Hello, i think that my computer has a virus. My computer seems to be running slowly and weird tabs keep popping up.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Kids (administrator) on MISTERMAGIC (30-06-2017 19:13:28)
Running from C:\Users\Kids\Contacts\Desktop
Loaded Profiles: Kids (Available Profiles: Kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
(SRecorder Company) C:\Program Files (x86)\SRecorder\SRecorder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\jmesoft\Service.exe
(© 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Twitch Interactive, Inc.) C:\Users\Kids\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [918008 2017-06-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: *.divx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <==== ATTENTION
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Google Update] => C:\Users\Kids\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [SRecorder] => C:\Program Files (x86)\SRecorder\SRecorder.exe [444616 2014-08-06] (SRecorder Company)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-07] (Valve Corporation)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Dropbox Update] => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-16] (Dropbox, Inc.)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [BingSvc] => C:\Users\Kids\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (No File)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-03-27] ()
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-15]
ShortcutTarget: Twitch.lnk -> C:\Users\Kids\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51531;https=127.0.0.1:51531
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0A66E06-343B-4876-8458-EAFC05969EE4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default [2017-06-30]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\zalxh0au.default -> Bing
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\zalxh0au.default ->
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\zalxh0au.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\zalxh0au.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\zalxh0au.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
hxxp://finance.yahoo.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\zalxh0au.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (Avira Browser Safety) - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\
[email protected] [2017-06-06]
FF Extension: (Bing Search) - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\
[email protected] [2016-09-25]
FF Extension: (Bitdefender QuickScan) - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-25]
FF SearchPlugin: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\searchplugins\bing-.xml [2016-09-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @talk.google.com/O1DPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Kids\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kids\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default [2017-06-30]
CHR Extension: (From Dust) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-07-08]
CHR Extension: (Google Docs) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-21]
CHR Extension: (Google Drive) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-17]
CHR Extension: (YouTube) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-21]
CHR Extension: (Adblock Plus) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-15]
CHR Extension: (Bing) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-26]
CHR Extension: (Google Sheets) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-21]
CHR Extension: (Google Docs Offline) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (AdBlock) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-30]
CHR Extension: (Jojo`s Fashion Show) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbbhahgmlncagolcocmpaghklceonac [2014-09-19]
CHR Extension: (SoundCloud) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2016-08-17]
CHR Extension: (Little Alchemy) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-08-17]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-30]
CHR HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-08-18] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-06-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1524216 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [182304 2015-02-01] (EasyAntiCheat Ltd)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [675272 2017-05-23] (Wacom Technology, Corp.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdefix; C:\windows\System32\DRIVERS\amdefix.sys [18456 2015-07-17] (Advanced Micro Devices)
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [149976 2017-06-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-23] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2017-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-30 19:11 - 2017-06-30 19:11 - 02440704 _____ (Farbar) C:\Users\Kids\Downloads\FRST64.exe
2017-06-29 21:48 - 2017-06-29 21:48 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-24 13:10 - 2017-06-24 13:11 - 04734784 _____ () C:\Users\Kids\Downloads\TechnicLauncher (3).exe
2017-06-24 13:03 - 2017-06-24 13:03 - 04734784 _____ () C:\Users\Kids\Downloads\TechnicLauncher (2).exe
2017-06-18 12:40 - 2017-06-18 12:40 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avdevprot.sys
2017-06-15 20:51 - 2017-06-15 20:51 - 00039806 _____ C:\Users\Kids\Downloads\Neon Genisis sheet music.pdf
2017-06-15 20:35 - 2017-06-15 20:36 - 02254921 _____ C:\Users\Kids\Downloads\Page 182.m4a
2017-06-13 19:34 - 2017-06-02 01:28 - 02317824 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 02222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-06-13 19:34 - 2017-06-02 01:11 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-06-13 19:34 - 2017-06-02 01:11 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-06-13 19:34 - 2017-06-02 01:10 - 00733696 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-06-13 19:34 - 2017-06-02 01:09 - 01549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-06-13 19:34 - 2017-06-02 01:09 - 01400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-06-13 19:34 - 2017-05-16 11:19 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-06-13 19:34 - 2017-05-16 10:35 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-06-13 19:34 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-06-13 19:34 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-06-13 19:34 - 2017-05-14 13:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-06-13 19:34 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-06-13 19:34 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-06-13 19:34 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-06-13 19:34 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-06-13 19:34 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-06-13 19:34 - 2017-05-14 11:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-06-13 19:34 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-06-13 19:34 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-06-13 19:34 - 2017-05-12 11:27 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-06-13 19:34 - 2017-05-12 11:26 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-06-13 19:34 - 2017-05-12 11:26 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2017-06-13 19:34 - 2017-05-12 11:24 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-06-13 19:34 - 2017-05-12 11:22 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-06-13 19:34 - 2017-05-12 11:22 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-06-13 19:34 - 2017-05-12 11:07 - 04001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-06-13 19:34 - 2017-05-12 11:07 - 03945704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-06-13 19:34 - 2017-05-12 11:07 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2017-06-13 19:34 - 2017-05-12 11:04 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-06-13 19:34 - 2017-05-12 11:03 - 00629760 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-06-13 19:34 - 2017-05-12 11:03 - 00313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-06-13 19:34 - 2017-05-12 10:52 - 03222528 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-06-13 19:34 - 2017-05-10 08:33 - 00091368 _____ (Microsoft Corporation) C:\windows\system32\MigAutoPlay.exe
2017-06-13 19:34 - 2017-05-10 08:29 - 14183936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-06-13 19:34 - 2017-05-10 08:29 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-06-13 19:34 - 2017-05-10 08:16 - 00091368 _____ (Microsoft Corporation) C:\windows\SysWOW64\MigAutoPlay.exe
2017-06-13 19:34 - 2017-05-10 08:14 - 02651136 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-06-13 19:34 - 2017-05-10 08:12 - 12880896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-06-13 19:34 - 2017-05-10 07:52 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-06-13 19:34 - 2017-05-09 08:30 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-06-13 19:34 - 2017-05-09 08:29 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-06-13 19:34 - 2017-05-09 08:11 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-06-13 19:34 - 2017-05-07 08:33 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2017-06-13 19:34 - 2017-04-27 15:50 - 03550208 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-06-13 19:34 - 2017-04-12 06:05 - 04296704 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-06-13 19:33 - 2017-06-02 01:10 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-06-13 19:33 - 2017-06-02 01:09 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-06-13 19:33 - 2017-06-02 00:58 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-06-13 19:33 - 2017-06-02 00:58 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 19:33 - 2017-06-02 00:57 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-06-13 19:33 - 2017-06-02 00:57 - 00009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-06-13 19:33 - 2017-05-20 21:28 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-06-13 19:33 - 2017-05-20 21:28 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-06-13 19:33 - 2017-05-20 21:24 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-06-13 19:33 - 2017-05-20 20:55 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-06-13 19:33 - 2017-05-20 20:48 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-06-13 19:33 - 2017-05-20 20:48 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-06-13 19:33 - 2017-05-20 20:48 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-06-13 19:33 - 2017-05-20 20:47 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-06-13 19:33 - 2017-05-20 20:46 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-06-13 19:33 - 2017-05-20 20:42 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-06-13 19:33 - 2017-05-14 13:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-06-13 19:33 - 2017-05-14 13:46 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-06-13 19:33 - 2017-05-14 13:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-06-13 19:33 - 2017-05-14 13:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-06-13 19:33 - 2017-05-14 13:27 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-06-13 19:33 - 2017-05-14 13:27 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-06-13 19:33 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-06-13 19:33 - 2017-05-14 13:24 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-06-13 19:33 - 2017-05-14 13:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-06-13 19:33 - 2017-05-14 13:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-06-13 19:33 - 2017-05-14 13:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-06-13 19:33 - 2017-05-14 13:10 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-06-13 19:33 - 2017-05-14 13:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-06-13 19:33 - 2017-05-14 13:10 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-06-13 19:33 - 2017-05-14 12:57 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-06-13 19:33 - 2017-05-14 12:48 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 19:33 - 2017-05-14 12:47 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-06-13 19:33 - 2017-05-14 12:46 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-06-13 19:33 - 2017-05-14 12:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-06-13 19:33 - 2017-05-14 12:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-06-13 19:33 - 2017-05-14 12:38 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-06-13 19:33 - 2017-05-14 12:37 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-06-13 19:33 - 2017-05-14 12:36 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-06-13 19:33 - 2017-05-14 12:23 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-06-13 19:33 - 2017-05-14 12:23 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-06-13 19:33 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-06-13 19:33 - 2017-05-14 12:22 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-06-13 19:33 - 2017-05-14 12:22 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-06-13 19:33 - 2017-05-14 12:21 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-06-13 19:33 - 2017-05-14 12:20 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-06-13 19:33 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-06-13 19:33 - 2017-05-14 12:18 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-06-13 19:33 - 2017-05-14 12:17 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-06-13 19:33 - 2017-05-14 12:16 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-06-13 19:33 - 2017-05-14 12:15 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-06-13 19:33 - 2017-05-14 12:14 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-06-13 19:33 - 2017-05-14 12:12 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-06-13 19:33 - 2017-05-14 12:11 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-06-13 19:33 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-06-13 19:33 - 2017-05-14 12:10 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-06-13 19:33 - 2017-05-14 12:02 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-06-13 19:33 - 2017-05-14 11:57 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-06-13 19:33 - 2017-05-14 11:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 19:33 - 2017-05-14 11:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-06-13 19:33 - 2017-05-14 11:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-06-13 19:33 - 2017-05-14 11:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-06-13 19:33 - 2017-05-14 11:50 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-06-13 19:33 - 2017-05-14 11:49 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-06-13 19:33 - 2017-05-14 11:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-06-13 19:33 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-06-13 19:33 - 2017-05-14 11:39 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-06-13 19:33 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-06-13 19:33 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-06-13 19:33 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-06-13 19:33 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-06-13 19:33 - 2017-05-12 11:26 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-06-13 19:33 - 2017-05-12 11:22 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:55 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-06-13 19:33 - 2017-05-12 10:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-06-13 19:33 - 2017-05-12 10:54 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-06-13 19:33 - 2017-05-12 10:51 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-06-13 19:33 - 2017-05-12 10:50 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-06-13 19:33 - 2017-05-12 10:46 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-06-13 19:33 - 2017-05-12 10:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2017-06-13 19:33 - 2017-05-12 10:41 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-06-13 19:33 - 2017-05-12 10:41 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-06-13 19:33 - 2017-05-12 10:41 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-06-13 19:33 - 2017-05-12 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-06-13 19:33 - 2017-05-12 10:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 09:25 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-06-13 19:33 - 2017-05-12 08:58 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-06-13 19:33 - 2017-05-12 08:58 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-06-13 19:33 - 2017-05-10 08:29 - 03165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-06-13 19:33 - 2017-05-10 08:29 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-06-13 19:33 - 2017-05-10 08:29 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-06-13 19:33 - 2017-05-10 08:28 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-06-13 19:33 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-06-13 19:33 - 2017-05-10 08:13 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-06-13 19:33 - 2017-05-10 08:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-06-13 19:33 - 2017-05-10 08:12 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-06-13 19:33 - 2017-05-10 08:00 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-06-13 19:33 - 2017-05-10 08:00 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-06-13 19:33 - 2017-05-10 08:00 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-06-13 19:33 - 2017-05-10 08:00 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-06-13 19:33 - 2017-05-07 08:29 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2017-06-13 19:33 - 2017-03-30 08:03 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\rundll32.exe
2017-06-13 19:33 - 2017-03-30 07:58 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
2017-06-11 20:12 - 2017-06-11 20:12 - 00398666 _____ C:\Users\Kids\Downloads\videoplayback.mp4
2017-06-11 20:12 - 2017-06-11 20:12 - 00398666 _____ C:\Users\Kids\Downloads\videoplayback (2).mp4
2017-06-11 20:12 - 2017-06-11 20:12 - 00398666 _____ C:\Users\Kids\Downloads\videoplayback (1).mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-30 19:13 - 2014-03-30 08:35 - 00000000 ____D C:\FRST
2017-06-30 19:12 - 2016-09-25 20:09 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Skype
2017-06-30 19:10 - 2013-03-24 20:12 - 00000000 ____D C:\Users\Kids\AppData\Local\Adobe
2017-06-30 19:10 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-30 19:10 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-30 19:09 - 2016-11-18 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-30 19:09 - 2016-08-16 17:47 - 00000914 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA.job
2017-06-30 19:06 - 2016-09-25 20:08 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 19:05 - 2017-04-15 14:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-30 19:02 - 2016-11-26 08:17 - 00000000 ____D C:\Users\Kids\AppData\LocalLow\Mozilla
2017-06-30 19:02 - 2012-10-14 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-30 19:00 - 2014-07-02 23:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-30 18:57 - 2015-03-27 19:12 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Curse Client
2017-06-30 18:55 - 2015-02-28 11:59 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-30 18:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-06-30 18:49 - 2016-08-16 17:47 - 00000862 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core.job
2017-06-29 21:53 - 2014-09-18 07:32 - 00000000 ____D C:\Users\Kids\AppData\Local\CrashDumps
2017-06-29 21:48 - 2014-07-02 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-29 21:48 - 2014-07-02 23:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-06-28 13:19 - 2012-04-24 12:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 14:37 - 2012-11-26 10:03 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dropbox
2017-06-24 15:17 - 2014-08-13 00:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-24 15:17 - 2013-01-25 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-24 13:15 - 2015-01-31 08:59 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.technic
2017-06-24 13:01 - 2012-10-14 13:12 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.minecraft
2017-06-19 20:13 - 2016-09-13 07:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-18 12:40 - 2016-10-05 06:18 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avusbflt.sys
2017-06-18 12:40 - 2013-03-29 16:41 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2017-06-18 12:40 - 2013-03-29 16:41 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2017-06-17 13:04 - 2009-07-13 22:13 - 00782010 _____ C:\windows\system32\PerfStringBackup.INI
2017-06-17 13:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-06-17 08:41 - 2012-10-14 13:00 - 00803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 08:41 - 2012-10-14 13:00 - 00144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 08:41 - 2012-10-14 13:00 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 08:40 - 2012-10-14 13:00 - 00000000 ____D C:\windows\system32\Macromed
2017-06-17 08:40 - 2012-04-24 12:26 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-06-15 15:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2017-06-14 03:38 - 2013-03-12 21:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 03:38 - 2013-03-12 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 03:38 - 2009-07-13 21:45 - 00412424 _____ C:\windows\system32\FNTCACHE.DAT
2017-06-14 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\migwiz
2017-06-14 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\migwiz
2017-06-14 03:16 - 2013-03-12 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 19:10 - 2016-08-16 17:47 - 00000000 ____D C:\Users\Kids\AppData\Local\Dropbox
==================== Files in the root of some directories =======
2014-08-29 16:59 - 2014-09-07 10:23 - 0000660 _____ () C:\Users\Kids\AppData\Roaming\LiveSupport.exe_log.txt
2014-08-29 16:59 - 2014-08-29 16:59 - 0000092 _____ () C:\Users\Kids\AppData\Roaming\regsvr32.exe_log.txt
2014-02-04 21:16 - 2014-11-21 21:36 - 0021504 _____ () C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-29 09:17 - 2014-02-09 10:17 - 0000824 _____ () C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_prof
2014-01-29 09:17 - 2014-02-02 14:25 - 0000828 _____ () C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_sta
2014-01-29 09:21 - 2014-02-09 10:16 - 0001001 _____ () C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_wsc
Some files in TEMP:
====================
2014-02-02 11:48 - 2014-08-13 00:01 - 0000000 ____D () C:\Users\Kids\AppData\Local\Temp\avgnt.exe
2013-08-04 23:15 - 2013-08-04 23:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Kids\AppData\Local\Temp\bdfilters.dll
2016-09-25 20:27 - 2016-09-25 20:27 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\BSvcProcessor.exe
2016-09-25 20:27 - 2016-09-25 20:27 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\BSvcUpdater.exe
2016-08-16 17:43 - 2016-08-16 17:43 - 0043008 _____ () C:\Users\Kids\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpht4ncu.dll
2014-05-14 03:22 - 2014-05-14 03:22 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\e6oxqekg.dll
2014-05-03 09:02 - 2009-07-13 18:15 - 0462848 _____ (Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\FirewallAPI.dll
2016-09-06 20:03 - 2016-09-06 20:03 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\GUR7475.exe
2016-09-06 20:03 - 2016-09-06 20:03 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\GURA3FD.exe
2016-10-19 15:24 - 2016-10-19 15:24 - 0737856 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-18 16:46 - 2017-01-18 16:46 - 0739904 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-19 20:49 - 2017-04-19 20:49 - 0739904 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u131-windows-au.exe
2015-03-04 15:28 - 2015-03-04 15:28 - 0561576 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u40-windows-au.exe
2014-11-21 04:17 - 2014-11-21 04:17 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\ncjewmqd.dll
2014-10-03 17:54 - 2014-10-03 17:54 - 0465408 _____ () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.2.525-native.32.dll
2014-09-01 16:21 - 2014-09-01 16:21 - 0465408 ____N () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.3.54-native.32.dll
2014-09-21 16:57 - 2014-11-02 18:53 - 0465408 ____N () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-native.32.dll
2014-03-02 13:39 - 2014-03-13 15:13 - 0918016 _____ () C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
2014-02-05 04:05 - 2014-02-05 04:05 - 0009216 _____ () C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
2014-04-27 14:16 - 2014-04-27 14:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll
2014-04-30 11:52 - 2014-04-30 11:52 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite20810.dll
2014-04-27 14:46 - 2014-04-27 14:46 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite24026.dll
2014-04-29 19:45 - 2014-04-29 19:45 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite28196.dll
2014-04-27 20:16 - 2014-04-27 20:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite30136.dll
2014-05-01 18:07 - 2014-05-01 18:07 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite58916.dll
2014-04-28 16:14 - 2014-04-28 16:14 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite63873.dll
2014-04-30 12:02 - 2014-04-30 12:02 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite70396.dll
2014-05-01 22:38 - 2014-05-01 22:38 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite98985.dll
2014-04-30 17:57 - 2014-04-30 17:57 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite99965.dll
2017-04-15 13:58 - 2017-04-15 13:58 - 14456872 _____ (Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-24 16:24
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Kids (30-06-2017 19:16:52)
Running from C:\Users\Kids\Contacts\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-14 18:09:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1945432696-1015937987-3417527920-500 - Administrator - Disabled)
Guest (S-1-5-21-1945432696-1015937987-3417527920-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1945432696-1015937987-3417527920-1004 - Limited - Enabled)
Kids (S-1-5-21-1945432696-1015937987-3417527920-1002 - Administrator - Enabled) => C:\Users\Kids
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apowersoft Online Launcher version 1.4.5 (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.5 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{271D5399-34AF-4611-BCD9-B09185B2BBE0}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.2.2.1111 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 2.5.0.263 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: - NCH Software)
Dropbox (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0978 - Ezvid, inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.4 - Crawler, LLC) <==== ATTENTION
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.6.8.66 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Robocraft version 0.3.290 (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
SRecorder (HKLM-x32\...\SRecorder_is1) (Version: 2.0.0.0 - SRecorder Company)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Techne - 1 (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\244a1e8693fd9c7e) (Version: 1.3.0.15 - ZeuX and r4wk)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.22-5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Driver Package - Advanced Micro Devices, Inc System (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A928C5C-315B-49E5-AAA9-307A541ACF90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {2CF063DF-68C5-4F5E-9F23-742A29EB3BC6} - System32\Tasks\AdobeAAMUpdater-1.0-MisterMagic-Kids => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {62FD249F-EAA2-46DC-A1A7-0F9779FDEFFF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-08-16] (Dropbox, Inc.)
Task: {63590C8E-D0BE-4E98-922D-709118EEE9EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {798B20EA-3592-4F58-AF62-4B3E78D5D326} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {7BB8C16D-576B-43D4-975B-A925A5A1A8EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {989254BA-49C8-4349-9512-94F7BF64FD5B} - System32\Tasks\Information-firefoxinstaller => C:\Program Files (x86)\Information\Information-firefoxinstaller.exe <==== ATTENTION
Task: {99567155-FDAD-44B5-9066-7D7FF9FFBE3F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {C9D71317-FA0F-4856-B676-BC8399A62A3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {CD08F7F7-CD34-43F3-B9D5-CEC5BEA2703A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {D2DBA4BF-2D5B-4DA5-ADDA-AF1C54146154} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-08-16] (Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core.job => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA.job => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Kids\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
==================== Loaded Modules (Whitelisted) ==============
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2014-01-29 09:00 - 2009-08-21 16:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-04-24 11:31 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2012-04-24 11:31 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2011-08-18 16:44 - 2011-08-18 16:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-18 17:03 - 2011-08-18 17:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-09-24 16:20 - 2016-09-24 16:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-06-28 13:19 - 2017-06-22 20:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 13:19 - 2017-06-22 20:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-10-21 13:38 - 2017-05-23 10:04 - 01658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-01-29 09:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
2014-01-29 09:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
2014-01-29 09:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
2014-01-29 09:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 13675008 _____ () C:\Program Files (x86)\SRecorder\avcodec-53.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 00139776 _____ () C:\Program Files (x86)\SRecorder\avutil-51.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 02516992 _____ () C:\Program Files (x86)\SRecorder\avformat-53.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 00302080 _____ () C:\Program Files (x86)\SRecorder\swscale-2.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2012-04-24 11:31 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2017-06-26 14:37 - 2017-06-26 03:27 - 00801600 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-06-26 14:37 - 2017-06-26 03:27 - 01787200 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-06-13 19:14 - 2017-06-26 03:26 - 00100296 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00018888 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\select.pyd
2017-06-13 19:14 - 2017-06-26 03:29 - 00019776 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00035792 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-06-26 14:37 - 2017-06-26 03:28 - 00020824 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00123856 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00694224 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 01729360 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00020816 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-06-26 14:37 - 2017-06-26 03:26 - 00145864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-06-26 14:37 - 2017-06-26 03:26 - 00019408 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00116688 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-06-13 19:14 - 2017-06-26 03:26 - 00105928 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00060736 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00038712 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00024528 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00392656 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-06-26 14:37 - 2017-06-26 03:26 - 00020936 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00116176 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-06-13 19:14 - 2017-06-26 03:29 - 00392512 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00124880 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00026456 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00024016 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00175560 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00030160 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00043472 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00048592 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00057808 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00024016 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-06-26 14:37 - 2017-06-26 03:28 - 00022336 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00082264 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00025432 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-26 14:37 - 2017-06-26 03:28 - 00246608 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00027488 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 03928896 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00083912 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\sip.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 01826104 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 01972024 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00028616 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00171336 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00042816 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00531264 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00133432 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00224064 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00207680 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00060880 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00054608 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022872 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00021848 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022872 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00349128 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00023896 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00025936 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00036296 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\librsync.dll
2017-06-26 14:37 - 2017-06-26 03:29 - 00084288 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-06-13 19:14 - 2017-06-26 03:30 - 00030536 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00017864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-06-26 14:37 - 2017-06-26 03:27 - 01631184 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-06-13 19:14 - 2017-06-26 03:30 - 00026456 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-13 19:14 - 2017-06-26 03:29 - 00023368 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00546104 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00357688 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-03-14 08:31 - 2017-03-14 08:31 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-11-24 09:37 - 2016-08-19 17:12 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 00110680 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-10 10:28 - 2017-04-15 13:54 - 01950528 _____ () C:\Users\Kids\AppData\Roaming\Curse Client\Bin\Electron\ffmpeg.dll
2017-05-31 11:41 - 2017-05-31 11:41 - 01982976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6CB7C06C-290A-40F1-A525-80671B9CA186}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{98CB6D8B-DB8C-446C-BD88-9988BA827108}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{687D948C-796C-4C7D-947C-DF353AA218D6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8ABC2225-1B51-404A-B3BB-4EECE5F012B7}] => (Allow) LPort=2869
FirewallRules: [{F0E1E06C-FB8B-4047-B8FC-BCE89F8215C6}] => (Allow) LPort=1900
FirewallRules: [{FF5D4BDC-1F2B-4416-949B-D06F8CD9CF34}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B9E4A9CE-CC95-4982-BAA9-40B43EF2B4E6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F7D7D3D0-4E89-4296-B196-AC53A0641E88}] => (Allow) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ADA73739-86DD-4BE4-AD4A-231D8B43105D}] => (Allow) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{8BC81107-B50D-4433-8883-33AD11C90073}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{28717F9D-6D81-4E0D-BD53-F8EEAD45C236}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7DDC119A-D4B7-47E2-A7C9-04836F302B60}C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CA8F0D62-A712-443C-8577-058A1E1274B5}C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{9FC835A9-00B1-4BD6-AC2A-64858E637E90}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3B0F5EE4-59E9-41A7-92E3-DF66D2D5306E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{AC750C32-8880-405A-8E44-7F90EB0BC0BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22703913-D0C0-40BD-88EB-3BBD75C53977}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{878C2951-FA0F-4E8D-95DF-EB76FFF08FDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE07E5DD-74A1-4585-B125-9939875EE309}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17A9B73A-43BF-421F-9ED7-FC908A8200FD}] => (Allow) LPort=8317
FirewallRules: [{111F22BA-DB79-4D59-BDA9-4FB1E7271619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{401A3AD0-001D-4F1E-9D95-A8980DE88CBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36DFB148-84B0-424E-892E-4569044333BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6CE2D809-93D1-4244-A807-6150F14A548D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B4C73A1-00ED-42C9-80A3-5B49DB9E468D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AB81EDB-4953-4060-AAA1-CFBA14056785}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A2174C1D-FE0E-494D-B8A5-27DA355562FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E7FD324D-CC3B-48BD-88E9-9F141906B9D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D7A2F173-BCA0-45FD-992D-FAC8ED556C10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{156C44F4-8E00-42BB-A625-2C19A4A73C3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{C8F9E40E-982A-4A2C-B989-502B4CFECAD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{18EE7B87-F865-460E-9266-7DE1B31164CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BD975D78-5CAA-42EF-8C6D-8651E1F65800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{A39E8EE1-D95F-4893-B06B-585955084FA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CC830ED9-67F2-4FA4-8F0A-452E3BB3364A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2224D0D2-4406-4AFB-8F6E-6BA47C81CFDE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{38EEE6D5-0E56-4FCB-B3F0-11733342F0AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0D43595A-5174-4992-9C3E-087A770B201C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59C94222-6054-47CA-B854-1090B96FC83D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F64EC445-7633-415C-97B6-0A33EFE12CF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E1C8079E-B222-47D2-8D97-5724D9BC48E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A6026D7-302C-4480-BF96-B4207BB23E42}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA5FD1CE-E87B-4A79-8E4C-54AA84E5020B}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{20C61E05-5B1B-4F54-99D0-0A2411B2ED4F}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{86C43BE7-54A2-403B-B415-7E594E4A01D0}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{49CFDB60-CAF2-4AD3-A0FB-8DF4DAD1F54C}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{52FA0B28-E03A-45A6-9C31-9E49AFAA3AC3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-06-2017 06:49:22 Scheduled Checkpoint
29-06-2017 00:00:05 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2017 06:56:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (06/30/2017 12:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59047
Error: (06/30/2017 12:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59047
Error: (06/30/2017 12:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/30/2017 12:02:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49421
Error: (06/30/2017 12:02:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49421
Error: (06/30/2017 12:02:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/30/2017 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39437
Error: (06/30/2017 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39437
Error: (06/30/2017 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/30/2017 07:02:50 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E0A66E06-343B-4876-8458-EAFC05969EE4}.
The backup browser is stopping.
Error: (06/30/2017 06:57:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (06/30/2017 06:54:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:19 PM on 6/30/2017 was unexpected.
Error: (06/30/2017 06:52:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
Error: (06/30/2017 06:51:56 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E0A66E06-343B-4876-8458-EAFC05969EE4}.
The backup browser is stopping.
Error: (06/30/2017 06:51:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
Error: (06/30/2017 06:51:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
Error: (06/30/2017 06:50:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
Error: (06/30/2017 06:50:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
Error: (06/30/2017 06:49:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
==================== Memory info ===========================
Processor: AMD A4-3420 APU with Radeon HD Graphics
Percentage of memory in use: 66%
Total physical RAM: 5626.02 MB
Available physical RAM: 1869.23 MB
Total Virtual: 11250.2 MB
Available Virtual: 5850.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:440.59 GB) (Free:279.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 82BC915B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)
==================== End of Addition.txt ============================
Edited by Nayung116, 30 June 2017 - 08:38 PM.