:27 - 2018-01-18 08:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-13 19:24 - 2018-05-15 07:52 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-13 19:20 - 2018-05-13 19:24 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-13 19:13 - 2018-05-13 19:13 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-13 19:13 - 2018-05-13 19:13 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-13 19:12 - 2018-05-13 19:12 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-13 19:12 - 2018-05-13 19:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-13 19:11 - 2018-05-13 19:12 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-13 19:11 - 2018-05-13 19:11 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-13 19:11 - 2018-05-13 19:11 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-13 19:11 - 2018-05-13 19:11 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-13 19:11 - 2018-05-13 19:11 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-13 19:11 - 2018-05-13 19:11 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-13 19:11 - 2018-05-13 19:11 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-13 18:54 - 2018-05-13 18:54 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-13 18:54 - 2018-05-13 18:54 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-13 18:54 - 2018-05-13 18:54 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-13 18:54 - 2018-05-13 18:54 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-13 18:54 - 2018-05-13 18:54 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-13 18:54 - 2018-05-13 18:54 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-13 18:54 - 2018-05-13 18:54 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-13 18:54 - 2018-05-13 18:54 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-13 18:34 - 2018-05-13 18:34 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-13 17:22 - 2018-05-14 16:21 - 000000000 ___DC C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-12 21:59 - 2017-04-25 21:45 - 000024884 _____ C:\Users\don\Downloads\FRST.txt
2018-06-12 21:58 - 2017-04-25 21:44 - 000000000 ____D C:\FRST
2018-06-12 21:58 - 2014-07-17 19:48 - 000000000 ____D C:\Users\don\AppData\Roaming\uTorrent
2018-06-12 21:42 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-12 19:09 - 2014-04-08 20:17 - 000000000 ____D C:\Users\don\AppData\Local\Adobe
2018-06-12 19:08 - 2017-04-30 09:31 - 000000000 ____D C:\Users\don\AppData\Roaming\.ACEStream
2018-06-12 19:05 - 2017-09-11 16:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-12 19:05 - 2015-08-17 20:40 - 000000000 __SHD C:\Users\don\IntelGraphicsProfiles
2018-06-11 07:44 - 2014-04-06 18:02 - 000000000 ____D C:\Users\don\AppData\Roaming\DMCache
2018-06-10 07:18 - 2018-04-12 07:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-09 17:51 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-09 17:49 - 2018-04-12 05:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-09 17:49 - 2017-09-11 16:01 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-06-09 14:11 - 2018-04-12 07:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-09 14:09 - 2018-04-12 07:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-08 09:13 - 2018-04-30 10:34 - 000000000 ____D C:\Users\don\Downloads\Bleeding.Steel.2017.1080p.WEB-DL.DD5.1.H264-FGT
2018-06-08 09:13 - 2018-04-13 07:27 - 000000000 ____D C:\Users\don\Downloads\Maze.Runner.The.Death.Cure.2018.720p.BluRay.H264.AAC-RARBG
2018-06-08 09:13 - 2018-03-09 20:47 - 000000000 ____D C:\Users\don\Downloads\Downsizing.2017.720p.BluRay.H264.AAC-RARBG
2018-06-08 09:13 - 2018-03-09 20:46 - 000000000 ____D C:\Users\don\Downloads\Jumanji.Welcome.to.the.Jungle.2017.720p.BluRay.H264.AAC-RARBG
2018-06-08 09:13 - 2018-03-01 19:24 - 000000000 ____D C:\Users\don\Downloads\Thor.Ragnarok.2017.720p.BluRay.H264.AAC-RARBG
2018-06-08 09:13 - 2018-02-14 20:30 - 000000000 ____D C:\Users\don\Downloads\Justice.League.2017.720p.WEBRip.XviD.MP3-bleepBOX
2018-06-06 07:29 - 2018-04-12 07:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-06 07:29 - 2018-04-12 07:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-02 09:57 - 2018-02-03 12:57 - 000000000 ____D C:\Users\don\AppData\Local\Packages
2018-05-31 19:29 - 2018-02-03 13:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-29 09:00 - 2016-02-06 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPCWebComponents
2018-05-29 09:00 - 2016-02-06 16:35 - 000000000 ____D C:\Program Files (x86)\IPCWebComponents
2018-05-25 21:52 - 2014-04-12 20:34 - 000000000 ____D C:\Users\don\AppData\Roaming\vlc
2018-05-25 17:00 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-05-24 22:42 - 2014-04-06 18:02 - 000000000 ____D C:\Users\don\Downloads\Compressed
2018-05-18 15:38 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-18 15:32 - 2014-04-06 15:31 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-18 15:32 - 2014-04-06 15:31 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-15 07:52 - 2018-04-12 07:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\InputMethod
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-15 07:52 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-15 07:52 - 2018-03-31 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-15 07:52 - 2017-12-02 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-05-15 07:52 - 2017-11-03 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2018-05-15 07:52 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-15 07:52 - 2017-09-11 16:00 - 000000000 ____D C:\Program Files\Intel
2018-05-15 07:52 - 2017-06-16 20:52 - 000000000 ____D C:\Program Files\UNP
2018-05-15 07:52 - 2017-04-13 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-15 07:52 - 2016-12-08 21:19 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2018-05-15 07:52 - 2016-04-27 14:21 - 000000000 ____D C:\WINDOWS\ShellNew
2018-05-15 07:52 - 2016-03-02 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chart Installer
2018-05-15 07:52 - 2016-02-06 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foscam Web Components
2018-05-15 07:52 - 2015-12-11 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-15 07:52 - 2015-12-11 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2018-05-15 07:52 - 2015-11-07 07:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-05-15 07:52 - 2015-05-07 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2018-05-15 07:52 - 2014-11-26 19:13 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-05-15 07:52 - 2014-10-17 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSBabel
2018-05-15 07:52 - 2014-10-17 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS Utility
2018-05-15 07:52 - 2014-09-23 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-05-15 07:52 - 2014-08-13 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-15 07:52 - 2014-06-12 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2018-05-15 07:52 - 2014-05-30 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-05-15 07:52 - 2014-05-01 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2018-05-15 07:52 - 2014-04-18 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2018-05-15 07:52 - 2014-04-15 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2018-05-15 07:52 - 2014-04-12 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-15 07:52 - 2014-04-08 20:30 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-05-15 07:52 - 2014-04-06 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-05-15 07:52 - 2014-04-06 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-15 07:52 - 2014-04-06 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-15 07:52 - 2014-04-06 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-05-15 07:52 - 2013-08-22 23:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-05-15 07:52 - 2013-08-22 23:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-05-15 07:51 - 2018-04-12 07:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-14 18:07 - 2016-10-05 20:15 - 000000000 ____D C:\Users\don\AppData\Local\ConnectedDevicesPlatform
2018-05-14 16:21 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-14 16:21 - 2017-10-23 21:50 - 000000000 ___RD C:\Users\don\3D Objects
2018-05-14 16:21 - 2016-04-27 14:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-14 16:20 - 2018-04-12 05:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-14 16:19 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-14 16:18 - 2017-12-02 08:15 - 000000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2018-05-14 16:11 - 2018-04-12 07:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-14 16:10 - 2015-08-17 20:28 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-14 16:03 - 2017-04-30 09:29 - 000000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2018-05-14 16:03 - 2014-09-27 21:35 - 000000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamTorrent 1.0
2018-05-14 16:03 - 2014-06-15 18:56 - 000000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MkvConvert
2018-05-14 16:03 - 2014-04-06 18:02 - 000000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-14 16:03 - 2014-04-06 18:01 - 000000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-14 16:03 - 2014-04-06 17:06 - 000000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2018-05-14 15:58 - 2017-09-11 16:01 - 000000000 ____D C:\Program Files\AMD
2018-05-14 15:57 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-14 15:57 - 2014-04-06 17:03 - 000000000 ____D C:\AMD
2018-05-14 15:56 - 2017-09-11 16:01 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-14 15:56 - 2017-09-11 16:00 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-13 19:33 - 2018-04-12 07:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-13 19:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-13 19:24 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\OCR
2018-05-13 19:24 - 2018-02-03 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2018-05-13 19:24 - 2017-09-11 16:01 - 000000000 ____D C:\Program Files\Realtek
2018-05-13 19:24 - 2017-09-11 16:01 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-05-13 19:24 - 2014-11-24 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2018-05-13 19:15 - 2018-04-12 17:37 - 000000000 ____D C:\WINDOWS\Containers
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-13 19:15 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-13 19:15 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-13 18:54 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-13 18:54 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
 
==================== Files in the root of some directories =======
 
2015-06-14 17:39 - 2015-06-14 17:39 - 000000874 _____ () C:\Users\don\AppData\Local\recently-used.xbel
2015-04-07 22:04 - 2015-04-07 22:04 - 000007606 _____ () C:\Users\don\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-14 15:53
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by don (12-06-2018 21:59:40)
Running from C:\Users\don\Downloads
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-14 08:20:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-776239502-268334968-1693538412-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-776239502-268334968-1693538412-503 - Limited - Disabled)
don (S-1-5-21-776239502-268334968-1693538412-1001 - Administrator - Enabled) => C:\Users\don
Guest (S-1-5-21-776239502-268334968-1693538412-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-776239502-268334968-1693538412-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-776239502-268334968-1693538412-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Ace Stream Media 3.1.16.1 (HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\AceStream) (Version: 3.1.16.1 - Ace Stream Media) <==== ATTENTION
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{8F3C9854-8EB9-3D28-4AD7-E3ADD800C7E3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
Any Video Converter 6.2.1 (HKLM-x32\...\Any Video Converter) (Version: 6.2.1 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.8.0 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2016.1208.2234 - F5 Networks, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7860DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Chart Installer (HKLM-x32\...\Chart Installer 1.0.0.103) (Version: 1.0.0.103 - Navionics)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foscam Web Components 2.1.2.4065 (HKLM-x32\...\{97FD518A-EA1F-4B44-B7D7-890164D6B22E}_is1) (Version: 2.1.2.4065 - FOSCAM)
Foxit PhantomPDF Business (HKLM-x32\...\{9652BE97-2650-4491-8336-79FBFB002287}) (Version: 6.1.2.1227 - Foxit Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPSBabel 1.5.1 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
GPSU version 5.20 (HKLM-x32\...\GPS Utility_is1) (Version:  - )
iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IPCWebComponents 5.1.0.7 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 5.1.0.7 - FOSCAM)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MkvConvert (HKLM-x32\...\AF48FE06-FF11-4EBA-BC93-58E6DA5FB3A3) (Version: 3.4 - Jb2kred Solutions)
MKVToolNix 8.0.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 8.0.0 - Moritz Bunkus)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PhoneTrans 3.9.0 (HKLM-x32\...\{F0B50B3A-0C1F-43D8-BE90-70241B473114}}_is1) (Version: 3.9.0 - iMobie Inc.)
Plex Media Server (HKLM-x32\...\{56A684B4-7DF7-46A2-A28D-20FBC13C3FEB}) (Version: 1.9.4325 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{90e1b3d6-298c-4b85-907e-d78697e00393}) (Version: 1.9.4.4325 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{e9921c42-812d-4b39-9c02-612724349e82}) (Version: 0.9.907 - Plex, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com)
Stopping Plex (HKLM-x32\...\{44BBE2BA-A279-42A1-BD53-58C962E71F88}) (Version: 1.9.4325 - Plex, Inc.) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Update for CHS Microsoft IME HAP Dictionary (HKLM\...\{50822466-5571-4B7A-B3FC-A58760DDAEE9}) (Version: 16.0.1560.1 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-03-28] (Tonec Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2013-12-10] (Foxit Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-04-05] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-04-05] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-04-05] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-04-05] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {129E173F-EC49-4DDA-9155-FC5F2E6905F7} - System32\Tasks\AdobeAAMUpdater-1.0-DON-PC-don => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {16B69F61-3DE5-41AA-BEE1-2056B20FA1AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {1C32BA55-7096-4BDB-8753-3DB9AB4D9346} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6DE8F671-2994-4F4A-A1A3-B02F4D137B31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {71D5FAE1-5B4B-43BB-A07C-6A03D430E543} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {848B82D4-9DE4-440D-BE78-B09635913B55} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {86757409-0865-44BC-AE2D-EB4CE97C90D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A4407388-4A40-41F2-BE34-DB9FC62E02CC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DON-PC-don DON-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {A8354D78-637A-453B-9C1A-F40D5265B421} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AB87ECB5-5B7C-40E8-876E-DA688ED48C6B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {AC623B66-E5C4-4490-AFE2-AD9F9C57BCE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {BDB7523F-9357-4B63-AA87-20732B6A2B7C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {C017234A-3E7D-4892-B305-5A40D70591D8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DC7EA1CD-912D-4C19-A83F-18931E628436} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E6BAD595-FB33-4AD4-8853-C8B120E677C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {E9943C3C-A0F6-473D-B373-21B12D48744D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-10-20] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 07:34 - 2018-04-12 07:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-03-31 09:09 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-31 09:09 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-06-12 21:17 - 2005-04-22 12:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-29 09:00 - 2018-03-29 21:38 - 000190352 _____ () C:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe
2013-10-17 11:25 - 2013-10-17 11:25 - 008866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2014-05-12 17:49 - 2014-05-12 17:49 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-04-12 07:35 - 2018-04-12 17:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-22 18:46 - 2018-05-22 18:46 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-22 18:46 - 2018-05-22 18:46 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-22 18:46 - 2018-05-22 18:46 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-22 18:46 - 2018-05-22 18:46 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-06-01 18:45 - 2018-06-01 18:45 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-05-26 18:21 - 2018-05-26 18:21 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-05-26 18:21 - 2018-05-26 18:21 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-27 08:21 - 2017-09-27 08:21 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-26 18:21 - 2018-05-26 18:21 - 009358848 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntPlat.dll
2015-12-11 18:21 - 2015-07-27 21:46 - 000592384 _____ () C:\Program Files (x86)\i-Funbox DevTeam\exifext_x64.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 000306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-03-02 19:10 - 2016-02-18 20:24 - 000070904 _____ () C:\Program Files (x86)\Chart Installer\NavService.exe
2018-06-09 14:08 - 2018-06-09 14:08 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-09 14:08 - 2018-06-09 14:08 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-06 19:42 - 2017-10-06 19:43 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 20:04 - 2018-05-30 20:06 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-30 20:04 - 2018-05-30 20:08 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-04-27 22:21 - 2018-04-27 22:22 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-04-05 17:57 - 2018-04-05 17:58 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-05-30 20:04 - 2018-05-30 20:09 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-06-09 14:08 - 2018-06-09 14:08 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 20:04 - 2018-05-30 20:05 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-09 14:08 - 2018-06-09 14:08 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 20:04 - 2018-05-30 20:08 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 20:04 - 2018-05-30 20:09 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 20:04 - 2018-05-30 20:09 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-09 14:08 - 2018-06-09 14:09 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-18 15:32 - 2018-05-15 11:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-18 15:32 - 2018-05-15 11:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2015-10-16 18:02 - 2015-10-16 18:02 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-11-07 21:00 - 2018-03-29 21:39 - 000127880 _____ () C:\Program Files (x86)\IPCWebComponents\WebSocketLib.dll
2014-06-12 21:17 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-10-05 13:36 - 2017-10-05 13:36 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-10-05 13:36 - 2017-10-05 13:36 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2017-03-20 23:48 - 2017-03-20 23:48 - 000329216 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 000038400 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 000720896 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000287232 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-04-16 20:27 - 2015-04-16 20:27 - 000018944 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000093696 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_elementtree.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000152576 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2015-11-07 20:14 - 2015-11-07 20:14 - 002977792 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 000167424 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
2012-02-08 00:35 - 2012-02-08 00:35 - 000110080 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 000035840 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
2014-01-23 19:37 - 2014-01-23 19:37 - 000036352 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 000098816 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-08 00:38 - 2012-02-08 00:38 - 000358912 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 000111616 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-08 00:36 - 2012-02-08 00:36 - 000024064 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2015-04-16 20:27 - 2015-04-16 20:27 - 002386432 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2017-03-20 23:38 - 2017-03-20 23:38 - 003137536 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 000053248 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000106496 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 000040448 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000011776 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-19 05:56 - 2011-01-19 05:56 - 000334336 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-02-13 23:02 - 2011-02-13 23:02 - 000031232 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2017-03-21 00:24 - 2017-03-21 00:24 - 005573632 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000057344 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_sqlite3.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000635392 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\sqlite3.dll
2016-05-09 03:48 - 2016-05-09 03:48 - 000014848 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\netifaces.pyd
2010-10-11 06:23 - 2010-10-11 06:23 - 000723968 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 000082944 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-16 03:37 - 2011-07-16 03:37 - 000981504 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 000746496 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 000670720 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 000966144 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 000674816 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000688128 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2017-01-15 08:56 - 2017-01-15 08:56 - 000264296 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
2015-04-16 20:29 - 2015-04-16 20:29 - 000112142 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
2015-04-16 20:29 - 2015-04-16 20:29 - 000061952 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 000028672 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\_multiprocessing.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 000066048 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2016-12-30 16:18 - 2016-12-30 16:18 - 000283648 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.jsplayer.pyd
2016-09-27 23:42 - 2016-09-27 23:42 - 000350720 _____ () C:\Users\don\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pyvlc.pyd
2017-01-18 20:51 - 2017-01-18 20:51 - 000165216 _____ () C:\Users\don\AppData\Roaming\ACEStream\player\libtsplayer.dll
2017-01-18 20:51 - 2017-01-18 20:51 - 001968480 _____ () C:\Users\don\AppData\Roaming\ACEStream\player\libtsplayercore.dll
2015-10-16 18:02 - 2015-10-16 18:02 - 000039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\nhg.com.sg -> hxxps://intouch2.nhg.com.sg
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-04-08 20:23 - 2018-01-26 20:50 - 000001351 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1 keystone.mwbsys.com 
0.0.0.0 cdn.mbamupdates.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-776239502-268334968-1693538412-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8CBAB934-1E43-4B39-8710-D7E1882D4F88}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe
FirewallRules: [{5BA91D9A-EF03-4626-A323-C3C1F1986CF8}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe
FirewallRules: [UDP Query User{1D359AA9-727C-47FC-BE7A-1F42C085DC92}C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{ECAEC096-3D4F-463B-813A-30D6D2680474}C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{E7D7873E-B7D8-4A3C-A425-D6C3E9EB4F0E}] => (Allow) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{ECBE78B1-5438-453A-BC71-C72F09A6BA85}] => (Allow) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [UDP Query User{FCB769A2-D6BB-4694-B1C9-EF766A2EE439}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{3A2843E1-1C05-4BEA-BBB4-268917A9A0BC}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{5C744596-5E5D-471A-AB3E-A4122D260BB1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8950C02B-0D07-4F45-9779-02606C125528}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{A18A45E2-B1AC-46B6-8782-EF5A6F2E9110}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FFF8CA8C-216C-4991-92E4-9708343D8A9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{5EB09238-FC58-4064-BAB2-BFBBDCF252D2}E:\03_equipment search tool\for windows os\equipment search tool.exe] => (Allow) E:\03_equipment search tool\for windows os\equipment search tool.exe
FirewallRules: [TCP Query User{18E0FA64-83ED-48F8-AB67-C58098F03DA2}E:\03_equipment search tool\for windows os\equipment search tool.exe] => (Allow) E:\03_equipment search tool\for windows os\equipment search tool.exe
FirewallRules: [{B059BB7A-016D-4993-A9F6-1C502EE028A4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B6F0B3E9-2C4F-4642-95BA-89E581C84D00}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6FDAC441-4534-4B56-962A-F5C8C4159B7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19A11028-C6D6-46BD-AEA0-66B420D4B3A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B51E664A-04D2-4DCA-BCF8-E125C9B96A06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{126DE06D-733E-40C9-A09A-D6836EBC0941}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D83D1AFA-7C3F-4ED4-AEF2-5A08F7E9B752}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{714E9EC0-7A08-4C00-A6B3-6767EA00EDB9}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{74B2F6B9-9CF8-47EA-BDFB-C9F1C20A6E5F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{67EC119D-3F47-44D6-9923-82FF7D341F2E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{81F29464-5E56-416F-913C-0AE6FBAA348D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F070B7CB-BFEA-49BB-82E0-A90E8456A338}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A9500B13-D6F9-4886-9398-EEF385B5004C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4CD52275-E3DB-4D2B-8296-53F35B63F423}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F194E443-32A4-4BEE-9008-B2F3FEC85939}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D13B575E-DA20-4273-AB42-10C63E39C120}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [TCP Query User{1418C618-EC0F-4C6A-B18E-44AA98C6E287}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{984FE2BD-A373-4DC7-9738-9C931556AD61}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{AA6BB60B-1B77-407B-965D-7A1A60A5420D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{77E337CC-4B53-4C9F-9F6E-AC2CFE59018F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{677718A8-2EF9-4159-A1E4-75036F28E6DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{31B2CE89-6AC2-4DF8-AC03-8374965AEE87}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DF687184-C8EC-4E81-9EF3-17A91BBE8710}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{8D1457E6-7F8C-4979-988F-7C1D5CAB7F7E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{9F5C7215-B9A1-4EA3-985C-84376E39B708}] => (Allow) LPort=54925
FirewallRules: [{FB60C0A9-9E39-481E-9A94-1E53D69E40E6}] => (Allow) C:\Users\don\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E2FF50C-4D0A-43CF-A3F4-7D049F081782}] => (Allow) C:\Users\don\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2F66236B-845E-4B6B-853D-8A34BC4227F5}C:\users\don\downloads\programs\qvodsetup5.exe] => (Block) C:\users\don\downloads\programs\qvodsetup5.exe
FirewallRules: [UDP Query User{DA800279-F098-40DE-8D6E-BEDBDAC45EAD}C:\users\don\downloads\programs\qvodsetup5.exe] => (Block) C:\users\don\downloads\programs\qvodsetup5.exe
FirewallRules: [TCP Query User{7F364A12-A090-4E1B-B92D-E18CDB97127A}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{E75AA4CF-FF46-4CC1-A728-005330967A5E}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [{BACDF82D-BF64-41DA-ACB5-2287C3705617}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{984478C6-1B35-4E4D-B5D7-FA685C33E35C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BB0E4D7A-2DC2-4F52-A9B3-B47742C2526D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0FF76F24-B2E3-420E-8CC9-E402BE65F0BF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D44290FB-38E5-42EC-AD5B-1AF8593B7CEE}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{F52A7312-B576-490C-9883-66D84D8800B3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{FA91FFA0-DF4E-4F9D-B05C-C133A7F8CE33}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{09627670-B525-4B09-BF44-F169DBC7D88E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [TCP Query User{13CFD052-C435-4DA3-A801-F0BC9AABFA25}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{85F4C7E5-541C-4BFD-A7B6-559BC29B5FA6}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{4FF2653E-8A6A-4D66-9831-7125ABD4BD2D}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{61D157D4-04C5-4371-BDB7-B62F04C7414B}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{37895C8B-05F7-49F4-BB7F-ACD851C3F668}] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{519734A5-C5F4-4F62-AC06-A6F8C45E89B4}] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{510D743F-471E-418D-BDC0-F30F77E53316}C:\tmp\iedriverserver.exe] => (Allow) C:\tmp\iedriverserver.exe
FirewallRules: [UDP Query User{C791C43A-BD3A-4C64-B58D-B424E998CA0F}C:\tmp\iedriverserver.exe] => (Allow) C:\tmp\iedriverserver.exe
FirewallRules: [{CEF0B37A-8CC5-427B-B8C3-CBB24347B824}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{BBEC460E-AE43-41A5-9C8F-68F2DCAF202F}C:\users\don\desktop\ipcamera.exe] => (Allow) C:\users\don\desktop\ipcamera.exe
FirewallRules: [UDP Query User{EDF45DBD-ED13-4915-A618-B34219B57497}C:\users\don\desktop\ipcamera.exe] => (Allow) C:\users\don\desktop\ipcamera.exe
FirewallRules: [TCP Query User{BBC77AC7-7F6C-40E4-B71C-FB8D2948215A}C:\program files (x86)\ipcwebcomponents\ipcplg.exe] => (Allow) C:\program files (x86)\ipcwebcomponents\ipcplg.exe
FirewallRules: [UDP Query User{E231813D-DA4C-4D7F-84F0-304CBB321172}C:\program files (x86)\ipcwebcomponents\ipcplg.exe] => (Allow) C:\program files (x86)\ipcwebcomponents\ipcplg.exe
 
==================== Restore Points =========================
 
25-05-2018 17:42:29 Scheduled Checkpoint
01-06-2018 19:17:27 Scheduled Checkpoint
09-06-2018 14:08:44 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/12/2018 08:01:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 22a0
 
Start Time: 01d40242af07e688
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: ba6b9b24-5158-4f3a-8109-6291bfadd7ca
 
Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (06/12/2018 07:09:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (06/12/2018 07:09:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (06/12/2018 07:09:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (06/12/2018 07:09:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (06/12/2018 07:09:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (06/12/2018 07:09:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (06/12/2018 07:09:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
 
System errors:
=============
Error: (06/12/2018 09:50:36 PM) (Source: DCOM) (EventID: 10016) (User: DON-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DON-PC\don SID (S-1-5-21-776239502-268334968-1693538412-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/12/2018 09:43:58 PM) (Source: DCOM) (EventID: 10016) (User: DON-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DON-PC\don SID (S-1-5-21-776239502-268334968-1693538412-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/12/2018 07:07:39 PM) (Source: DCOM) (EventID: 10016) (User: DON-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DON-PC\don SID (S-1-5-21-776239502-268334968-1693538412-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/12/2018 07:06:31 PM) (Source: DCOM) (EventID: 10001) (User: DON-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca as Unavailable/Unavailable. The error:
"298"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
 
Error: (06/11/2018 07:44:18 AM) (Source: DCOM) (EventID: 10010) (User: DON-PC)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca did not register with DCOM within the required timeout.
 
Error: (06/11/2018 07:40:23 AM) (Source: DCOM) (EventID: 10016) (User: DON-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DON-PC\don SID (S-1-5-21-776239502-268334968-1693538412-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 07:39:13 AM) (Source: DCOM) (EventID: 10016) (User: DON-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DON-PC\don SID (S-1-5-21-776239502-268334968-1693538412-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 07:35:46 AM) (Source: DCOM) (EventID: 10016) (User: DON-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DON-PC\don SID (S-1-5-21-776239502-268334968-1693538412-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-06-10 18:12:27.107
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Wpakill!rfn
ID: 2147692452
Severity: High
Category: Tool
Path: containerfile:_C:\Users\don\Desktop\Windows 10 Pro Rs3 V.1709.16299.309 En-us X64 March2018 V.2 Pre-activated.rar;file:_C:\Users\don\Desktop\Windows 10 Pro Rs3 V.1709.16299.309 En-us X64 March2018 V.2 Pre-activated.rar->Windows 10 Pro RS3 v.1709.16299.309 En-us x64 March2018 V.2 Pre-Activated-=TEAM OS=-\en_win_10_pro_rs3_1709.16299.309_x64.iso->\sources\$OEM$\$$\SETUP\SCRIPTS\Re-LoaderByR@1n.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.1000.0, AS: 1.269.1000.0, NIS: 1.269.1000.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-06-10 18:12:27.094
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: containerfile:_C:\Users\don\Desktop\Windows 10 Pro Rs3 V.1709.16299.309 En-us X64 March2018 V.2 Pre-activated.rar;file:_C:\Users\don\Desktop\Windows 10 Pro Rs3 V.1709.16299.309 En-us X64 March2018 V.2 Pre-activated.rar->Windows 10 Pro RS3 v.1709.16299.309 En-us x64 March2018 V.2 Pre-Activated-=TEAM OS=-\en_win_10_pro_rs3_1709.16299.309_x64.iso->\sources\$OEM$\$1\Users\Public\Desktop\Aktivator!!!\Ra1nAct1vat0r_v10RC8_16072017.rar->Ra1nAct1vat0r_v10RC8_16072017\Activator.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.1000.0, AS: 1.269.1000.0, NIS: 1.269.1000.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-06-09 17:49:21.458
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {17B0EBFF-2B84-42D4-9FB5-779337E31E52}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-09 17:27:20.927
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5AE7EFF1-74ED-4AA5-A471-FD71AC1878CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-02 08:33:13.350
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Wpakill!rfn
ID: 2147692452
Severity: High
Category: Tool
Path: containerfile:_C:\Users\don\Desktop\Windows 10 Pro Rs3 V.1709.16299.309 En-us X64 March2018 V.2 Pre-activated.rar;file:_C:\Users\don\Desktop\Windows 10 Pro Rs3 V.1709.16299.309 En-us X64 March2018 V.2 Pre-activated.rar->Windows 10 Pro RS3 v.1709.16299.309 En-us x64 March2018 V.2 Pre-Activated-=TEAM OS=-\en_win_10_pro_rs3_1709.16299.309_x64.iso->\sources\$OEM$\$$\SETUP\SCRIPTS\Re-LoaderByR@1n.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.456.0, AS: 1.269.456.0, NIS: 1.269.456.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
CodeIntegrity:
===================================
 
Date: 2018-05-27 07:36:52.429
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-27 07:36:52.390
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-26 14:44:56.071
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-26 14:44:56.071
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-25 16:55:22.626
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-25 16:55:22.624
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-23 18:32:42.997
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-23 18:32:42.874
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 57%
Total physical RAM: 8072.66 MB
Available physical RAM: 3448.69 MB
Total Virtual: 11114.98 MB
Available Virtual: 2123.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.33 GB) (Free:118.07 GB) NTFS
Drive d: (Personal) (Fixed) (Total:1863.01 GB) (Free:400.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{5a3e01e5-bd5b-11e3-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
\\?\Volume{536d63c6-0000-0000-0000-f0aae8000000}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 536D63C6)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=861 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: FBA042B5)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


Edited by ninjamushroom, 12 June 2018 - 09:05 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:41 PM

Posted 13 June 2018 - 07:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Ace Stream Media 3.1.16.1 (HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\AceStream) (Version: 3.1.16.1 - Ace Stream Media) <==== ATTENTION
<<<>>>

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Innovative Digital Technologies) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Innovative Digital Technologies) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF HKU\S-1-5-21-776239502-268334968-1693538412-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\don\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\don\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-02-01] [Legacy]
FF Plugin HKU\S-1-5-21-776239502-268334968-1693538412-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\don\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
CHR HomePage: Default -> hxxp://www.ask.com/?l=dis&o=101702cr
CHR Extension: (Ace Script) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-09-12]
CHR HKU\S-1-5-21-776239502-268334968-1693538412-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

Task: {E9943C3C-A0F6-473D-B373-21B12D48744D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-10-20] ()
FirewallRules: [UDP Query User{1D359AA9-727C-47FC-BE7A-1F42C085DC92}C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{ECAEC096-3D4F-463B-813A-30D6D2680474}C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\don\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{E7D7873E-B7D8-4A3C-A425-D6C3E9EB4F0E}] => (Allow) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{ECBE78B1-5438-453A-BC71-C72F09A6BA85}] => (Allow) C:\Users\don\AppData\Roaming\ACEStream\engine\ace_engine.exe

C:\Windows\System32\Tasks\AutoKMS
C:\WINDOWS\AutoKMS

C:\Users\don\AppData\Roaming\ACEStream\

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

If adds are still being blocked by MBAM check this out.
Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Please post the logs and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:41 PM

Posted 19 June 2018 - 08:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users