Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cannnot goto many sites in firefox such as search in google or gmail a

Started by gnrook , Feb 27 2018 12:45 AM

  • Please log in to reply

#1
gnrook
Posted 27 February 2018 - 12:45 AM

gnrook

    New Member

  • Member
  • Pip
  • 6 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Greg (administrator) on DOWNSTAIR-PC (26-02-2018 22:58:35)
Running from C:\Users\Greg\Downloads
Loaded Profiles: Greg (Available Profiles: Greg)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(QILING Tech Co., Ltd.) C:\Program Files\QILING\Disk Master\DmAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(QILING Tech Co., Ltd.) C:\Program Files\QILING\Disk Master\DiskMasterUI.exe
() C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe
() C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
() C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(FastPcTools) C:\Program Files (x86)\FastPcTools\Fast VD\FastVD.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Wargaming.net) C:\Games\World_of_Warships\WargamingGameUpdater.exe
(Gaijin Entertainment) C:\Users\Greg\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
() C:\Users\Greg\AppData\Roaming\betterds\winsrcsrv.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\SteganosBrowserMonitor.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\Notifier.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\fredirstarter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Trend Micro Inc.) C:\Users\Greg\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Greg\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [Disk Master] => C:\Program Files\QILING\Disk Master\DiskMasterUI.exe [3182904 2018-02-05] (QILING Tech Co., Ltd.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 18\SteganosHotKeyService.exe [124416 2016-10-27] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE18 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 18\SteganosBrowserMonitor.exe [1131040 2016-10-27] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE18 Notifier] => C:\Program Files (x86)\Steganos Safe 18\Notifier.exe [4196848 2016-10-27] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE18 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 18\fredirstarter.exe [23040 2016-10-27] (Steganos Software GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5866768 2018-01-22] (IObit)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AllMyNotes] => C:\Program Files (x86)\AllMyNotes Organizer\AllMyNotes.exe [5286424 2017-11-28] (Vladonai Software (hxxp://www.vladonai.com))
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Winsplit] => C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe [3951616 2011-04-12] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe [7439264 2017-04-11] (Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [SharewareOnSale Notifier] => C:\ProgramData\SharewareOnSale Notifier\SharewareOnSale Notifier.exe [1008816 2016-10-25] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-17] (SUPERAntiSpyware)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [WowApp] => C:\Users\Greg\AppData\Roaming\WowApp\WowApp.exe [16001936 2017-08-01] (YouWowMe Romania SRL)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [19959616 2015-08-24] (NGWIN)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [FastVD] => C:\Program Files (x86)\FastPcTools\Fast VD\FastVD.exe [1553104 2017-10-02] (FastPcTools)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Advanced SystemCare 11] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3580176 2018-01-16] (IObit)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3140384 2018-01-25] (Wargaming.net)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Greg\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2116168 2018-01-22] (Gaijin Entertainment)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AdChances] => C:\Users\Greg\AppData\Roaming\betterds\winsrcsrv.exe [13312 2018-02-26] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AdChan] => C:\Users\Greg\AppData\Roaming\betterds\run.exe [8192 2018-02-26] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [WeatherBuddy] => C:\Users\Greg\AppData\Local\WeatherBuddy\WeatherBuddy.exe [4075520 2017-12-08] (ELLS LLC)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-21] (Google Inc.)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2016-11-28]
ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk [2017-08-09]
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}\_70A02663DFC8789EC3D334.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk [2015-02-25]
ShortcutTarget: PHOTOfunSTUDIO 5.0 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C-Organizer Pro.lnk [2016-10-08]
ShortcutTarget: C-Organizer Pro.lnk -> C:\Program Files (x86)\C-Organizer Pro\C-OrganizerPro.exe ()
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2018-02-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-499928188-2534183837-3826530114-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-499928188-2534183837-3826530114-1001] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3045b6d4-f94a-4450-bd97-44f9c92d4939}: [NameServer] 18.218.252.15
Tcpip\..\Interfaces\{4a135f89-e3f7-4c98-89e5-66c7f884ac85}: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{7fe12dea-b9b7-45ee-9d98-b6ac783b4324}: [NameServer] 18.218.252.15
Tcpip\..\Interfaces\{d72ebcf0-adec-4cd2-a6e1-78b29c10e73e}: [NameServer] 18.218.252.15
Tcpip\..\Interfaces\{e8486528-ddac-4e2e-9950-51235e50d8d0}: [NameServer] 18.218.252.15
ManualProxies: 1127.0.0.1:8003

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_31&cd=2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtDtAzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEyD0AtC0A0EyCzztGtCyCyB0BtGzztAzzyCtGtBtDyEtDtG0DtByC0ByB0DtC0Fzz0AtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzutB&cr=484410714&ir=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM -> {25F5DADE-C273-4850-874A-8BAD7C61E75F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_31&cd=2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtDtAzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEyD0AtC0A0EyCzztGtCyCyB0BtGzztAzzyCtGtBtDyEtDtG0DtByC0ByB0DtC0Fzz0AtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzutB&cr=484410714&ir=&q={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM-x32 -> {25F5DADE-C273-4850-874A-8BAD7C61E75F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_31&cd=2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtDtAzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEyD0AtC0A0EyCzztGtCyCyB0BtGzztAzzyCtGtBtDyEtDtG0DtByC0ByB0DtC0Fzz0AtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzutB&cr=484410714&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_coinisre_18_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtByEzztN1L2XzuyEtFtBtCtFtDtFtCtByEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyC0B0D0DtCyDyCtGtCtDzzyBtGzztC0ByEtGtDzz0BtDtG0D0FyDyDtDyDyEzzyBtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCzyyBtDtAzyyCzz%26cr%3D603396005%26a%3Dwbf_coinisre_18_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {25F5DADE-C273-4850-874A-8BAD7C61E75F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_coinisre_18_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtByEzztN1L2XzuyEtFtBtCtFtDtFtCtByEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyC0B0D0DtCyDyCtGtCtDzzyBtGzztC0ByEtGtDzz0BtDtG0D0FyDyDtDyDyEzzyBtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCzyyBtDtAzyyCzz%26cr%3D603396005%26a%3Dwbf_coinisre_18_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=32420&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-09-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2017-10-18] (IObit)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2017-10-18] (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> No Name - {8423B544-3BF6-46E6-9DA0-EAA938D7D068} -  No File
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll [2014-05-05] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2014-11-22] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll [2015-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2016-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF DefaultProfile: 5yc24x31.default
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5yc24x31.default [2018-02-26]
FF Homepage: Mozilla\Firefox\Profiles\5yc24x31.default -> hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_coinisre_18_09&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtByEzztN1L2XzuyEtFtBtCtFtDtFtCtByEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyC0B0D0DtCyDyCtGtCtDzzyBtGzztC0ByEtGtDzz0BtDtG0D0FyDyDtDyDyEzzyBtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCzyyBtDtAzyyCzz%26cr%3D603396005%26a%3Dwbf_coinisre_18_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5yc24x31.default\Extensions\[email protected] [2017-10-18]
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5yc24x31.default\searchplugins\yahoo! powered.xml [2018-02-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499928188-2534183837-3826530114-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Greg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-499928188-2534183837-3826530114-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Greg\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-01-28] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-499928188-2534183837-3826530114-1001: hp.com/HPDetect -> C:\Users\Greg\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://ca.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-ca?cobrand=hp13.msn.com&ocid=HPCDHP&pc=HPD"
CHR NewTab: Default ->  Not-active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default [2018-02-26]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2017-10-10]
CHR Extension: (Avast Passwords) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-01-31]
CHR Extension: (iCloud Bookmarks) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-11]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2018-01-31]
CHR Extension: (Pinterest Save Button) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-14]
CHR Extension: (Skype) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-25]
CHR Extension: (Norton Safe) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29]
CHR Extension: (Chrome Media Router) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-26]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Greg\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-24]
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService11; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1056016 2018-01-30] (IObit)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2007608 2016-07-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968424 2018-02-08] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-26] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-26] (CyberLink)
R2 DmAgent; C:\Program Files\QILING\Disk Master\DmAgent.exe [67384 2018-02-05] (QILING Tech Co., Ltd.)
S3 ExpressAccountsService; C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [3380304 2015-03-28] (NCH Software)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2631760 2014-12-25] (NCH Software)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1770784 2018-01-08] (IObit)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [2081336 2014-08-16] (NCH Software)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Secure Hunter Service; C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe [47416 2016-02-23] (SecureHunter LLC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-12] (Windscribe Limited)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115856 2016-10-20] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 VssProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{278373C1-96D4-4875-BB38-E42D4D162BAE}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-07-31] (The OpenVPN Project)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-02-26] (CPUID)
R3 debutfilter; C:\WINDOWS\system32\DRIVERS\debutfilterx64.sys [34512 2014-11-18] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 diskbckp; C:\WINDOWS\System32\drivers\diskbckp.sys [45368 2018-02-05] (QILING Tech Co., Ltd.)
R3 dvdfab; C:\WINDOWS\system32\drivers\dvdfab.sys [82904 2015-11-06] (Windows ® Win 7 DDK provider)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-16] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-23] (IObit.com)
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2017-05-16] (Highresolution Enterprises [www.highrez.co.uk])
R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [39792 2017-09-28] (IObit.com)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-13] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2707c70d42c54b4e\nvlddmkm.sys [17036560 2018-02-01] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-17] (IObit.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SLEE_19_DRIVER; C:\WINDOWS\Sleen1964.sys [117848 2014-10-24] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [162360 2015-12-22] (Duplex Secure Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [34512 2014-10-23] ()
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-19] (Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-19] (Texas Instruments, Inc.)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\TRUFOS.sys [520032 2016-12-05] (BitDefender S.R.L.)
R3 vDisk; C:\WINDOWS\System32\drivers\vDisk.sys [256312 2018-02-05] (QILING Tech Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-26 22:58 - 2018-02-26 22:58 - 002403328 _____ (Farbar) C:\Users\Greg\Downloads\FRST64 (1).exe
2018-02-26 22:41 - 2018-02-26 22:41 - 000083877 _____ C:\Users\Greg\Desktop\FRST.txt
2018-02-26 22:33 - 2018-02-26 22:34 - 000085116 _____ C:\Users\Greg\Downloads\Addition.txt
2018-02-26 22:32 - 2018-02-26 22:58 - 000040495 _____ C:\Users\Greg\Downloads\FRST.txt
2018-02-26 22:32 - 2018-02-26 22:58 - 000000000 ____D C:\FRST
2018-02-26 22:31 - 2018-02-26 22:31 - 002403328 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2018-02-26 22:15 - 2018-02-26 22:15 - 000388608 _____ (Trend Micro Inc.) C:\Users\Greg\Downloads\HijackThis.exe
2018-02-26 22:08 - 2018-02-26 22:08 - 000001265 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2018-02-26 22:08 - 2018-02-26 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2018-02-26 22:05 - 2018-02-26 22:06 - 042627704 _____ (IObit ) C:\Users\Greg\Downloads\IObit-Malware-Fighter-Setup (1).exe
2018-02-26 21:02 - 2018-02-26 21:02 - 000000000 ____D C:\Users\Greg\AppData\Local\Notepad++
2018-02-26 20:59 - 2018-02-26 21:01 - 000000000 ____D C:\Users\Greg\AppData\Local\{15DE2382-3176-4F3A-5CEE-6AD27886964A}
2018-02-26 20:59 - 2018-02-26 20:59 - 000002073 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Powered.lnk
2018-02-26 20:59 - 2018-02-26 20:59 - 000001482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
2018-02-26 20:25 - 2018-02-26 20:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-26 20:25 - 2018-02-26 20:25 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-26 20:25 - 2018-02-26 20:25 - 000001006 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-26 20:25 - 2018-02-26 20:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-26 20:24 - 2018-02-26 20:24 - 000313520 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Installer (2).exe
2018-02-26 19:28 - 2018-02-26 19:28 - 000313520 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Installer (1).exe
2018-02-26 12:32 - 2018-02-26 12:32 - 000000000 ____D C:\Users\Greg\AppData\Local\WeatherBuddy
2018-02-26 00:48 - 2018-02-26 00:48 - 000000062 _____ C:\WINDOWS\WeatherBuddy.INI
2018-02-26 00:47 - 2018-02-26 20:59 - 000151040 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Roaming\upp.exe
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Roaming\betterds
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Local\Package Cache
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-02-26 00:46 - 2018-02-26 00:46 - 007609856 _____ C:\Users\Greg\Downloads\flashplayer_setup.exe
2018-02-26 00:45 - 2018-02-26 00:45 - 001730580 _____ ( ) C:\Users\Greg\Downloads\adobe_flash_setup_3103816377.exe
2018-02-25 04:00 - 2018-02-25 04:00 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-24 19:35 - 2018-02-24 19:35 - 038670696 _____ (DownloadHelper ) C:\Users\Greg\Downloads\VdhCoAppSetup-1.1.3.exe
2018-02-23 21:35 - 2018-02-23 21:43 - 623138346 _____ C:\Users\Greg\Downloads\Autoimmune Secrets - Episode 03 [02-22-18] NEW - YouTube.mp4
2018-02-22 18:24 - 2018-02-22 18:24 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-499928188-2534183837-3826530114-1001
2018-02-22 18:23 - 2018-02-22 18:23 - 000002410 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-21 01:59 - 2018-02-21 01:59 - 000000000 ____D C:\Users\Greg\ansel
2018-02-21 01:13 - 2018-02-21 01:13 - 000000000 ____D C:\Users\Greg\AppData\Local\Gaijin
2018-02-21 01:13 - 2018-02-21 01:13 - 000000000 ____D C:\ProgramData\Gaijin
2018-02-21 01:12 - 2018-02-22 01:14 - 000000000 ____D C:\Users\Greg\AppData\Local\WarThunder
2018-02-21 01:12 - 2018-02-21 01:12 - 000002072 _____ C:\Users\Greg\Desktop\WarThunder.lnk
2018-02-21 01:12 - 2018-02-21 01:12 - 000000000 ____D C:\Users\Greg\Documents\My Games
2018-02-21 01:12 - 2018-02-21 01:12 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2018-02-21 01:11 - 2018-02-21 01:11 - 006351424 _____ (Gaijin Entertainment ) C:\Users\Greg\Downloads\wt_launcher_1.0.3.72.exe
2018-02-21 01:08 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2018-02-21 01:08 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-02-21 01:07 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-02-21 01:07 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-02-21 01:07 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-02-21 01:07 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-02-21 01:07 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-02-21 01:07 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-02-21 01:07 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-02-21 01:07 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-02-21 01:07 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-02-21 01:07 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-02-21 01:07 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-02-21 01:07 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-02-21 01:07 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-02-21 01:07 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-02-21 01:07 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-02-21 01:07 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-02-21 01:07 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-02-21 01:07 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-02-21 01:07 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-02-21 01:07 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-02-21 01:07 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-02-21 01:07 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-02-21 01:07 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-02-21 01:07 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-02-21 01:07 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-02-21 01:07 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-02-21 01:07 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-02-21 01:07 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-02-21 01:07 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-02-21 01:07 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-02-21 01:07 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-02-21 01:07 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2018-02-21 01:07 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2018-02-21 01:07 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-02-21 01:07 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-02-21 01:07 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-02-21 01:07 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-02-21 01:07 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-02-21 01:07 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-02-21 01:07 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-02-21 01:07 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-02-21 01:07 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-02-21 01:07 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-02-21 01:07 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-02-21 01:07 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-02-21 01:07 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-02-21 01:07 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-02-21 01:07 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-02-21 01:07 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-02-21 01:07 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-02-21 01:07 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-02-21 01:07 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-02-21 01:07 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-02-21 01:07 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-02-21 01:07 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-02-21 01:07 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-02-21 01:07 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-02-21 01:07 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-02-21 01:07 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-02-21 01:07 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-02-21 01:07 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-02-21 01:07 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-02-21 01:07 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-02-21 01:07 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-02-21 01:07 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-02-21 01:07 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-02-21 01:07 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-02-21 01:07 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-02-21 01:07 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-02-21 01:07 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-02-21 01:07 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-02-21 01:07 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-02-21 01:07 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-02-21 01:07 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-02-21 01:07 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-02-21 01:04 - 2018-02-21 01:08 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-02-21 01:04 - 2018-02-21 01:04 - 000000855 _____ C:\Users\Greg\Desktop\World of Warships.lnk
2018-02-21 01:04 - 2018-02-21 01:04 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2018-02-21 01:04 - 2018-02-21 01:04 - 000000000 ____D C:\Games
2018-02-21 01:02 - 2018-02-21 01:02 - 005107312 _____ (Wargaming.net ) C:\Users\Greg\Downloads\WoWS_internet_install_na_bjing5a43w4c.exe
2018-02-19 23:33 - 2018-02-19 23:39 - 341189346 _____ C:\Users\Greg\Downloads\Anonymous Down The Deep Dark Web Documentary.mp4
2018-02-19 21:10 - 2018-02-19 21:32 - 557117396 _____ C:\Users\Greg\Downloads\How To Earn 6+ Figures Online.mp4
2018-02-18 05:05 - 2018-02-26 21:15 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-18 05:03 - 2018-02-18 05:03 - 011217568 _____ (Piriform Ltd) C:\Users\Greg\Downloads\ccsetup540.exe
2018-02-17 13:52 - 2018-02-17 15:19 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-02-17 13:52 - 2018-02-17 13:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-02-17 13:52 - 2018-02-17 13:52 - 000001485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-02-17 13:52 - 2018-02-17 13:52 - 000001473 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-02-17 13:52 - 2018-02-17 13:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-02-17 13:52 - 2018-02-17 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-02-17 13:52 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-02-17 13:44 - 2018-02-17 13:45 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Greg\Downloads\spybotsd-2.6.46.exe
2018-02-15 04:54 - 2018-02-15 04:54 - 000001026 _____ C:\Users\Public\Desktop\Disk Master Professional.lnk
2018-02-15 04:54 - 2018-02-15 04:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Master Professional
2018-02-15 04:54 - 2018-02-15 04:54 - 000000000 ____D C:\ProgramData\Disk Master
2018-02-15 04:54 - 2018-02-15 04:54 - 000000000 ____D C:\Program Files\QILING
2018-02-15 04:54 - 2018-02-05 22:06 - 000256312 _____ (QILING Tech Co., Ltd.) C:\WINDOWS\system32\Drivers\vDisk.sys
2018-02-15 04:54 - 2018-02-05 22:06 - 000045368 _____ (QILING Tech Co., Ltd.) C:\WINDOWS\system32\Drivers\diskbckp.sys
2018-02-15 04:52 - 2018-02-15 04:52 - 002294264 _____ C:\Users\Greg\Downloads\SharewareOnSale_Giveaway_QILING_Disk_Master_Professional_hub.exe
2018-02-13 16:15 - 2018-02-13 16:15 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-13 16:15 - 2017-12-18 19:51 - 000137200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-02-13 16:15 - 2017-09-13 16:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-02-13 16:15 - 2017-09-13 16:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-02-13 16:15 - 2017-09-13 16:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-02-13 16:15 - 2017-09-13 16:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-02-13 16:12 - 2018-02-13 16:16 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-02-13 14:54 - 2018-02-13 14:54 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-12 04:02 - 2018-02-12 04:02 - 002340600 _____ C:\Users\Greg\Downloads\SharewareOnSale_Giveaway_CintaNotes_PRO_hub.exe
2018-02-12 04:02 - 2018-02-12 04:02 - 000001111 _____ C:\Users\Public\Desktop\CintaNotes.lnk
2018-02-12 00:03 - 2018-02-12 00:04 - 038911168 ____N C:\Users\Greg\Downloads\vlc-3.0.0-win32.exe
2018-02-09 01:08 - 2018-02-09 01:09 - 013739246 _____ C:\Users\Greg\Downloads\w_wile255.pdf
2018-02-09 01:08 - 2018-02-09 01:09 - 013739246 _____ C:\Users\Greg\Downloads\w_wile255 (1).pdf
2018-02-07 02:08 - 2018-02-05 19:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-07 02:08 - 2018-02-05 19:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 00:37 - 2018-02-07 00:37 - 000002896 _____ C:\WINDOWS\System32\Tasks\ASC11_SkipUac_Greg
2018-02-07 00:37 - 2018-02-07 00:37 - 000000000 ____D C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-02-06 23:47 - 2018-02-06 23:49 - 000000000 ____D C:\Users\Greg\Dr. Bergman
2018-02-06 17:25 - 2018-02-06 17:25 - 006165504 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-02-05 00:37 - 2018-02-26 21:30 - 000002255 _____ C:\Users\Public\Desktop\Advanced SystemCare 11.lnk
2018-02-05 00:36 - 2018-02-05 00:36 - 028866136 _____ (IObit ) C:\Users\Greg\Downloads\advanced-systemcare-setup (1).exe
2018-02-04 17:35 - 2018-02-04 17:35 - 000003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1517790891
2018-02-04 17:35 - 2018-02-04 17:35 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Opera Software
2018-02-04 17:35 - 2018-02-04 17:35 - 000000000 ____D C:\Users\Greg\AppData\Local\Opera Software
2018-02-04 17:35 - 2018-02-04 17:34 - 000001169 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2018-02-04 17:35 - 2018-02-04 17:34 - 000001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-02-04 17:34 - 2018-02-26 22:00 - 000000000 ____D C:\Program Files\Opera
2018-02-04 17:33 - 2018-02-04 17:33 - 001269688 _____ (Opera Software) C:\Users\Greg\Downloads\OperaSetup.exe
2018-02-04 12:44 - 2018-02-04 12:45 - 197398752 _____ C:\Users\Greg\Downloads\Q & A with Ty & Charlene Bollinger Part 2 - The Truth About .mp4
2018-02-03 23:36 - 2018-02-03 23:36 - 026590655 _____ C:\Users\Greg\Downloads\Memory Stimulator Main VSL.mp4
2018-02-02 01:04 - 2018-02-02 01:31 - 290809909 _____ C:\Users\Greg\Downloads\Mom Alexis Fawx in Yellow Panties [bleep]s Son - Pornhub.com.mp4
2018-02-02 00:31 - 2018-02-03 11:26 - 000000150 _____ C:\WINDOWS\Reimage.ini
2018-02-02 00:30 - 2018-02-02 00:31 - 000605424 _____ (Reimage) C:\Users\Greg\Downloads\ReimageRepair.exe
2018-02-01 19:58 - 2018-02-07 21:39 - 000000000 ____D C:\Users\Greg\Documents\LiveLongerFeelBetter
2018-02-01 18:50 - 2018-02-01 19:03 - 000000000 ____D C:\Users\Greg\Documents\TheBankersSecret
2018-02-01 13:14 - 2018-02-01 13:14 - 036357664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2018-02-01 13:14 - 2018-02-01 13:14 - 029389768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2018-02-01 13:14 - 2018-02-01 13:14 - 017036560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2018-02-01 13:13 - 2018-02-01 13:13 - 001690952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-02-01 13:13 - 2018-02-01 13:13 - 000991744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-02-01 13:13 - 2018-02-01 13:13 - 000942024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-02-01 13:13 - 2018-02-01 13:13 - 000235432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-02-01 13:13 - 2018-02-01 13:13 - 000054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 040246304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 004210536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 003624960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001998792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438873.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001683400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438873.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001109776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001041352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-02-01 13:11 - 2018-02-01 13:11 - 035166664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 023482944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 019218440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 013377544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 010985720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-02-01 13:09 - 2018-02-01 13:09 - 001154256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-02-01 13:09 - 2018-02-01 13:09 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 014000816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 011896592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 004533664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 003859632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-02-01 08:44 - 2018-02-01 08:44 - 000048510 _____ C:\WINDOWS\system32\nvinfo.pb
2018-02-01 08:44 - 2018-02-01 08:44 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2018-02-01 08:44 - 2018-02-01 08:44 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2018-02-01 04:04 - 2018-02-01 04:12 - 000000000 ____D C:\Users\Greg\Documents\Steganos Safe
2018-02-01 04:03 - 2018-02-01 04:03 - 000001123 _____ C:\Users\Public\Desktop\Steganos Safe.lnk
2018-02-01 04:03 - 2018-02-01 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 18
2018-02-01 04:03 - 2018-02-01 04:03 - 000000000 ____D C:\Program Files (x86)\Steganos Safe 18
2018-02-01 04:02 - 2018-02-01 04:02 - 000000000 ____D C:\Users\Greg\SteganosSafe18
2018-01-31 21:47 - 2018-01-31 21:50 - 739148154 _____ C:\Users\Greg\Downloads\The Truth About Vaccines Docu-series Episode 7.mp4
2018-01-29 01:57 - 2018-01-29 01:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-01-29 01:55 - 2018-01-29 01:55 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-01-29 01:55 - 2018-01-29 01:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-29 01:55 - 2018-01-29 01:55 - 000000000 ____D C:\Program Files\iPod
2018-01-29 01:53 - 2018-01-29 01:55 - 000000000 ____D C:\Program Files\iTunes
2018-01-29 00:58 - 2018-01-29 00:58 - 038669120 _____ (DownloadHelper ) C:\Users\Greg\Downloads\VdhCoAppSetup-1.1.2.exe
2018-01-28 20:59 - 2018-01-28 20:59 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\Greg\Downloads\Zoom_launcher(1).exe
2018-01-28 20:59 - 2018-01-28 20:59 - 000000000 ____D C:\Users\Greg\Documents\Zoom
2018-01-28 20:57 - 2018-01-28 20:57 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-01-28 20:46 - 2018-01-28 20:48 - 806064649 _____ C:\Users\Greg\Downloads\The Truth About Vaccines Docu-Series - Episode 4 HIB and Pne.mp4
2018-01-28 17:23 - 2018-01-28 17:23 - 000818111 _____ C:\Users\Greg\Downloads\093808153969.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-26 22:42 - 2016-11-16 03:24 - 000000000 ____D C:\Users\Greg\AppData\LocalLow\Mozilla
2018-02-26 22:01 - 2018-01-14 02:14 - 001177730 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-26 21:54 - 2018-01-14 02:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-26 21:54 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration
2018-02-26 21:54 - 2017-09-29 01:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-02-26 21:54 - 2016-11-20 04:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-26 21:54 - 2016-11-20 04:12 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2018-02-26 21:29 - 2016-11-01 21:43 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-26 21:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-26 21:03 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-26 21:02 - 2016-01-17 23:09 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Notepad++
2018-02-26 21:02 - 2013-12-20 21:02 - 000000000 ____D C:\Users\Greg\AppData\Local\Adobe
2018-02-26 20:59 - 2017-07-31 17:07 - 000000000 ____D C:\Program Files (x86)\Installer_P.C.A.P
2018-02-26 19:53 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-26 19:39 - 2018-01-14 02:16 - 000000000 ____D C:\Users\Greg\AppData\Local\Packages
2018-02-26 19:39 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-26 19:39 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-26 19:10 - 2018-01-14 02:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-26 16:46 - 2018-01-03 03:54 - 000000000 ____D C:\Users\Greg\AppData\Local\FastVD
2018-02-25 23:06 - 2014-01-14 01:21 - 000000000 ____D C:\Users\Greg\AppData\Roaming\vlc
2018-02-25 23:04 - 2014-09-18 19:31 - 000000000 ____D C:\Users\Greg\Documents\DVDFab Media Player
2018-02-25 23:03 - 2015-11-22 23:07 - 000000000 ____D C:\Users\Greg\Documents\Health
2018-02-25 22:50 - 2017-12-06 21:59 - 000000000 ____D C:\Users\Greg\Documents\AutoImmune Secrets
2018-02-25 21:01 - 2016-12-18 19:45 - 000000000 ____D C:\Users\Greg\Documents\Essential Oils - Ancient Medicine
2018-02-24 21:10 - 2016-09-03 21:15 - 000000000 ____D C:\Users\Greg\dwhelper
2018-02-24 20:22 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-24 19:36 - 2017-11-14 23:47 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2018-02-24 00:19 - 2013-12-21 00:13 - 000001579 _____ C:\WINDOWS\ATREX.INI
2018-02-24 00:16 - 2013-12-21 00:13 - 000000000 ____D C:\ATREX
2018-02-22 18:56 - 2014-01-21 00:13 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-22 18:56 - 2014-01-21 00:13 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-22 18:41 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-22 18:39 - 2013-10-09 14:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-22 18:25 - 2016-11-23 03:55 - 000000000 ____D C:\ProgramData\ProductData
2018-02-22 18:23 - 2015-06-14 20:14 - 000000000 ___RD C:\Users\Greg\SkyDrive
2018-02-21 01:59 - 2018-01-14 02:15 - 000000000 ____D C:\Users\Greg
2018-02-18 12:04 - 2016-07-25 20:46 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Apowersoft
2018-02-18 05:07 - 2014-01-05 02:26 - 000000000 ____D C:\Users\Greg\AppData\Local\CrashDumps
2018-02-18 05:05 - 2016-05-05 02:59 - 000000872 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-18 05:05 - 2016-05-05 02:59 - 000000000 ____D C:\Program Files\CCleaner
2018-02-17 19:49 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-02-17 19:49 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-02-17 01:27 - 2017-09-11 19:58 - 000073728 _____ C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-13 22:58 - 2017-11-02 22:40 - 000000000 ____D C:\Users\Greg\Documents\The Sacred Plant
2018-02-13 16:15 - 2016-11-20 04:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-13 16:15 - 2016-01-25 19:59 - 000000000 ____D C:\temp
2018-02-13 16:12 - 2016-11-20 04:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-13 16:12 - 2016-11-20 04:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-02-12 04:07 - 2018-01-12 22:05 - 000000000 ___DC C:\WINDOWS\Panther
2018-02-12 04:02 - 2016-07-12 03:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CintaNotes
2018-02-12 04:02 - 2016-07-12 03:04 - 000000000 ____D C:\Program Files (x86)\CintaNotes
2018-02-12 00:07 - 2014-01-14 01:20 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-07 02:27 - 2018-01-24 23:22 - 000000000 ____D C:\WINDOWS\Minidump
2018-02-07 01:36 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-07 00:37 - 2018-01-14 02:40 - 000003104 _____ C:\WINDOWS\System32\Tasks\ASC11_PerformanceMonitor
2018-02-06 17:26 - 2018-01-14 02:40 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-02-06 00:11 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-05 00:37 - 2018-01-12 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2018-02-05 00:37 - 2017-07-15 12:01 - 000000000 ____D C:\Users\Greg\Documents\TheTruthAboutVaccines
2018-02-04 12:43 - 2014-08-24 16:19 - 000000000 ____D C:\Users\Greg\AppData\Local\EvernoteNW
2018-02-01 04:04 - 2016-09-27 02:05 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Steganos
2018-01-31 21:44 - 2018-01-18 01:18 - 000000000 ____D C:\Users\Greg\Documents\TheHealingMiracle
2018-01-30 00:01 - 2014-11-09 20:40 - 000000000 ___RD C:\Users\Greg\iCloudDrive
2018-01-28 20:57 - 2017-03-05 14:33 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Zoom

==================== Files in the root of some directories =======

2016-07-03 15:46 - 2016-07-03 15:46 - 000000876 _____ () C:\Users\Greg\exe.reg
2014-10-06 23:10 - 2014-11-17 02:12 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.1.txt
2014-10-06 23:10 - 2014-11-16 23:46 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.2.txt
2014-10-06 23:10 - 2014-10-23 23:23 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.3.txt
2014-10-06 23:10 - 2014-10-06 23:10 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.4.txt
2014-10-06 23:10 - 2014-11-18 01:40 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.txt
2014-10-06 23:10 - 2014-11-18 01:40 - 000000000 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2018-02-26 00:47 - 2018-02-26 20:59 - 000151040 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Roaming\upp.exe
2014-01-14 00:42 - 2014-08-20 20:34 - 000014336 _____ () C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-06 23:06 - 2016-11-06 23:06 - 000000337 _____ () C:\Users\Greg\AppData\Local\Perfmon.PerfmonCfg
2016-11-06 23:06 - 2017-11-04 18:06 - 000007605 _____ () C:\Users\Greg\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-02-26 20:59 - 2018-02-26 20:59 - 001730580 _____ (                                                            ) C:\Users\Greg\AppData\Local\Temp\ICReinstall_adobe_flash_setup_3103816377.exe
2018-02-26 21:02 - 2018-02-26 21:02 - 004167312 _____ (Don HO [email protected]) C:\Users\Greg\AppData\Local\Temp\npp.7.5.4.Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-18 05:16

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Greg (26-02-2018 22:59:18)
Running from C:\Users\Greg\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2018-01-14 09:41:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-499928188-2534183837-3826530114-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-499928188-2534183837-3826530114-503 - Limited - Disabled)
Greg (S-1-5-21-499928188-2534183837-3826530114-1001 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-499928188-2534183837-3826530114-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-499928188-2534183837-3826530114-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: IObit Malware Fighter (Enabled - Up to date) {2C1A27ED-EADF-56B0-8FBA-D38AFF9152A2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.2.0 - IObit)
Aiseesoft Screen Recorder 1.0.8 (HKLM-x32\...\{DD85E531-C84E-4247-B7A3-5F0C22D276DB}_is1) (Version: 1.0.8 - Aiseesoft Studio)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
AllMyNotes Organizer (HKLM-x32\...\AllMyNotes Organizer) (Version: 3.21 - Vladonai Software)
Apowersoft Online Launcher version 1.4.4 (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.4 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AquaSoft DiaShow 7 Premium (HKLM-x32\...\{9FFC4C2D-374D-482B-AA58-67282CE23695}) (Version: 7.8.01 - AquaSoft) Hidden
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 9 (HKLM-x32\...\{0A11EA01-D628-EEFD-B5E8-864238AE9105}_is1) (Version: 9.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 2016 (HKLM-x32\...\{4209F371-38F5-0B47-1C5B-A4A8456950A3}_is1) (Version: 12.00.40 - Ashampoo GmbH & Co. KG)
Asoftech Photo Recovery (HKLM-x32\...\{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}) (Version: 3.16 - )
Atrex (HKLM-x32\...\Atrex) (Version: 10.02 - Millennium Software, LLC)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.8.1.0 - Auslogics Labs Pty Ltd)
AVG (HKLM\...\{4A4C705B-6D2D-4868-9C1C-02C7AAC7F32F}) (Version: 16.91.7690 - AVG Technologies) Hidden
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
CintaNotes 3.11 (HKLM-x32\...\CintaNotes_is1) (Version:  - Cinta Software)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
C-Organizer Pro v 5.1.1 (HKLM-x32\...\C-Organizer Professional_is1) (Version:  - CSoftLab)
CrazyTalk Animator Standard (HKLM-x32\...\{789567FD-CAA2-4E1C-B38E-9072B3015FFD}) (Version: 1.2.2010.1 - Reallusion Inc.)
CSE HTML Validator Professional v16.05 (HKLM-x32\...\CSEHTMLVALIDATOR160_is1) (Version: 16.5.0.0 - AI Internet Solutions LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink PhotoDirector 6 (HKLM-x32\...\{6B684CDB-7255-4e46-9AB1-1D2F2D5540B3}) (Version: 6.0.6727.0 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)
Disk Master Professional version 4.3.7 (HKLM\...\{8213CE5C-49D8-45CC-98C1-7355D18995C5}_is1) (Version: 4.3.7 - QILING Tech Co., Ltd.)
DVDFab 8.2.3.0 (21/12/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.3.1.6 (19/09/2016) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab Media Player 2 (HKLM-x32\...\DVDFab Media Player 2_is1) (Version: 2.4.3.8 - Fengtao Software Inc.)
DVDFab Passkey 8.2.5.5 (09/12/2015) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version:  - Fengtao Software Inc.)
Easy audio mixer 2.1.3 (HKLM-x32\...\EasyAudioMixer2_is1) (Version: 2.1.3 - G.F. Software)
Evernote v. 6.7.5 (HKLM-x32\...\{65B334F4-9E45-11E7-A6A5-005056951CAD}) (Version: 6.7.5.5825 - Evernote Corp.)
Express Accounts Accounting Software (HKLM-x32\...\ExpressAccounts) (Version: 5.07 - NCH Software)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.04 - NCH Software)
Express Invoice Invoicing Software (HKLM-x32\...\ExpressInvoice) (Version: 4.32 - NCH Software)
Fast VD 3.0.0.12 (HKLM-x32\...\9ED08AFF-E977-47db-8923-2499D74C97C5_Fast VD_is1) (Version: 3.0.0.12 - FastPcTools)
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Hardwipe 5.1.3 (HKLM\...\{AD3CFB60-96FC-4830-830B-7BC538132B04}) (Version: 5.1.3 - Big Angry Dog)
Helicon Filter 5.5.4 (HKLM-x32\...\Helicon Filter 5_is1) (Version:  - Helicon Soft Ltd.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HippoEDIT 1.60.44 (HKLM-x32\...\HippoEDIT) (Version: 1.60.44 - HippoEDIT.com)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\HPConnectedMusic) (Version: 1.1 (build 87) hp - Meridian Audio Ltd)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Icecream Ebook Reader version 4.24 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 4.24 - Icecream Apps)
Icecream PDF Converter version 2.49 (HKLM-x32\...\{6811A286-E9F4-4035-9738-7721C087E500}_is1) (Version: 2.49 - Icecream Apps)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Inpaint 6.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 3.58 - NCH Software)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.2.0.11 - IObit)
iSyncr (HKLM-x32\...\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}) (Version: 5.1.6 - JRT Studio)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
Kodi (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LeaderTask 11.1.1.2 (HKLM-x32\...\LeaderTask_is1) (Version:  - Organizer LeaderTask LLC)
LopeEdit (HKLM-x32\...\LopeEdit_is1) (Version: 5.6.3 - LopeSoft)
Manuals Finder (HKLM-x32\...\Manuals Finder) (Version: 1.0 - Manuals Finder)
Mediatek Bluetooth Stack (HKLM-x32\...\{B39E1237-AB91-4DAE-BB8A-F7EF19C7BA2A}) (Version: 11.0.743.0 - Mediatek)
MergeModule_x64 (HKLM\...\{3D576235-F0CE-4B50-A9C6-0775B9E50B63}) (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{306CBA87-E890-4FBB-9AB8-E65C96D352B2}) (Version: 9.1.00 - Sony Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.9001.2171 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Opera Stable 50.0.2762.67 (HKLM-x32\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Peachtree Complete Accounting 2005 (HKLM-x32\...\InstallShield_{238E20DB-EF53-4388-9B97-2C9E45234D83}) (Version: 12.00.00 - Best Software SB, Inc)
PHOTO projects 3 (64-Bit) (HKLM\...\COLOR_PROJECTS_3_3_C935FDA1_is1) (Version: 3.34 - Franzis Verlag GmbH)
Photo Stamp Remover 9.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 9.0 - SoftOrbits)
PHOTOfunSTUDIO 5.0 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.320 - Panasonic Corporation)
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.7 - NGWIN)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}) (Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{8E5861CA-9B65-488B-972E-405AD03EBC7C}) (Version: 9.2.00 - Sony Corporation) Hidden
Privacy Protector for Windows 10 1.0 (HKLM-x32\...\Privacy Protector for Windows 10_is1) (Version: 1.0 - SoftOrbits)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanPapyrus (HKLM-x32\...\{D243A198-99BB-42A0-828E-98AE3F01D215}_is1) (Version: 16.11.2 - ScanPapyrus Team)
SharewareOnSale Notifier (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)
Simplenote 1.1.1 (HKLM-x32\...\e850fc3b-cc8a-5579-9299-32253cc2000f) (Version: 1.1.1 - Automattic, Inc.)
Skitch (HKLM-x32\...\Skitch 2.3.2.176) (Version: 2.3.2.176 - Evernote Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.8.0 - IObit)
Soft Organizer version 6.15 (HKLM-x32\...\Soft Organizer_is1) (Version: 6.15 - ChemTable Software)
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3790 - SoftMaker Software GmbH)
SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - )
Steganos Safe 18 (HKLM-x32\...\{0A81476E-6553-443B-B34F-0BFE17ACAFFB}) (Version: 18.0.2 - Steganos Software GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Task Manager 20-20 (HKLM-x32\...\Task Manager 20-20) (Version:  - )
TC Web Conferencing (HKLM-x32\...\{8EB39AA7-4019-4550-AF6C-BE51BB27B446}) (Version: 8.421 - Digitalweb)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Total Network Monitor 2.1.0 build 4040 (HKLM-x32\...\Total Network Monitor 2_is1) (Version: 2.1.0.4040 - Softinventive Lab Inc.)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2016 (HKLM-x32\...\{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}) (Version: 1.00.0000 - Intuit Canada)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Video Download Capture V6.0.4 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.0.4 - APOWERSOFT LIMITED)
Video Watermark Pro (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\VideoWatermarkPro) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.14 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.72 (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Watermark Software 8.2 (HKLM-x32\...\Watermark Software) (Version: 8.2 - watermark-software.com)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.12 - NCH Software)
Weather Buddy (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{f1ba6611-16fa-402f-b96c-659c8cf67e1a}) (Version: 1.0.23 - ELLS LLC) Hidden
WeatherBuddy (HKLM-x32\...\{4E3A1F8F-C363-4867-ADBD-8FF780DE9322}) (Version: 1.0.26 - ELLS LLC) Hidden <==== ATTENTION
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinSplit Revolution (v11.04) (HKLM-x32\...\WinSplit Revolution) (Version: 11.04 - Raphael Lencrerot)
WinZip Self-Extractor (HKLM-x32\...\{98E8F5CD-4D07-4C66-992B-4BD3547C86AF}) (Version: 4.0.8672.0 - WinZip Computing, S.L.)
Wondershare Dr.Fone for Android(Build 6.5.0.12) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.5.0.12 - Wondershare Software Co.,Ltd.)
World of Warships (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
WowApp (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\WowApp) (Version: 13.0.3 - WowApp)
WowTron PDF Page Organizer 1.1.1 (HKLM-x32\...\WowTron PDF Page Organizer 1.1.1) (Version: 1.1.1 - WowTron Software Co. Ltd.)
Yahoo! Powered (HKLM-x32\...\{A14B498B-F1CB-980B-404B-E88B90CB3B0B}) (Version:  - ) <==== ATTENTION
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_EN_is1) (Version:  - ZONER software)
Zoom (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 11.1.0 - Inmatrix LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-499928188-2534183837-3826530114-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Greg\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-07-28] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers2: [BigAngryDog_HWipe] -> {B0FFE529-A5D3-4ECE-91C0-9E3585C373D8} => C:\Program Files\Hardwipe\hw-bin\hwshell.dll [2016-02-16] (Big Angry Dog)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers2: [SteganosShellExtension] -> {FAE0A3E0-3010-41BA-9DDC-A631394F047F} => C:\Program Files (x86)\Steganos Safe 18\ShellExtension.dll [2014-08-27] ()
ContextMenuHandlers3: [BigAngryDog_HWipe] -> {8154B7C1-BB68-457C-931A-5BFABBA86CD9} => C:\Program Files\Hardwipe\hw-bin\hwshell.dll [2016-02-16] (Big Angry Dog)
ContextMenuHandlers3: [SteganosShellExtension] -> {FAE0A3E0-3010-41BA-9DDC-A631394F047F} => C:\Program Files (x86)\Steganos Safe 18\ShellExtension.dll [2014-08-27] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files (x86)\Zoom Player\zpshlext64.dll [2008-08-05] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-18] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-07-28] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009D2F73-CB2B-48FF-BB05-45C7385E6DFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {05C78C70-662D-4F6D-8810-35BF099881B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {074BAF7E-CC70-41E3-9348-CE558E6ADB38} - System32\Tasks\{E54C889E-0C3C-4662-814B-58D06D8E94A8} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Task Manager 20-20\uninstall.exe" -c C:\ProgramData\Task Manager 20-20\INSTALL.LOG
Task: {0E714097-D7D0-4597-8EBE-07DF99E20B9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0ED20C05-BF0A-4591-961B-AE402F022DDC} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {1DB19332-2570-4EBF-B135-6EF53E47E77A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-17] (Adobe Systems Incorporated)
Task: {32B61344-F28C-4005-8D14-4F02D371A832} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {344E6A63-9C3F-4228-9675-EA03C371FADC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {37CA121A-D5BB-4442-9655-F59890FC1AD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {39312CA7-DB5E-48F9-8417-7C960442F85F} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {3A0390A8-8F2D-4E5C-B5CC-6BC4030D0215} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {3CFC5EAF-7A4C-4724-BE5A-8C973C7DAC0E} - System32\Tasks\ASC11_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2018-01-15] (IObit)
Task: {46EBF8C3-70AD-4AD6-B770-CD40D8ECA8F1} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4C619B7A-CEBB-41BA-8907-E751AE9EE46F} - System32\Tasks\{348358E3-977D-4559-8408-5BCEE7C0117F} => C:\WINDOWS\system32\pcalua.exe -a "C:\PROGRA~2\COMMON~1\InstallShield\Driver\7\Intel 32\IDriver.exe" -c /M{238E20DB-EF53-4388-9B97-2C9E45234D83}
Task: {4E48A462-839F-4A1A-92A2-491F7799E796} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {502F954F-0A44-448B-A880-90EF0545B467} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {5C559E6D-1DFA-418B-8C07-E17E1E3B15E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {63ECBF51-14A0-40B7-989D-E2F89ADE1F4A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {68878CFF-A04F-4A48-8C9E-564FF505B89B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-22] (Microsoft Corporation)
Task: {71762BBB-A913-4B38-A41F-7FE20FE94719} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {73A43D26-5A60-4406-9804-09116E3CE3EF} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {73C747F3-BC68-49F4-955A-9FF400E8843F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7435C672-531A-42D7-BBEE-2BE1C3EE4130} - System32\Tasks\SmartDefrag_AutoDefrag => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {75D16A9D-9EDD-4356-BF2B-13D0FCA19B95} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {7A3B3383-4770-47A3-B2C5-257870FD26B9} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-499928188-2534183837-3826530114-1001 -> No File <==== ATTENTION
Task: {7B108545-1B0E-47FE-B04D-B7494B15681D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {7C04B855-9F75-497E-944A-44084759A1E5} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe [2014-08-16] (NCH Software)
Task: {815BC4D0-5C7B-4D53-BD82-850C3861FD15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {84DD0A91-9FD9-4FDC-8158-0655654BDF56} - System32\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8BA49648-A0F0-4D90-88A9-C2BFB602C0C0} - System32\Tasks\G2MUploadTask-S-1-5-21-499928188-2534183837-3826530114-1001 => C:\Users\Greg\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {90BBAA26-7F9A-468F-9CBE-E26A0991040E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {90BFBACC-BCEE-4D4A-B494-10AFAACE5552} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9828A957-8238-42C0-BF6B-2F4F5A3B6067} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A2AFC6AA-8908-4852-B8EC-4FDC7C48B91F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {A2CC4EC3-C0D2-4141-A82D-D28F28786A37} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B60C963D-DC48-4FD7-86D1-21F55555617E} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-12-20] (IObit)
Task: {B74EEF3C-E8A2-4EC5-873C-05797CE03C4F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B774E650-7E9F-41B5-8429-720E0B978130} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {BCDD67A9-A4E4-4788-B0F0-9766F3A12F59} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {D01F8DEE-0DE0-4A9D-9DC0-0A720646123E} - \WPD\SqmUpload_S-1-5-21-499928188-2534183837-3826530114-1001 -> No File <==== ATTENTION
Task: {D0DF5BC5-61BF-485E-9E7C-9DB48957E0A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {D5B6B7D9-F6D5-4139-9FFD-497C578BD4CF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-22] (Microsoft Corporation)
Task: {DB5D6E42-21A9-4984-A7BD-F62EE517F812} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {DCBE7A24-E835-461A-AA35-96FBAFF044ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DE5B7C63-0110-4A07-A95D-19E938677E2B} - System32\Tasks\Opera scheduled Autoupdate 1517790891 => C:\Program Files\Opera\launcher.exe [2018-01-21] (Opera Software)
Task: {DF186096-F392-402A-ACE3-F1E7035DD0B4} - System32\Tasks\ASC11_SkipUac_Greg => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2018-02-07] (IObit)
Task: {E016F071-0B13-493C-8EBE-F44DF99443DF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FD92DBCA-D09B-4FBC-9C94-8DEA392D80A9} - System32\Tasks\G2MUpdateTask-S-1-5-21-499928188-2534183837-3826530114-1001 => C:\Users\Greg\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FE11B49E-3376-4B40-BCB1-7AE72AEF972A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => C:\Users\Greg\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => C:\Users\Greg\AppData\Local\GoToMeeting\7495\g2mupload.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Greg\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Watermark Pro\Buy Video Watermark Pro on online.lnk -> hxxp:
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Watermark Pro\Video Watermark Pro on the web.lnk -> hxxp:

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2011-04-12 13:53 - 2011-04-12 13:53 - 000015360 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitHook64.DLL
2017-12-13 18:33 - 2017-12-13 18:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 18:33 - 2017-12-13 18:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-29 13:35 - 2018-01-29 13:35 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-29 13:35 - 2018-01-29 13:35 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2011-04-12 13:53 - 2011-04-12 13:53 - 003951616 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe
2011-04-12 13:53 - 2011-04-12 13:53 - 000015872 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
2011-04-12 13:53 - 2011-04-12 13:53 - 000017920 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr64.exe
2018-02-26 00:47 - 2018-02-26 00:47 - 000013312 _____ () C:\Users\Greg\AppData\Roaming\betterds\winsrcsrv.exe
2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-02-17 13:52 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2018-02-17 13:52 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-02-17 13:52 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-02-17 13:52 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-01-18 23:10 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-01-18 23:10 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-01-18 23:10 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2011-04-12 13:53 - 2011-04-12 13:53 - 000013312 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitHook32.DLL
2018-01-14 03:33 - 2016-01-11 17:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2018-01-14 03:33 - 2016-01-11 17:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2011-04-12 13:53 - 2011-04-12 13:53 - 000011264 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitLib.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-10-29 22:13 - 2017-04-11 15:10 - 000275152 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\CrashRpt1403.dll
2017-10-29 22:13 - 2017-04-11 15:10 - 000092368 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\MouseHook.dll
2013-10-09 14:05 - 2013-03-12 07:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 22:53 - 2013-03-12 22:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-02-26 21:55 - 2018-02-26 21:55 - 000098816 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32api.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000110080 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\pywintypes27.dll
2018-02-26 21:55 - 2018-02-26 21:55 - 000364544 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\pythoncom27.dll
2018-02-26 21:55 - 2018-02-26 21:55 - 000320512 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32com.shell.shell.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000914432 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_hashlib.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 001176576 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._core_.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000806400 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._gdi_.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000816128 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._windows_.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 001067008 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._controls_.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000733184 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._misc_.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000682496 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\pysqlite2._sqlite.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000088064 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_ctypes.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000686080 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\unicodedata.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000119808 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32file.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000108544 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32security.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000007168 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\hashobjs_ext.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000017920 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\thumbnails_ext.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000088064 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\usb_ext.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000012800 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\common.time34.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000018432 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32event.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000167936 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32gui.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000046080 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_socket.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 001303552 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_ssl.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000128512 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_elementtree.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000127488 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\pyexpat.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000038912 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32inet.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000036864 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_psutil_windows.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000525208 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\windows._lib_cacheinvalidation.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000011264 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32crypt.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000123392 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._wizard.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000077312 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._html2.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000027648 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_multiprocessing.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000020480 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\_yappi.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000035840 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32process.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000078848 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\wx._animate.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000024064 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32pipe.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000010240 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\select.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000025600 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32pdh.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000017408 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32profile.pyd
2018-02-26 21:55 - 2018-02-26 21:55 - 000022528 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI103242\win32ts.pyd
2018-01-18 23:10 - 2017-05-22 11:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-01-18 23:10 - 2017-05-23 18:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-01-18 23:10 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2013-12-21 15:30 - 2013-08-12 08:32 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-02-26 22:07 - 2016-12-12 16:52 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2018-02-26 22:07 - 2016-12-12 16:52 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2018-02-26 22:07 - 2016-12-12 16:52 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:9DD812F4 [258]
AlternateDataStreams: C:\ProgramData\Temp:D31D1159 [194]
AlternateDataStreams: C:\ProgramData\Temp:EEDA5B17 [109]
AlternateDataStreams: C:\Users\Greg\Downloads\ashampoo_snap_9_e9.0.5_sm.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\BackuperyForGMail_5.0.224.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\ccsetup523.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\CintaNotes_3_4_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\DWS_Lite.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_2_84_Deluxe.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_3_15_Beta.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_3_16_Deluxe.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\KeyScrambler_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\LeadGenerationMagic.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\save2pc_full.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\save2pc_ult.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\sosint.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\sosintwr.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\torbrowser-install-6.0.5_en-US.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\torbrowser-install-6.0.6_en-US.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\tskmgr-single-user-20-20.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e [400]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-02-22 00:11 - 2018-02-26 21:51 - 000004054 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 91 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254 - 75.153.171.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: wlidsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "iSyncr.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 5.0 HD Edition.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\StartupFolder: => "C-Organizer Pro.lnk"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "AllMyNotes"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Skitch"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "DVDFab Passkey"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "WowApp"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615piz"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "SharewareOnSale Notifier"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "WeatherBuddy"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E65D855E-F4D4-460B-9C2A-0CB66F0C42EE}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [TCP Query User{C1FA680C-4227-4AA3-BAE2-364BC953DE1B}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [{C00C0A22-5E6D-44E2-BAB8-AD6B0271705A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{DC9396C9-3E18-48D2-9CC7-4565BC2EFD12}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{4F061097-9231-4871-8D6F-D81BC2026E32}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [UDP Query User{A10B3E5D-A472-4F36-B24F-A10740C40538}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{C387B4FA-0E65-472E-A321-90DEC27D6B1C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{FC33E8B3-EE30-4912-9419-CF6FFC5E1408}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{0B395875-4D9D-4667-A211-2B7D8B1140A6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{0FA2C288-F50B-4F34-9A03-4BFD1B6447F3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5C2618F6-87EA-4183-90F8-EBCE47A07499}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2563FE31-301F-47C2-A5C4-2E95944D0FAA}] => (Block) LPort=445
FirewallRules: [{AB91B1FE-A714-4C66-97CE-D1BF9DAA7690}] => (Block) LPort=445
FirewallRules: [UDP Query User{1893F8FD-F3D1-4194-A73E-86D182024E28}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{61E8FC66-F59D-4F61-84E4-E7CFF5907798}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{135DC987-C162-41CD-B842-30C6CBC1504C}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{3871EE98-6368-48D7-A637-71DB1C4C0BBA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7631AD9F-42F8-4934-90A2-B43D48C79311}] => (Allow) LPort=1900
FirewallRules: [{225DD08C-456C-4D77-A3A6-05F3F90CC052}] => (Allow) LPort=2869
FirewallRules: [{5D1FB571-592F-44BD-9ADA-58BB47247D9E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FD4B922A-90BA-448C-B015-20DD0CBFE812}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7266E1A0-A238-4E9A-B8B2-EBDD543D3311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53D9D529-DA5E-4CBC-82A6-EA01CCF92FF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9661EFE-628E-4382-B2D2-02BDB35ABA46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C71A65E7-740B-4798-9C7A-FFF14670177C}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{091675E3-D554-4684-B84D-8CA03829106F}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{853E5154-0EB2-44BC-A883-FC5439DC89D3}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{D69E33BE-3876-4BCA-8149-A1A204AE48BB}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{023218D8-8C4A-493C-A453-7DA6018D32A0}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{B8E6A67B-C107-4861-835D-578A7FFECF17}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{DCD5F6C8-BFC3-4C7C-96F6-2BE334030A33}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{D0DF4DC9-A330-4EE0-B0C5-879E84CBCE92}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{F5C0607A-3FF9-4400-A50D-24014A754A92}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{8E8C815E-026B-44F7-8A92-C6666E22DF8A}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{2ECBC90E-CBEA-4A68-B65C-B1E12CE1A7E6}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{27789A0B-7014-4616-B13D-2198A3AF3011}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{996B5976-3586-4A25-BC4E-DE8296A877A7}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [{2A69EBF7-61A3-4EA4-A94D-D4B9F4B3B433}] => (Allow) C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
FirewallRules: [UDP Query User{31C9B40C-F7B9-4F21-AC14-C507B177286E}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Block) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [TCP Query User{2596B1A1-6AE7-45FD-8D76-7321F12DA83F}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Block) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [UDP Query User{02D76A5A-98DB-4F56-BD28-2E05401634CD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{20B4BE29-0B5E-4E25-B539-9E91A7F9DA08}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F1667EC0-1731-4769-BE51-B867D81AB6FC}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Block) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [TCP Query User{53DD6617-3518-4195-B7B6-D341015C8488}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Block) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [{396ED241-4895-4F09-9EA4-B2E32E57DBD5}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{8B6F906A-2B76-4BBE-B536-B0E56BD4000D}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{373B80A4-48A6-4256-B4F7-F31382BFB955}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8B454368-DEF8-41BB-B978-B89BEA9ACA1E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7692BDE2-D4D5-4716-B4B7-FD0BB55ED99D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8CCEB7AF-E92B-4B6B-B58E-7E087D623810}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E90DD970-6AB3-479B-9D06-E87641D1B34A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B238EB34-3E44-463C-9E5A-6433F3B45944}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{1F237960-91FF-4B80-9BE9-E56976763820}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{9476568B-7428-4FEC-8D37-AE335DE5EB7F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7BD5C709-61CF-42CF-990D-E9211EC33446}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{4DE5BBFC-07C9-40CE-9FD9-A2C200F3FEB2}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E609C42F-D750-4265-B4C3-C13BE855E775}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D853810D-58C6-4955-9762-873C626EFEA9}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{9DCD5FCE-881E-4358-85B1-ADB708777E27}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{3FC5A307-B791-4E5F-8469-171D23E20FE9}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{A9094341-95D1-4E25-BF29-51A2CB1123A8}] => (Allow) C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
FirewallRules: [{4C349CBD-A76B-4223-B324-2E2A03FEF2AB}] => (Allow) C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
FirewallRules: [{401751CB-67DA-4357-B39A-58700DD259E6}] => (Allow) C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
FirewallRules: [{5376A4C2-29BA-43AB-A62D-130C7BFBD83B}] => (Allow) C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
FirewallRules: [{F41984C9-E971-49BA-ABBF-EB38669CFDFE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{066F0185-6C93-444C-B695-4FD6317074AF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{73B88C33-2432-4C51-A39E-C4C585AAD676}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7BDA9CE4-2F1D-4065-BD4A-678F7563B527}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1950A7D8-3347-420C-8D1F-72DD8C7E7534}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{133B4B71-B3E1-4307-BBD0-826079B77F29}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{2A8A5919-519C-4F84-A63A-65F1DFC43C10}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{002BCF1F-CC55-4A2D-8B6F-35747DE35937}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{74EBF55D-C727-414D-BF17-6699325A115C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{927EEFC0-9E86-476B-A36C-C717AEA8FF27}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CEFE4207-549B-4D90-9728-15E877DB92A9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{47E3B40A-B5D7-4543-9247-7ED65086DC01}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{AC0F9D1E-3C92-4DF6-AF27-4029729C9745}] => (Allow) C:\Users\Greg\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{DE019BD7-FBB5-4FFD-8798-4BCFC5F93038}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{85711213-079F-4A45-BF2F-01024205A46E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{8EE9D362-3B59-474F-AFF9-1BB88957E58A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{526C4D13-A812-491F-988C-0CAA9DE84544}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{0894ECA5-7273-40AC-B604-DC6B9ACEB4D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C85955B5-9E90-471E-8552-2994A0B92AA0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{716ACC47-26B2-4488-98A0-8110719D05D0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F1F395A9-059D-4786-A756-3E0DCD42B611}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{41FDBCE8-0527-4291-B0A3-E1C27E220BE0}] => (Allow) C:\Users\Greg\AppData\Roaming\Steganos\OnlineShield\Proxy\node.exe
FirewallRules: [{8E3CA3D6-140A-4FA3-98F2-A7CB59013D66}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F8BDFD86-377C-461C-9431-B009BF900407}] => (Allow) C:\Program Files\Opera\50.0.2762.67\opera.exe
FirewallRules: [TCP Query User{EC83CC72-7F21-4420-8CB6-5513B47F80A6}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{8E990C8F-6C7C-4131-8031-D400D8F07F8A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [{DE0E398D-3F49-49FD-B95F-706A2948454C}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{1CC78A3D-B103-4D7A-9B42-E54DE8F4F66F}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{82A99B43-01F6-448D-91CA-B436C5B06D6D}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{1449B885-5DB4-49E8-B052-C8DF3B3BADC4}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [TCP Query User{FB70B353-D5E8-4D38-9872-7CC7224AD7FA}C:\users\greg\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\greg\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{8E9AEC7F-6C8D-4D7C-8A6F-B206D419D132}C:\users\greg\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\greg\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{F9495F72-4E7D-4E95-94BC-990A25DA8785}C:\users\greg\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\greg\appdata\local\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{3649580D-033D-4154-AF55-287E59315113}C:\users\greg\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\greg\appdata\local\warthunder\win64\aces.exe
FirewallRules: [{9EF4A0C7-7294-4BDD-B01A-C3CC991AF4E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{29CFA7BA-FBF7-4140-BE0D-DA4E50DDBA03}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

26-02-2018 16:10:52 Scheduled Checkpoint
26-02-2018 21:49:07 Removed WeatherBuddy

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2018 09:16:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname downstair-pc.local already in use; will try downstair-pc-2.local instead

Error: (02/26/2018 09:16:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 downstair-pc.local. Addr 192.168.1.71

Error: (02/26/2018 09:16:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353   16 downstair-pc.local. AAAA 2001:056A:75A2:F300:810E:014D:AA39:81EB

Error: (02/26/2018 09:05:14 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (02/26/2018 09:05:14 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (02/26/2018 08:25:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_Firefox, version: 1.0.0.0, time stamp: 0x584dca3f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc06d007e
Fault offset: 0x001008b2
Faulting process id: 0x4894
Faulting application start time: 0x01d3af7a98d7c3e3
Faulting application path: C:\Users\Greg\AppData\Local\Temp\7zS44AE.tmp\setup.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3c3f8f1a-23c8-4fc7-8eef-9f773c459d31
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2018 07:30:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_Firefox, version: 1.0.0.0, time stamp: 0x584dca3f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc06d007e
Fault offset: 0x001008b2
Faulting process id: 0x3074
Faulting application start time: 0x01d3af72c62c92e0
Faulting application path: C:\Users\Greg\AppData\Local\Temp\7zSF5AC.tmp\setup.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 80b19047-b26b-4bab-b802-7dfa9aa666b7
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2018 12:29:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname downstair-pc.local already in use; will try downstair-pc-2.local instead

System errors:
=============
Error: (02/26/2018 10:09:18 PM) (Source: DCOM) (EventID: 10016) (User: DOWNSTAIR-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user downstair-pc\Greg SID (S-1-5-21-499928188-2534183837-3826530114-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2018 10:07:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IMF Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/26/2018 10:00:30 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The TLS connection request has failed. The attached data contains the server certificate.

Error: (02/26/2018 10:00:21 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The TLS connection request has failed. The attached data contains the server certificate.

Error: (02/26/2018 10:00:16 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The TLS connection request has failed. The attached data contains the server certificate.

Error: (02/26/2018 10:00:14 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The TLS connection request has failed. The attached data contains the server certificate.

Error: (02/26/2018 09:57:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2018 09:57:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================

Date: 2018-02-26 00:48:40.734
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.67\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-26 00:48:40.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.67\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-26 00:36:08.275
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-26 00:36:08.274
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-26 00:36:08.260
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-26 00:36:08.259
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-26 00:36:08.244
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-26 00:36:08.242
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 45%
Total physical RAM: 8147.35 MB
Available physical RAM: 4416.72 MB
Total Virtual: 13011.35 MB
Available Virtual: 8109.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.64 GB) (Free:146.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.61 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (SimpleDrive) (Fixed) (Total:298.09 GB) (Free:26.11 GB) NTFS

\\?\Volume{4fc6d7a9-d295-4a16-8d77-3bdab76785a4}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.64 GB) NTFS
\\?\Volume{2c0bae54-7976-4b23-b7a6-5efdbacc5e98}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.31 GB) FAT32
\\?\Volume{0f32a574-36a9-406b-a1bd-087c02e752f8}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{825c3c32-9ad9-4625-95a6-1493accbe4d9}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F9B9E3C3)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7B794979)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
RKinner
Posted 02 March 2018 - 08:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Multiple replies are OK so post the logs as you get them.

 

Uninstall:

 

Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.2.0 - IObit)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.2.0.11 - IObit)

SharewareOnSale Notifier (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.8.0 - IObit)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)

Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WowApp (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\WowApp) (Version: 13.0.3 - WowApp)
Yahoo! Powered (HKLM-x32\...\{A14B498B-F1CB-980B-404B-E88B90CB3B0B}) (Version:  - ) <==== ATTENTION

 

Reboot

 

Download the attached fixlist.txt to the same location as FRST
[attachment=86841:fixlist.txt]


Run FRST and press Fix
A fix log will be generated please post that

 


Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 

 


  • 0

#3
gnrook
Posted 03 March 2018 - 10:44 PM

gnrook

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thank You RKinner for the reply here is my fixit log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Greg (03-03-2018 21:34:21) Run:1
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5866768 2018-01-22] (IObit)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [SharewareOnSale Notifier] => C:\ProgramData\SharewareOnSale Notifier\SharewareOnSale Notifier.exe [1008816 2016-10-25] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-17] (SUPERAntiSpyware)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
C:\Users\Greg\Downloads\HijackThis.exe
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [WowApp] => C:\Users\Greg\AppData\Roaming\WowApp\WowApp.exe [16001936 2017-08-01] (YouWowMe Romania SRL)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Advanced SystemCare 11] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3580176 2018-01-16] (IObit)
BootExecute: autocheck autochk * sdnclean64.exe
SearchScopes: HKLM -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_31&cd=2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtDtAzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEyD0AtC0A0EyCzztGtCyCyB0BtGzztAzzyCtGtBtDyEtDtG0DtByC0ByB0DtC0Fzz0AtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzutB&cr=484410714&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_31&cd=2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtDtAzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEyD0AtC0A0EyCzztGtCyCyB0BtGzztAzzyCtGtBtDyEtDtG0DtByC0ByB0DtC0Fzz0AtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzutB&cr=484410714&ir=&q={searchTerms}
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2018-01-31]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService11; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1056016 2018-01-30] (IObit)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2007608 2016-07-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Secure Hunter Service; C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe [47416 2016-02-23] (SecureHunter LLC) [File not signed]
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-12] (Windscribe Limited)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-07-31] (The OpenVPN Project)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-16] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-23] (IObit.com)
R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [39792 2017-09-28] (IObit.com)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-17] (IObit.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
2018-02-26 12:32 - 2018-02-26 12:32 - 000000000 ____D C:\Users\Greg\AppData\Local\WeatherBuddy
2018-02-26 00:48 - 2018-02-26 00:48 - 000000062 _____ C:\WINDOWS\WeatherBuddy.INI
2018-02-26 00:47 - 2018-02-26 20:59 - 000151040 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Roaming\upp.exe
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Roaming\betterds
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Local\Package Cache
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-02-26 00:46 - 2018-02-26 00:46 - 007609856 _____ C:\Users\Greg\Downloads\flashplayer_setup.exe
2018-02-26 00:45 - 2018-02-26 00:45 - 001730580 _____ ( ) C:\Users\Greg\Downloads\adobe_flash_setup_3103816377.exe2018-02-26 20:59 - 2018-02-26 20:59 - 001730580 _____ (                                                            ) C:\Users\Greg\AppData\Local\Temp\ICReinstall_adobe_flash_setup_3103816377.exe
2018-02-26 21:02 - 2018-02-26 21:02 - 004167312 _____ (Don HO [email protected]) C:\Users\Greg\AppData\Local\Temp\npp.7.5.4.Installer.exe
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AdChances] => C:\Users\Greg\AppData\Roaming\betterds\winsrcsrv.exe [13312 2018-02-26] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AdChan] => C:\Users\Greg\AppData\Roaming\betterds\run.exe [8192 2018-02-26] ()
C:\Users\Greg\AppData\Roaming\betterds
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [WeatherBuddy] => C:\Users\Greg\AppData\Local\WeatherBuddy\WeatherBuddy.exe [4075520 2017-12-08] (ELLS LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk [2017-08-09]
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}\_70A02663DFC8789EC3D334.exe ()
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-499928188-2534183837-3826530114-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-499928188-2534183837-3826530114-1001] => 127.0.0.1:8003
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm
2018-02-26 12:32 - 2018-02-26 12:32 - 000000000 ____D C:\Users\Greg\AppData\Local\WeatherBuddy
2018-02-26 00:48 - 2018-02-26 00:48 - 000000062 _____ C:\WINDOWS\WeatherBuddy.INI
2018-02-26 00:47 - 2018-02-26 20:59 - 000151040 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Roaming\upp.exe
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Roaming\betterds
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Local\Package Cache
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-02-26 00:46 - 2018-02-26 00:46 - 007609856 _____ C:\Users\Greg\Downloads\flashplayer_setup.exe
2018-02-26 00:45 - 2018-02-26 00:45 - 001730580 _____ ( ) C:\Users\Greg\Downloads\adobe_flash_setup_3103816377.exe
Task: {009D2F73-CB2B-48FF-BB05-45C7385E6DFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {074BAF7E-CC70-41E3-9348-CE558E6ADB38} - System32\Tasks\{E54C889E-0C3C-4662-814B-58D06D8E94A8} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Task Manager 20-20\uninstall.exe" -c C:\ProgramData\Task Manager 20-20\INSTALL.LOG
Task: {0E714097-D7D0-4597-8EBE-07DF99E20B9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1DB19332-2570-4EBF-B135-6EF53E47E77A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-17] (Adobe Systems Incorporated)
Task: {32B61344-F28C-4005-8D14-4F02D371A832} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {344E6A63-9C3F-4228-9675-EA03C371FADC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {3CFC5EAF-7A4C-4724-BE5A-8C973C7DAC0E} - System32\Tasks\ASC11_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2018-01-15] (IObit)
Task: {46EBF8C3-70AD-4AD6-B770-CD40D8ECA8F1} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4C619B7A-CEBB-41BA-8907-E751AE9EE46F} - System32\Tasks\{348358E3-977D-4559-8408-5BCEE7C0117F} => C:\WINDOWS\system32\pcalua.exe -a "C:\PROGRA~2\COMMON~1\InstallShield\Driver\7\Intel 32\IDriver.exe" -c /M{238E20DB-EF53-4388-9B97-2C9E45234D83}
Task: {4E48A462-839F-4A1A-92A2-491F7799E796} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5C559E6D-1DFA-418B-8C07-E17E1E3B15E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {63ECBF51-14A0-40B7-989D-E2F89ADE1F4A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {71762BBB-A913-4B38-A41F-7FE20FE94719} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {73A43D26-5A60-4406-9804-09116E3CE3EF} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {73C747F3-BC68-49F4-955A-9FF400E8843F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7435C672-531A-42D7-BBEE-2BE1C3EE4130} - System32\Tasks\SmartDefrag_AutoDefrag => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {7A3B3383-4770-47A3-B2C5-257870FD26B9} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-499928188-2534183837-3826530114-1001 -> No File <==== ATTENTION
Task: {815BC4D0-5C7B-4D53-BD82-850C3861FD15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {84DD0A91-9FD9-4FDC-8158-0655654BDF56} - System32\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {90BBAA26-7F9A-468F-9CBE-E26A0991040E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {90BFBACC-BCEE-4D4A-B494-10AFAACE5552} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9828A957-8238-42C0-BF6B-2F4F5A3B6067} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A2CC4EC3-C0D2-4141-A82D-D28F28786A37} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B60C963D-DC48-4FD7-86D1-21F55555617E} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-12-20] (IObit)
Task: {B74EEF3C-E8A2-4EC5-873C-05797CE03C4F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B774E650-7E9F-41B5-8429-720E0B978130} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {BCDD67A9-A4E4-4788-B0F0-9766F3A12F59} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {D01F8DEE-0DE0-4A9D-9DC0-0A720646123E} - \WPD\SqmUpload_S-1-5-21-499928188-2534183837-3826530114-1001 -> No File <==== ATTENTION
Task: {DB5D6E42-21A9-4984-A7BD-F62EE517F812} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {DCBE7A24-E835-461A-AA35-96FBAFF044ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DF186096-F392-402A-ACE3-F1E7035DD0B4} - System32\Tasks\ASC11_SkipUac_Greg => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2018-02-07] (IObit)
Task: {E016F071-0B13-493C-8EBE-F44DF99443DF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FE11B49E-3376-4B40-BCB1-7AE72AEF972A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => C:\Users\Greg\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => C:\Users\Greg\AppData\Local\GoToMeeting\7495\g2mupload.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
AlternateDataStreams: C:\ProgramData\Temp:9DD812F4 [258]
AlternateDataStreams: C:\ProgramData\Temp:D31D1159 [194]
AlternateDataStreams: C:\ProgramData\Temp:EEDA5B17 [109]
AlternateDataStreams: C:\Users\Greg\Downloads\ashampoo_snap_9_e9.0.5_sm.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\BackuperyForGMail_5.0.224.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\ccsetup523.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\CintaNotes_3_4_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\DWS_Lite.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_2_84_Deluxe.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_3_15_Beta.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_3_16_Deluxe.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\KeyScrambler_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\LeadGenerationMagic.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\save2pc_full.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\save2pc_ult.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\sosint.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\sosintwr.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\torbrowser-install-6.0.5_en-US.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\torbrowser-install-6.0.6_en-US.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\tskmgr-single-user-20-20.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e [400]
IE trusted site: HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615piz"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "SharewareOnSale Notifier"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "WeatherBuddy"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Web Companion"
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
AVG (HKLM\...\{4A4C705B-6D2D-4868-9C1C-02C7AAC7F32F}) (Version: 16.91.7690 - AVG Technologies) Hidden
Weather Buddy (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{f1ba6611-16fa-402f-b96c-659c8cf67e1a}) (Version: 1.0.23 - ELLS LLC) Hidden
WeatherBuddy (HKLM-x32\...\{4E3A1F8F-C363-4867-ADBD-8FF780DE9322}) (Version: 1.0.26 - ELLS LLC) Hidden <==== ATTENTION
Hosts:
CMD: ipconfig /all
CMD: netstat -rn
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"













*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter" => not found
"HKU\Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]SharewareOnSale Notifier" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Windscribe" => removed successfully
C:\Users\Greg\Downloads\HijackThis.exe => moved successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WowApp" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 11" => not found
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
HKLM\Software\Classes\CLSID\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2018-01-31] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => not found
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => not found
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => not found
!SASCORE => service not found.
AdvancedSystemCareService11 => service not found.
"HKLM\System\CurrentControlSet\Services\avgfws" => removed successfully
avgfws => service removed successfully
"HKLM\System\CurrentControlSet\Services\avgwd" => removed successfully
avgwd => service removed successfully
IObitUnSvr => service not found.
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
"HKLM\System\CurrentControlSet\Services\Secure Hunter Service" => removed successfully
Secure Hunter Service => service removed successfully
WindscribeService => service not found.
"HKLM\System\CurrentControlSet\Services\aswTap" => removed successfully
aswTap => service removed successfully
IMFCameraProtect => service not found.
IMFDownProtect => service not found.
IMFFilter => service not found.
IMFForceDelete => service not found.
iobit_monitor_server => service not found.
"HKLM\System\CurrentControlSet\Services\IUFileFilter" => removed successfully
IUFileFilter => service removed successfully
IURegProcessFilter => service not found.
RegFilter => service not found.
SASDIFSV => service not found.
SASKUTIL => service not found.
SmartDefragDriver => service not found.
"HKLM\System\CurrentControlSet\Services\tap0901" => removed successfully
tap0901 => service removed successfully
"HKLM\System\CurrentControlSet\Services\tapwindscribe0901" => removed successfully
tapwindscribe0901 => service removed successfully
"C:\Users\Greg\AppData\Local\WeatherBuddy" => not found
"C:\WINDOWS\WeatherBuddy.INI" => not found
"C:\Users\Greg\AppData\Roaming\upp.exe" => not found

"C:\Users\Greg\AppData\Roaming\betterds" folder move:

Could not move "C:\Users\Greg\AppData\Roaming\betterds" => Scheduled to move on reboot.

C:\Users\Greg\AppData\Local\Package Cache => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Users\Greg\Downloads\flashplayer_setup.exe => moved successfully
"C:\Users\Greg\AppData\Local\Temp\ICReinstall_adobe_flash_setup_3103816377.exe" => not found
C:\Users\Greg\AppData\Local\Temp\npp.7.5.4.Installer.exe => moved successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdChances" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdChan" => removed successfully

"C:\Users\Greg\AppData\Roaming\betterds" folder move:

Could not move "C:\Users\Greg\AppData\Roaming\betterds" => Scheduled to move on reboot.

"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherBuddy" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk => moved successfully
C:\Windows\Installer\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}\_70A02663DFC8789EC3D334.exe => moved successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => not found
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => not found
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm => moved successfully
"C:\Users\Greg\AppData\Local\WeatherBuddy" => not found
"C:\WINDOWS\WeatherBuddy.INI" => not found
"C:\Users\Greg\AppData\Roaming\upp.exe" => not found

"C:\Users\Greg\AppData\Roaming\betterds" folder move:

Could not move "C:\Users\Greg\AppData\Roaming\betterds" => Scheduled to move on reboot.

"C:\Users\Greg\AppData\Local\Package Cache" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft" => not found
"C:\Users\Greg\Downloads\flashplayer_setup.exe" => not found
"C:\Users\Greg\Downloads\adobe_flash_setup_3103816377.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{009D2F73-CB2B-48FF-BB05-45C7385E6DFE} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{074BAF7E-CC70-41E3-9348-CE558E6ADB38}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{074BAF7E-CC70-41E3-9348-CE558E6ADB38}" => removed successfully
C:\WINDOWS\System32\Tasks\{E54C889E-0C3C-4662-814B-58D06D8E94A8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E54C889E-0C3C-4662-814B-58D06D8E94A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E714097-D7D0-4597-8EBE-07DF99E20B9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E714097-D7D0-4597-8EBE-07DF99E20B9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB19332-2570-4EBF-B135-6EF53E47E77A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB19332-2570-4EBF-B135-6EF53E47E77A}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32B61344-F28C-4005-8D14-4F02D371A832}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32B61344-F28C-4005-8D14-4F02D371A832}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344E6A63-9C3F-4228-9675-EA03C371FADC} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFC5EAF-7A4C-4724-BE5A-8C973C7DAC0E} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\ASC11_PerformanceMonitor" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46EBF8C3-70AD-4AD6-B770-CD40D8ECA8F1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46EBF8C3-70AD-4AD6-B770-CD40D8ECA8F1}" => removed successfully
C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Deskjet 3050A J611 series" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C619B7A-CEBB-41BA-8907-E751AE9EE46F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C619B7A-CEBB-41BA-8907-E751AE9EE46F}" => removed successfully
C:\WINDOWS\System32\Tasks\{348358E3-977D-4559-8408-5BCEE7C0117F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{348358E3-977D-4559-8408-5BCEE7C0117F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E48A462-839F-4A1A-92A2-491F7799E796}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E48A462-839F-4A1A-92A2-491F7799E796}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C559E6D-1DFA-418B-8C07-E17E1E3B15E2} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63ECBF51-14A0-40B7-989D-E2F89ADE1F4A} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888 => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71762BBB-A913-4B38-A41F-7FE20FE94719}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71762BBB-A913-4B38-A41F-7FE20FE94719}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73A43D26-5A60-4406-9804-09116E3CE3EF} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_Update" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73C747F3-BC68-49F4-955A-9FF400E8843F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C747F3-BC68-49F4-955A-9FF400E8843F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7435C672-531A-42D7-BBEE-2BE1C3EE4130} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_AutoDefrag" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoDefrag => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A3B3383-4770-47A3-B2C5-257870FD26B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A3B3383-4770-47A3-B2C5-257870FD26B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-499928188-2534183837-3826530114-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{815BC4D0-5C7B-4D53-BD82-850C3861FD15}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{815BC4D0-5C7B-4D53-BD82-850C3861FD15}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84DD0A91-9FD9-4FDC-8158-0655654BDF56} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510 => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90BBAA26-7F9A-468F-9CBE-E26A0991040E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BBAA26-7F9A-468F-9CBE-E26A0991040E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90BFBACC-BCEE-4D4A-B494-10AFAACE5552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BFBACC-BCEE-4D4A-B494-10AFAACE5552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9828A957-8238-42C0-BF6B-2F4F5A3B6067}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9828A957-8238-42C0-BF6B-2F4F5A3B6067}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2CC4EC3-C0D2-4141-A82D-D28F28786A37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CC4EC3-C0D2-4141-A82D-D28F28786A37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B60C963D-DC48-4FD7-86D1-21F55555617E} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_Startup" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B74EEF3C-E8A2-4EC5-873C-05797CE03C4F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B74EEF3C-E8A2-4EC5-873C-05797CE03C4F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B774E650-7E9F-41B5-8429-720E0B978130}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B774E650-7E9F-41B5-8429-720E0B978130}" => removed successfully
C:\WINDOWS\System32\Tasks\IObitSelfCheckTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObitSelfCheckTask" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCDD67A9-A4E4-4788-B0F0-9766F3A12F59} => could not remove. Access Denied.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Automatic Updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D01F8DEE-0DE0-4A9D-9DC0-0A720646123E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D01F8DEE-0DE0-4A9D-9DC0-0A720646123E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-499928188-2534183837-3826530114-1001" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB5D6E42-21A9-4984-A7BD-F62EE517F812} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoAnalyze => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCBE7A24-E835-461A-AA35-96FBAFF044ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCBE7A24-E835-461A-AA35-96FBAFF044ED}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF186096-F392-402A-ACE3-F1E7035DD0B4} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\ASC11_SkipUac_Greg" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_SkipUac_Greg => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E016F071-0B13-493C-8EBE-F44DF99443DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E016F071-0B13-493C-8EBE-F44DF99443DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE11B49E-3376-4B40-BCB1-7AE72AEF972A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE11B49E-3376-4B40-BCB1-7AE72AEF972A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => moved successfully
C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => moved successfully
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888.job" => not found
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510.job" => not found
C:\ProgramData\Temp => ":9DD812F4" ADS removed successfully
C:\ProgramData\Temp => ":D31D1159" ADS removed successfully
C:\ProgramData\Temp => ":EEDA5B17" ADS removed successfully
C:\Users\Greg\Downloads\ashampoo_snap_9_e9.0.5_sm.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\BackuperyForGMail_5.0.224.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\ccsetup523.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\CintaNotes_3_4_Setup.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\DWS_Lite.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\Install_AllMyNotes_2_84_Deluxe.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\Install_AllMyNotes_3_15_Beta.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\Install_AllMyNotes_3_16_Deluxe.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\KeyScrambler_Setup.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\LeadGenerationMagic.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\save2pc_full.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\save2pc_ult.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\sosint.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\sosintwr.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\SUPERAntiSpywarePro.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\torbrowser-install-6.0.5_en-US.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\torbrowser-install-6.0.6_en-US.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\tskmgr-single-user-20-20.exe => ":BDU" ADS removed successfully
C:\Users\Greg\AppData\Local\desktop.ini => ":07a19238af92db80fe9045ca73c7a84e" ADS removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AVG-Secure-Search-Update_0615piz" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0615piz" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SharewareOnSale Notifier" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SharewareOnSale Notifier" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Windscribe" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windscribe" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\WeatherBuddy" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WeatherBuddy" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Web Companion" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A4C705B-6D2D-4868-9C1C-02C7AAC7F32F}\\SystemComponent" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f1ba6611-16fa-402f-b96c-659c8cf67e1a}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4E3A1F8F-C363-4867-ADBD-8FF780DE9322}\\SystemComponent" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /all =========


Windows IP Configuration

   Host Name . . . . . . . . . . . . : downstair-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : telus

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-46-A0-A0-B8-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 70-18-8B-56-55-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : telus
   Description . . . . . . . . . . . : Ralink RT3290 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 70-18-8B-56-55-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:56a:75a2:f300:810e:14d:aa39:81eb(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:56a:75a2:f300:2548:f7b5:262d:f98d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::810e:14d:aa39:81eb%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : March 3, 2018 9:29:56 PM
   Lease Expires . . . . . . . . . . : March 4, 2018 9:29:54 PM
   Default Gateway . . . . . . . . . : fe80::1278:5bff:fedb:4da0%5
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 359667851
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-F0-FA-69-74-46-A0-A0-B8-50
   DNS Servers . . . . . . . . . . . : 2001:568:ff09:10c::53
                                       2001:568:ff09:10a::114
                                       192.168.1.254
                                       75.153.171.114
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 70-18-8B-56-55-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

========= End of CMD: =========


========= netstat -rn =========

===========================================================================
Interface List
 15...74 46 a0 a0 b8 50 ......Realtek PCIe GBE Family Controller
 12...70 18 8b 56 55 35 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...70 18 8b 56 55 33 ......Ralink RT3290 802.11bgn Wi-Fi Adapter
  3...70 18 8b 56 55 34 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.71     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.71    311
     192.168.1.71  255.255.255.255         On-link      192.168.1.71    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.71    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.71    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.71    311
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    157.56.121.89  255.255.255.255         On-link        1
   157.55.133.204  255.255.255.255         On-link        1
    157.55.129.21  255.255.255.255         On-link        1
     77.67.29.176  255.255.255.255         On-link        1
     65.52.108.33  255.255.255.255         On-link        1
     23.57.107.27  255.255.255.255         On-link        1
    23.57.107.163  255.255.255.255         On-link        1
    23.57.101.163  255.255.255.255         On-link        1
      65.55.39.10  255.255.255.255         On-link        1
     23.223.20.82  255.255.255.255         On-link        1
       2.22.61.66  255.255.255.255         On-link        1
       2.22.61.43  255.255.255.255         On-link        1
     157.56.96.54  255.255.255.255         On-link        1
    157.56.124.87  255.255.255.255         On-link        1
   157.56.106.189  255.255.255.255         On-link        1
   157.55.240.220  255.255.255.255         On-link        1
     104.96.147.3  255.255.255.255         On-link        1
   137.117.235.16  255.255.255.255         On-link        1
    137.116.81.24  255.255.255.255         On-link        1
   111.221.29.253  255.255.255.255         On-link        1
     65.55.252.71  255.255.255.255         On-link        1
     65.55.252.63  255.255.255.255         On-link        1
    65.55.138.186  255.255.255.255         On-link        1
    65.55.138.126  255.255.255.255         On-link        1
    65.55.138.114  255.255.255.255         On-link        1
     65.55.108.23  255.255.255.255         On-link        1
     65.52.108.29  255.255.255.255         On-link        1
   134.170.115.60  255.255.255.255         On-link        1
     65.52.100.94  255.255.255.255         On-link        1
     65.52.100.93  255.255.255.255         On-link        1
   111.221.29.177  255.255.255.255         On-link        1
   134.170.185.70  255.255.255.255         On-link        1
     65.52.100.92  255.255.255.255         On-link        1
     65.52.100.91  255.255.255.255         On-link        1
      65.52.100.9  255.255.255.255         On-link        1
      65.52.100.7  255.255.255.255         On-link        1
     65.52.100.11  255.255.255.255         On-link        1
    65.39.117.230  255.255.255.255         On-link        1
       64.4.6.100  255.255.255.255         On-link        1
       64.4.54.32  255.255.255.255         On-link        1
   134.170.30.202  255.255.255.255         On-link        1
  134.170.165.248  255.255.255.255         On-link        1
       64.4.54.22  255.255.255.255         On-link        1
  134.170.165.253  255.255.255.255         On-link        1
    23.218.212.69  255.255.255.255         On-link        1
      23.99.10.11  255.255.255.255         On-link        1
      23.102.21.4  255.255.255.255         On-link        1
   212.30.134.205  255.255.255.255         On-link        1
   212.30.134.204  255.255.255.255         On-link        1
   207.68.166.254  255.255.255.255         On-link        1
    207.46.223.94  255.255.255.255         On-link        1
    207.46.114.58  255.255.255.255         On-link        1
     65.55.29.238  255.255.255.255         On-link        1
    207.46.101.29  255.255.255.255         On-link        1
    131.253.40.37  255.255.255.255         On-link        1
    191.232.139.2  255.255.255.255         On-link        1
   204.79.197.200  255.255.255.255         On-link        1
  191.237.208.126  255.255.255.255         On-link        1
    191.232.80.62  255.255.255.255         On-link        1
    191.232.80.58  255.255.255.255         On-link        1
  191.232.139.254  255.255.255.255         On-link        1
   168.63.108.233  255.255.255.255         On-link        1
     157.56.91.77  255.255.255.255         On-link        1
     65.55.252.93  255.255.255.255         On-link        1
     65.55.252.92  255.255.255.255         On-link        1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    311 ::/0                     fe80::1278:5bff:fedb:4da0
  1    331 ::1/128                  On-link
  5    311 2001:56a:75a2:f300::/64  On-link
  5    311 2001:56a:75a2:f300:2548:f7b5:262d:f98d/128
                                    On-link
  5    311 2001:56a:75a2:f300:810e:14d:aa39:81eb/128
                                    On-link
  5    311 fe80::/64                On-link
  5    311 fe80::810e:14d:aa39:81eb/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-03-2018 21:36:52)

C:\Users\Greg\AppData\Roaming\betterds => Is moved successfully
C:\Users\Greg\AppData\Roaming\betterds => Is moved successfully
C:\Users\Greg\AppData\Roaming\betterds => Is moved successfully

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{009D2F73-CB2B-48FF-BB05-45C7385E6DFE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344E6A63-9C3F-4228-9675-EA03C371FADC} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFC5EAF-7A4C-4724-BE5A-8C973C7DAC0E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C559E6D-1DFA-418B-8C07-E17E1E3B15E2} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63ECBF51-14A0-40B7-989D-E2F89ADE1F4A} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888 => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73A43D26-5A60-4406-9804-09116E3CE3EF} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7435C672-531A-42D7-BBEE-2BE1C3EE4130} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoDefrag => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84DD0A91-9FD9-4FDC-8158-0655654BDF56} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510 => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B60C963D-DC48-4FD7-86D1-21F55555617E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCDD67A9-A4E4-4788-B0F0-9766F3A12F59} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB5D6E42-21A9-4984-A7BD-F62EE517F812} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoAnalyze => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF186096-F392-402A-ACE3-F1E7035DD0B4} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_SkipUac_Greg => could not remove. Access Denied.

==== End of Fixlog 21:36:53 ====


  • 0

#4
gnrook
Posted 03 March 2018 - 11:03 PM

gnrook

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Here is my ADWcleaner log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Greg (03-03-2018 21:34:21) Run:1
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5866768 2018-01-22] (IObit)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [SharewareOnSale Notifier] => C:\ProgramData\SharewareOnSale Notifier\SharewareOnSale Notifier.exe [1008816 2016-10-25] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-17] (SUPERAntiSpyware)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
C:\Users\Greg\Downloads\HijackThis.exe
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [WowApp] => C:\Users\Greg\AppData\Roaming\WowApp\WowApp.exe [16001936 2017-08-01] (YouWowMe Romania SRL)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Advanced SystemCare 11] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3580176 2018-01-16] (IObit)
BootExecute: autocheck autochk * sdnclean64.exe
SearchScopes: HKLM -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_31&cd=2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtDtAzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEyD0AtC0A0EyCzztGtCyCyB0BtGzztAzzyCtGtBtDyEtDtG0DtByC0ByB0DtC0Fzz0AtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzutB&cr=484410714&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_31&cd=2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtDtAzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEyD0AtC0A0EyCzztGtCyCyB0BtGzztAzzyCtGtBtDyEtDtG0DtByC0ByB0DtC0Fzz0AtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzutB&cr=484410714&ir=&q={searchTerms}
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2018-01-31]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService11; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1056016 2018-01-30] (IObit)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2007608 2016-07-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 Secure Hunter Service; C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe [47416 2016-02-23] (SecureHunter LLC) [File not signed]
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-12] (Windscribe Limited)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-07-31] (The OpenVPN Project)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-16] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-23] (IObit.com)
R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [39792 2017-09-28] (IObit.com)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-17] (IObit.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
2018-02-26 12:32 - 2018-02-26 12:32 - 000000000 ____D C:\Users\Greg\AppData\Local\WeatherBuddy
2018-02-26 00:48 - 2018-02-26 00:48 - 000000062 _____ C:\WINDOWS\WeatherBuddy.INI
2018-02-26 00:47 - 2018-02-26 20:59 - 000151040 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Roaming\upp.exe
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Roaming\betterds
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Local\Package Cache
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-02-26 00:46 - 2018-02-26 00:46 - 007609856 _____ C:\Users\Greg\Downloads\flashplayer_setup.exe
2018-02-26 00:45 - 2018-02-26 00:45 - 001730580 _____ ( ) C:\Users\Greg\Downloads\adobe_flash_setup_3103816377.exe2018-02-26 20:59 - 2018-02-26 20:59 - 001730580 _____ (                                                            ) C:\Users\Greg\AppData\Local\Temp\ICReinstall_adobe_flash_setup_3103816377.exe
2018-02-26 21:02 - 2018-02-26 21:02 - 004167312 _____ (Don HO [email protected]) C:\Users\Greg\AppData\Local\Temp\npp.7.5.4.Installer.exe
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AdChances] => C:\Users\Greg\AppData\Roaming\betterds\winsrcsrv.exe [13312 2018-02-26] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AdChan] => C:\Users\Greg\AppData\Roaming\betterds\run.exe [8192 2018-02-26] ()
C:\Users\Greg\AppData\Roaming\betterds
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [WeatherBuddy] => C:\Users\Greg\AppData\Local\WeatherBuddy\WeatherBuddy.exe [4075520 2017-12-08] (ELLS LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk [2017-08-09]
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}\_70A02663DFC8789EC3D334.exe ()
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-499928188-2534183837-3826530114-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-499928188-2534183837-3826530114-1001] => 127.0.0.1:8003
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm
2018-02-26 12:32 - 2018-02-26 12:32 - 000000000 ____D C:\Users\Greg\AppData\Local\WeatherBuddy
2018-02-26 00:48 - 2018-02-26 00:48 - 000000062 _____ C:\WINDOWS\WeatherBuddy.INI
2018-02-26 00:47 - 2018-02-26 20:59 - 000151040 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Roaming\upp.exe
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Roaming\betterds
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\Users\Greg\AppData\Local\Package Cache
2018-02-26 00:47 - 2018-02-26 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-02-26 00:46 - 2018-02-26 00:46 - 007609856 _____ C:\Users\Greg\Downloads\flashplayer_setup.exe
2018-02-26 00:45 - 2018-02-26 00:45 - 001730580 _____ ( ) C:\Users\Greg\Downloads\adobe_flash_setup_3103816377.exe
Task: {009D2F73-CB2B-48FF-BB05-45C7385E6DFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {074BAF7E-CC70-41E3-9348-CE558E6ADB38} - System32\Tasks\{E54C889E-0C3C-4662-814B-58D06D8E94A8} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Task Manager 20-20\uninstall.exe" -c C:\ProgramData\Task Manager 20-20\INSTALL.LOG
Task: {0E714097-D7D0-4597-8EBE-07DF99E20B9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1DB19332-2570-4EBF-B135-6EF53E47E77A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-17] (Adobe Systems Incorporated)
Task: {32B61344-F28C-4005-8D14-4F02D371A832} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {344E6A63-9C3F-4228-9675-EA03C371FADC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {3CFC5EAF-7A4C-4724-BE5A-8C973C7DAC0E} - System32\Tasks\ASC11_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2018-01-15] (IObit)
Task: {46EBF8C3-70AD-4AD6-B770-CD40D8ECA8F1} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4C619B7A-CEBB-41BA-8907-E751AE9EE46F} - System32\Tasks\{348358E3-977D-4559-8408-5BCEE7C0117F} => C:\WINDOWS\system32\pcalua.exe -a "C:\PROGRA~2\COMMON~1\InstallShield\Driver\7\Intel 32\IDriver.exe" -c /M{238E20DB-EF53-4388-9B97-2C9E45234D83}
Task: {4E48A462-839F-4A1A-92A2-491F7799E796} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5C559E6D-1DFA-418B-8C07-E17E1E3B15E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {63ECBF51-14A0-40B7-989D-E2F89ADE1F4A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {71762BBB-A913-4B38-A41F-7FE20FE94719} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {73A43D26-5A60-4406-9804-09116E3CE3EF} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {73C747F3-BC68-49F4-955A-9FF400E8843F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7435C672-531A-42D7-BBEE-2BE1C3EE4130} - System32\Tasks\SmartDefrag_AutoDefrag => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {7A3B3383-4770-47A3-B2C5-257870FD26B9} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-499928188-2534183837-3826530114-1001 -> No File <==== ATTENTION
Task: {815BC4D0-5C7B-4D53-BD82-850C3861FD15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {84DD0A91-9FD9-4FDC-8158-0655654BDF56} - System32\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {90BBAA26-7F9A-468F-9CBE-E26A0991040E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {90BFBACC-BCEE-4D4A-B494-10AFAACE5552} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9828A957-8238-42C0-BF6B-2F4F5A3B6067} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A2CC4EC3-C0D2-4141-A82D-D28F28786A37} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B60C963D-DC48-4FD7-86D1-21F55555617E} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-12-20] (IObit)
Task: {B74EEF3C-E8A2-4EC5-873C-05797CE03C4F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B774E650-7E9F-41B5-8429-720E0B978130} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {BCDD67A9-A4E4-4788-B0F0-9766F3A12F59} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {D01F8DEE-0DE0-4A9D-9DC0-0A720646123E} - \WPD\SqmUpload_S-1-5-21-499928188-2534183837-3826530114-1001 -> No File <==== ATTENTION
Task: {DB5D6E42-21A9-4984-A7BD-F62EE517F812} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {DCBE7A24-E835-461A-AA35-96FBAFF044ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DF186096-F392-402A-ACE3-F1E7035DD0B4} - System32\Tasks\ASC11_SkipUac_Greg => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2018-02-07] (IObit)
Task: {E016F071-0B13-493C-8EBE-F44DF99443DF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FE11B49E-3376-4B40-BCB1-7AE72AEF972A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => C:\Users\Greg\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => C:\Users\Greg\AppData\Local\GoToMeeting\7495\g2mupload.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
AlternateDataStreams: C:\ProgramData\Temp:9DD812F4 [258]
AlternateDataStreams: C:\ProgramData\Temp:D31D1159 [194]
AlternateDataStreams: C:\ProgramData\Temp:EEDA5B17 [109]
AlternateDataStreams: C:\Users\Greg\Downloads\ashampoo_snap_9_e9.0.5_sm.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\BackuperyForGMail_5.0.224.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\ccsetup523.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\CintaNotes_3_4_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\DWS_Lite.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_2_84_Deluxe.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_3_15_Beta.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\Install_AllMyNotes_3_16_Deluxe.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\KeyScrambler_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\LeadGenerationMagic.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\save2pc_full.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\save2pc_ult.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\sosint.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\sosintwr.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\SUPERAntiSpywarePro.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\torbrowser-install-6.0.5_en-US.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\torbrowser-install-6.0.6_en-US.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\Downloads\tskmgr-single-user-20-20.exe:BDU [0]
AlternateDataStreams: C:\Users\Greg\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e [400]
IE trusted site: HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615piz"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "SharewareOnSale Notifier"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "WeatherBuddy"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Web Companion"
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
AVG (HKLM\...\{4A4C705B-6D2D-4868-9C1C-02C7AAC7F32F}) (Version: 16.91.7690 - AVG Technologies) Hidden
Weather Buddy (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{f1ba6611-16fa-402f-b96c-659c8cf67e1a}) (Version: 1.0.23 - ELLS LLC) Hidden
WeatherBuddy (HKLM-x32\...\{4E3A1F8F-C363-4867-ADBD-8FF780DE9322}) (Version: 1.0.26 - ELLS LLC) Hidden <==== ATTENTION
Hosts:
CMD: ipconfig /all
CMD: netstat -rn
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"













*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter" => not found
"HKU\Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]SharewareOnSale Notifier" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Windscribe" => removed successfully
C:\Users\Greg\Downloads\HijackThis.exe => moved successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WowApp" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 11" => not found
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
HKLM\Software\Classes\CLSID\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{5e7797ae-5ca1-4b50-95d8-97e746340487} => not found
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2018-01-31] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => not found
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => not found
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => not found
!SASCORE => service not found.
AdvancedSystemCareService11 => service not found.
"HKLM\System\CurrentControlSet\Services\avgfws" => removed successfully
avgfws => service removed successfully
"HKLM\System\CurrentControlSet\Services\avgwd" => removed successfully
avgwd => service removed successfully
IObitUnSvr => service not found.
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
"HKLM\System\CurrentControlSet\Services\Secure Hunter Service" => removed successfully
Secure Hunter Service => service removed successfully
WindscribeService => service not found.
"HKLM\System\CurrentControlSet\Services\aswTap" => removed successfully
aswTap => service removed successfully
IMFCameraProtect => service not found.
IMFDownProtect => service not found.
IMFFilter => service not found.
IMFForceDelete => service not found.
iobit_monitor_server => service not found.
"HKLM\System\CurrentControlSet\Services\IUFileFilter" => removed successfully
IUFileFilter => service removed successfully
IURegProcessFilter => service not found.
RegFilter => service not found.
SASDIFSV => service not found.
SASKUTIL => service not found.
SmartDefragDriver => service not found.
"HKLM\System\CurrentControlSet\Services\tap0901" => removed successfully
tap0901 => service removed successfully
"HKLM\System\CurrentControlSet\Services\tapwindscribe0901" => removed successfully
tapwindscribe0901 => service removed successfully
"C:\Users\Greg\AppData\Local\WeatherBuddy" => not found
"C:\WINDOWS\WeatherBuddy.INI" => not found
"C:\Users\Greg\AppData\Roaming\upp.exe" => not found

"C:\Users\Greg\AppData\Roaming\betterds" folder move:

Could not move "C:\Users\Greg\AppData\Roaming\betterds" => Scheduled to move on reboot.

C:\Users\Greg\AppData\Local\Package Cache => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Users\Greg\Downloads\flashplayer_setup.exe => moved successfully
"C:\Users\Greg\AppData\Local\Temp\ICReinstall_adobe_flash_setup_3103816377.exe" => not found
C:\Users\Greg\AppData\Local\Temp\npp.7.5.4.Installer.exe => moved successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdChances" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdChan" => removed successfully

"C:\Users\Greg\AppData\Roaming\betterds" folder move:

Could not move "C:\Users\Greg\AppData\Roaming\betterds" => Scheduled to move on reboot.

"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherBuddy" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk => moved successfully
C:\Windows\Installer\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}\_70A02663DFC8789EC3D334.exe => moved successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => not found
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => not found
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm => moved successfully
"C:\Users\Greg\AppData\Local\WeatherBuddy" => not found
"C:\WINDOWS\WeatherBuddy.INI" => not found
"C:\Users\Greg\AppData\Roaming\upp.exe" => not found

"C:\Users\Greg\AppData\Roaming\betterds" folder move:

Could not move "C:\Users\Greg\AppData\Roaming\betterds" => Scheduled to move on reboot.

"C:\Users\Greg\AppData\Local\Package Cache" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft" => not found
"C:\Users\Greg\Downloads\flashplayer_setup.exe" => not found
"C:\Users\Greg\Downloads\adobe_flash_setup_3103816377.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{009D2F73-CB2B-48FF-BB05-45C7385E6DFE} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{074BAF7E-CC70-41E3-9348-CE558E6ADB38}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{074BAF7E-CC70-41E3-9348-CE558E6ADB38}" => removed successfully
C:\WINDOWS\System32\Tasks\{E54C889E-0C3C-4662-814B-58D06D8E94A8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E54C889E-0C3C-4662-814B-58D06D8E94A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E714097-D7D0-4597-8EBE-07DF99E20B9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E714097-D7D0-4597-8EBE-07DF99E20B9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB19332-2570-4EBF-B135-6EF53E47E77A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB19332-2570-4EBF-B135-6EF53E47E77A}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32B61344-F28C-4005-8D14-4F02D371A832}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32B61344-F28C-4005-8D14-4F02D371A832}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344E6A63-9C3F-4228-9675-EA03C371FADC} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFC5EAF-7A4C-4724-BE5A-8C973C7DAC0E} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\ASC11_PerformanceMonitor" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46EBF8C3-70AD-4AD6-B770-CD40D8ECA8F1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46EBF8C3-70AD-4AD6-B770-CD40D8ECA8F1}" => removed successfully
C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Deskjet 3050A J611 series" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C619B7A-CEBB-41BA-8907-E751AE9EE46F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C619B7A-CEBB-41BA-8907-E751AE9EE46F}" => removed successfully
C:\WINDOWS\System32\Tasks\{348358E3-977D-4559-8408-5BCEE7C0117F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{348358E3-977D-4559-8408-5BCEE7C0117F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E48A462-839F-4A1A-92A2-491F7799E796}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E48A462-839F-4A1A-92A2-491F7799E796}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C559E6D-1DFA-418B-8C07-E17E1E3B15E2} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63ECBF51-14A0-40B7-989D-E2F89ADE1F4A} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888 => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71762BBB-A913-4B38-A41F-7FE20FE94719}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71762BBB-A913-4B38-A41F-7FE20FE94719}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73A43D26-5A60-4406-9804-09116E3CE3EF} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_Update" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73C747F3-BC68-49F4-955A-9FF400E8843F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C747F3-BC68-49F4-955A-9FF400E8843F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7435C672-531A-42D7-BBEE-2BE1C3EE4130} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_AutoDefrag" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoDefrag => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A3B3383-4770-47A3-B2C5-257870FD26B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A3B3383-4770-47A3-B2C5-257870FD26B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-499928188-2534183837-3826530114-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{815BC4D0-5C7B-4D53-BD82-850C3861FD15}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{815BC4D0-5C7B-4D53-BD82-850C3861FD15}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84DD0A91-9FD9-4FDC-8158-0655654BDF56} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510 => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90BBAA26-7F9A-468F-9CBE-E26A0991040E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BBAA26-7F9A-468F-9CBE-E26A0991040E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90BFBACC-BCEE-4D4A-B494-10AFAACE5552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BFBACC-BCEE-4D4A-B494-10AFAACE5552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9828A957-8238-42C0-BF6B-2F4F5A3B6067}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9828A957-8238-42C0-BF6B-2F4F5A3B6067}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2CC4EC3-C0D2-4141-A82D-D28F28786A37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CC4EC3-C0D2-4141-A82D-D28F28786A37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B60C963D-DC48-4FD7-86D1-21F55555617E} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_Startup" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B74EEF3C-E8A2-4EC5-873C-05797CE03C4F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B74EEF3C-E8A2-4EC5-873C-05797CE03C4F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B774E650-7E9F-41B5-8429-720E0B978130}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B774E650-7E9F-41B5-8429-720E0B978130}" => removed successfully
C:\WINDOWS\System32\Tasks\IObitSelfCheckTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObitSelfCheckTask" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCDD67A9-A4E4-4788-B0F0-9766F3A12F59} => could not remove. Access Denied.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Automatic Updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D01F8DEE-0DE0-4A9D-9DC0-0A720646123E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D01F8DEE-0DE0-4A9D-9DC0-0A720646123E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-499928188-2534183837-3826530114-1001" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB5D6E42-21A9-4984-A7BD-F62EE517F812} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoAnalyze => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCBE7A24-E835-461A-AA35-96FBAFF044ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCBE7A24-E835-461A-AA35-96FBAFF044ED}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF186096-F392-402A-ACE3-F1E7035DD0B4} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\ASC11_SkipUac_Greg" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_SkipUac_Greg => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E016F071-0B13-493C-8EBE-F44DF99443DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E016F071-0B13-493C-8EBE-F44DF99443DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE11B49E-3376-4B40-BCB1-7AE72AEF972A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE11B49E-3376-4B40-BCB1-7AE72AEF972A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => moved successfully
C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-499928188-2534183837-3826530114-1001.job => moved successfully
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888.job" => not found
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510.job" => not found
C:\ProgramData\Temp => ":9DD812F4" ADS removed successfully
C:\ProgramData\Temp => ":D31D1159" ADS removed successfully
C:\ProgramData\Temp => ":EEDA5B17" ADS removed successfully
C:\Users\Greg\Downloads\ashampoo_snap_9_e9.0.5_sm.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\BackuperyForGMail_5.0.224.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\ccsetup523.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\CintaNotes_3_4_Setup.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\DWS_Lite.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\Install_AllMyNotes_2_84_Deluxe.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\Install_AllMyNotes_3_15_Beta.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\Install_AllMyNotes_3_16_Deluxe.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\KeyScrambler_Setup.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\LeadGenerationMagic.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\save2pc_full.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\save2pc_ult.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\sosint.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\sosintwr.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\SUPERAntiSpywarePro.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\torbrowser-install-6.0.5_en-US.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\torbrowser-install-6.0.6_en-US.exe => ":BDU" ADS removed successfully
C:\Users\Greg\Downloads\tskmgr-single-user-20-20.exe => ":BDU" ADS removed successfully
C:\Users\Greg\AppData\Local\desktop.ini => ":07a19238af92db80fe9045ca73c7a84e" ADS removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AVG-Secure-Search-Update_0615piz" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0615piz" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SharewareOnSale Notifier" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SharewareOnSale Notifier" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Windscribe" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windscribe" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\WeatherBuddy" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WeatherBuddy" => not found
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Web Companion" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A4C705B-6D2D-4868-9C1C-02C7AAC7F32F}\\SystemComponent" => removed successfully
"HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f1ba6611-16fa-402f-b96c-659c8cf67e1a}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4E3A1F8F-C363-4867-ADBD-8FF780DE9322}\\SystemComponent" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /all =========


Windows IP Configuration

   Host Name . . . . . . . . . . . . : downstair-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : telus

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-46-A0-A0-B8-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 70-18-8B-56-55-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : telus
   Description . . . . . . . . . . . : Ralink RT3290 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 70-18-8B-56-55-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:56a:75a2:f300:810e:14d:aa39:81eb(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:56a:75a2:f300:2548:f7b5:262d:f98d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::810e:14d:aa39:81eb%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : March 3, 2018 9:29:56 PM
   Lease Expires . . . . . . . . . . : March 4, 2018 9:29:54 PM
   Default Gateway . . . . . . . . . : fe80::1278:5bff:fedb:4da0%5
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 359667851
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-F0-FA-69-74-46-A0-A0-B8-50
   DNS Servers . . . . . . . . . . . : 2001:568:ff09:10c::53
                                       2001:568:ff09:10a::114
                                       192.168.1.254
                                       75.153.171.114
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 70-18-8B-56-55-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

========= End of CMD: =========


========= netstat -rn =========

===========================================================================
Interface List
 15...74 46 a0 a0 b8 50 ......Realtek PCIe GBE Family Controller
 12...70 18 8b 56 55 35 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...70 18 8b 56 55 33 ......Ralink RT3290 802.11bgn Wi-Fi Adapter
  3...70 18 8b 56 55 34 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.71     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.71    311
     192.168.1.71  255.255.255.255         On-link      192.168.1.71    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.71    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.71    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.71    311
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    157.56.121.89  255.255.255.255         On-link        1
   157.55.133.204  255.255.255.255         On-link        1
    157.55.129.21  255.255.255.255         On-link        1
     77.67.29.176  255.255.255.255         On-link        1
     65.52.108.33  255.255.255.255         On-link        1
     23.57.107.27  255.255.255.255         On-link        1
    23.57.107.163  255.255.255.255         On-link        1
    23.57.101.163  255.255.255.255         On-link        1
      65.55.39.10  255.255.255.255         On-link        1
     23.223.20.82  255.255.255.255         On-link        1
       2.22.61.66  255.255.255.255         On-link        1
       2.22.61.43  255.255.255.255         On-link        1
     157.56.96.54  255.255.255.255         On-link        1
    157.56.124.87  255.255.255.255         On-link        1
   157.56.106.189  255.255.255.255         On-link        1
   157.55.240.220  255.255.255.255         On-link        1
     104.96.147.3  255.255.255.255         On-link        1
   137.117.235.16  255.255.255.255         On-link        1
    137.116.81.24  255.255.255.255         On-link        1
   111.221.29.253  255.255.255.255         On-link        1
     65.55.252.71  255.255.255.255         On-link        1
     65.55.252.63  255.255.255.255         On-link        1
    65.55.138.186  255.255.255.255         On-link        1
    65.55.138.126  255.255.255.255         On-link        1
    65.55.138.114  255.255.255.255         On-link        1
     65.55.108.23  255.255.255.255         On-link        1
     65.52.108.29  255.255.255.255         On-link        1
   134.170.115.60  255.255.255.255         On-link        1
     65.52.100.94  255.255.255.255         On-link        1
     65.52.100.93  255.255.255.255         On-link        1
   111.221.29.177  255.255.255.255         On-link        1
   134.170.185.70  255.255.255.255         On-link        1
     65.52.100.92  255.255.255.255         On-link        1
     65.52.100.91  255.255.255.255         On-link        1
      65.52.100.9  255.255.255.255         On-link        1
      65.52.100.7  255.255.255.255         On-link        1
     65.52.100.11  255.255.255.255         On-link        1
    65.39.117.230  255.255.255.255         On-link        1
       64.4.6.100  255.255.255.255         On-link        1
       64.4.54.32  255.255.255.255         On-link        1
   134.170.30.202  255.255.255.255         On-link        1
  134.170.165.248  255.255.255.255         On-link        1
       64.4.54.22  255.255.255.255         On-link        1
  134.170.165.253  255.255.255.255         On-link        1
    23.218.212.69  255.255.255.255         On-link        1
      23.99.10.11  255.255.255.255         On-link        1
      23.102.21.4  255.255.255.255         On-link        1
   212.30.134.205  255.255.255.255         On-link        1
   212.30.134.204  255.255.255.255         On-link        1
   207.68.166.254  255.255.255.255         On-link        1
    207.46.223.94  255.255.255.255         On-link        1
    207.46.114.58  255.255.255.255         On-link        1
     65.55.29.238  255.255.255.255         On-link        1
    207.46.101.29  255.255.255.255         On-link        1
    131.253.40.37  255.255.255.255         On-link        1
    191.232.139.2  255.255.255.255         On-link        1
   204.79.197.200  255.255.255.255         On-link        1
  191.237.208.126  255.255.255.255         On-link        1
    191.232.80.62  255.255.255.255         On-link        1
    191.232.80.58  255.255.255.255         On-link        1
  191.232.139.254  255.255.255.255         On-link        1
   168.63.108.233  255.255.255.255         On-link        1
     157.56.91.77  255.255.255.255         On-link        1
     65.55.252.93  255.255.255.255         On-link        1
     65.55.252.92  255.255.255.255         On-link        1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    311 ::/0                     fe80::1278:5bff:fedb:4da0
  1    331 ::1/128                  On-link
  5    311 2001:56a:75a2:f300::/64  On-link
  5    311 2001:56a:75a2:f300:2548:f7b5:262d:f98d/128
                                    On-link
  5    311 2001:56a:75a2:f300:810e:14d:aa39:81eb/128
                                    On-link
  5    311 fe80::/64                On-link
  5    311 fe80::810e:14d:aa39:81eb/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-03-2018 21:36:52)

C:\Users\Greg\AppData\Roaming\betterds => Is moved successfully
C:\Users\Greg\AppData\Roaming\betterds => Is moved successfully
C:\Users\Greg\AppData\Roaming\betterds => Is moved successfully

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{009D2F73-CB2B-48FF-BB05-45C7385E6DFE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344E6A63-9C3F-4228-9675-EA03C371FADC} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFC5EAF-7A4C-4724-BE5A-8C973C7DAC0E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C559E6D-1DFA-418B-8C07-E17E1E3B15E2} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63ECBF51-14A0-40B7-989D-E2F89ADE1F4A} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 2c5b904e-9009-43cf-a70f-36ef66ad1888 => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73A43D26-5A60-4406-9804-09116E3CE3EF} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7435C672-531A-42D7-BBEE-2BE1C3EE4130} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoDefrag => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84DD0A91-9FD9-4FDC-8158-0655654BDF56} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task ac777434-8fb9-4331-94aa-a96696ad8510 => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B60C963D-DC48-4FD7-86D1-21F55555617E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCDD67A9-A4E4-4788-B0F0-9766F3A12F59} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB5D6E42-21A9-4984-A7BD-F62EE517F812} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoAnalyze => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF186096-F392-402A-ACE3-F1E7035DD0B4} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_SkipUac_Greg => could not remove. Access Denied.

==== End of Fixlog 21:36:53 ====


  • 0

#5
gnrook
Posted 03 March 2018 - 11:09 PM

gnrook

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Sorry

Here is my ADWcleaner log after i did the clean

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 04 05:04:11 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\Greg\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Greg\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\Greg\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Greg\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Program Files (x86)\Auslogics
Deleted: C:\Users\All Users\Auslogics


***** [ Files ] *****

Deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
Deleted: C:\Windows\System32\lavasofttcpservice.dll
Deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
Deleted: [Key] - HKLM\SOFTWARE\IObit\ASC
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myeasylifestyle.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted: [Key] - HKLM\SOFTWARE\Uniblue
Deleted: [Key] - HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\CoinisRevShare
Deleted: [Key] - HKCU\Software\CoinisRevShare
Deleted: [Key] - HKLM\SOFTWARE\MaxPower
Deleted: [Key] - HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\ELLS LLC
Deleted: [Key] - HKCU\Software\ELLS LLC
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
Deleted: [Value] - HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iobit-malware-fighter.en.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\video-downloadhelper.en.softonic.com
Deleted: [Key] - HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\win
Deleted: [Key] - HKCU\Software\win
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
Deleted: [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

Plugin deleted: IObit Surfing Protection & Ads Removal -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [12665 B] - [2018/2/27 7:14:42]
C:/AdwCleaner/AdwCleaner[S1].txt - [10023 B] - [2018/3/4 4:58:25]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


  • 0

#6
gnrook
Posted 03 March 2018 - 11:19 PM

gnrook

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Here are my new FRST and addition logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Greg (administrator) on DOWNSTAIR-PC (03-03-2018 22:11:17)
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(QILING Tech Co., Ltd.) C:\Program Files\QILING\Disk Master\DmAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(QILING Tech Co., Ltd.) C:\Program Files\QILING\Disk Master\DiskMasterUI.exe
() C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe
() C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
() C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe
(FastPcTools) C:\Program Files (x86)\FastPcTools\Fast VD\FastVD.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Wargaming.net) C:\Games\World_of_Warships\WargamingGameUpdater.exe
(Gaijin Entertainment) C:\Users\Greg\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\SteganosBrowserMonitor.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\Notifier.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 18\fredirstarter.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [Disk Master] => C:\Program Files\QILING\Disk Master\DiskMasterUI.exe [3182904 2018-02-05] (QILING Tech Co., Ltd.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 18\SteganosHotKeyService.exe [124416 2016-10-27] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE18 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 18\SteganosBrowserMonitor.exe [1131040 2016-10-27] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE18 Notifier] => C:\Program Files (x86)\Steganos Safe 18\Notifier.exe [4196848 2016-10-27] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE18 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 18\fredirstarter.exe [23040 2016-10-27] (Steganos Software GmbH)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AllMyNotes] => C:\Program Files (x86)\AllMyNotes Organizer\AllMyNotes.exe [5286424 2017-11-28] (Vladonai Software (hxxp://www.vladonai.com))
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Winsplit] => C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe [3951616 2011-04-12] ()
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe [7439264 2017-04-11] (Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [19959616 2015-08-24] (NGWIN)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [FastVD] => C:\Program Files (x86)\FastPcTools\Fast VD\FastVD.exe [1595096 2018-03-02] (FastPcTools)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3140384 2018-01-25] (Wargaming.net)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Greg\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2116168 2018-01-22] (Gaijin Entertainment)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-21] (Google Inc.)
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2016-11-28]
ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk [2015-02-25]
ShortcutTarget: PHOTOfunSTUDIO 5.0 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C-Organizer Pro.lnk [2016-10-08]
ShortcutTarget: C-Organizer Pro.lnk -> C:\Program Files (x86)\C-Organizer Pro\C-OrganizerPro.exe ()
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2018-03-03]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{3045b6d4-f94a-4450-bd97-44f9c92d4939}: [NameServer] 18.218.252.15
Tcpip\..\Interfaces\{4a135f89-e3f7-4c98-89e5-66c7f884ac85}: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{d72ebcf0-adec-4cd2-a6e1-78b29c10e73e}: [NameServer] 18.218.252.15
Tcpip\..\Interfaces\{e8486528-ddac-4e2e-9950-51235e50d8d0}: [NameServer] 18.218.252.15

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM -> {25F5DADE-C273-4850-874A-8BAD7C61E75F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM-x32 -> {25F5DADE-C273-4850-874A-8BAD7C61E75F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_coinisre_18_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtByEzztN1L2XzuyEtFtBtCtFtDtFtCtByEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyC0B0D0DtCyDyCtGtCtDzzyBtGzztC0ByEtGtDzz0BtDtG0D0FyDyDtDyDyEzzyBtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCzyyBtDtAzyyCzz%26cr%3D603396005%26a%3Dwbf_coinisre_18_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {25F5DADE-C273-4850-874A-8BAD7C61E75F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_coinisre_18_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEyEyC0AtD0AtD0BzzyDtDyE0ByByEtN0D0Tzu0StBtByEzztN1L2XzuyEtFtBtCtFtDtFtCtByEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyC0B0D0DtCyDyCtGtCtDzzyBtGzztC0ByEtGtDzz0BtDtG0D0FyDyDtDyDyEzzyBtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0Azzzz0F0AyBtGtC0Azz0EtGyEyD0B0EtGzz0F0BzztGtBtCyEtDzyzztC0B0EyC0F0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCzyyBtDtAzyyCzz%26cr%3D603396005%26a%3Dwbf_coinisre_18_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=32420&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-03] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-09-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-499928188-2534183837-3826530114-1001 -> No Name - {8423B544-3BF6-46E6-9DA0-EAA938D7D068} -  No File
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll [2014-05-05] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2014-11-22] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll [2015-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2016-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF DefaultProfile: jels045n.default-1519735298280
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\jels045n.default-1519735298280 [2018-03-03]
FF NetworkProxy: Mozilla\Firefox\Profiles\jels045n.default-1519735298280 -> type", 4
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\jels045n.default-1519735298280\Extensions\[email protected] [2017-10-18]
FF Extension: (Video DownloadHelper) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\jels045n.default-1519735298280\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-02-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499928188-2534183837-3826530114-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Greg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-499928188-2534183837-3826530114-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Greg\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-01-28] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-499928188-2534183837-3826530114-1001: hp.com/HPDetect -> C:\Users\Greg\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://ca.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-ca?cobrand=hp13.msn.com&ocid=HPCDHP&pc=HPD"
CHR NewTab: Default ->  Not-active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default [2018-03-03]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2017-10-10]
CHR Extension: (Avast Passwords) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-01-31]
CHR Extension: (iCloud Bookmarks) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-11]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pinterest Save Button) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-14]
CHR Extension: (Skype) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-25]
CHR Extension: (Norton Safe) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29]
CHR Extension: (Chrome Media Router) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-26]
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Greg\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-24]
CHR HKU\S-1-5-21-499928188-2534183837-3826530114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-26] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-26] (CyberLink)
R2 DmAgent; C:\Program Files\QILING\Disk Master\DmAgent.exe [67384 2018-02-05] (QILING Tech Co., Ltd.)
S3 ExpressAccountsService; C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [3380304 2015-03-28] (NCH Software)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2631760 2014-12-25] (NCH Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [2081336 2014-08-16] (NCH Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115856 2016-10-20] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 VssProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{278373C1-96D4-4875-BB38-E42D4D162BAE}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-02-26] (CPUID)
R3 debutfilter; C:\WINDOWS\system32\DRIVERS\debutfilterx64.sys [34512 2014-11-18] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 diskbckp; C:\WINDOWS\System32\drivers\diskbckp.sys [45368 2018-02-05] (QILING Tech Co., Ltd.)
R3 dvdfab; C:\WINDOWS\system32\drivers\dvdfab.sys [82904 2015-11-06] (Windows ® Win 7 DDK provider)
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2017-05-16] (Highresolution Enterprises [www.highrez.co.uk])
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2707c70d42c54b4e\nvlddmkm.sys [17036560 2018-02-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
R1 SLEE_19_DRIVER; C:\WINDOWS\Sleen1964.sys [117848 2014-10-24] (Softwareentwicklung Remus - ArchiCrypt - )
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [162360 2015-12-22] (Duplex Secure Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [34512 2014-10-23] ()
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-19] (Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-19] (Texas Instruments, Inc.)
R3 vDisk; C:\WINDOWS\System32\drivers\vDisk.sys [256312 2018-02-05] (QILING Tech Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-03 22:11 - 2018-03-03 22:12 - 000030561 _____ C:\Users\Greg\Desktop\FRST.txt
2018-03-03 21:46 - 2018-03-03 21:46 - 008222496 _____ (Malwarebytes) C:\Users\Greg\Downloads\AdwCleaner.exe
2018-03-03 21:34 - 2018-03-03 21:55 - 000000000 ____D C:\Users\Greg\Desktop\FRST-OlderVersion
2018-03-03 21:34 - 2018-03-03 21:36 - 000060904 _____ C:\Users\Greg\Desktop\Fixlog.txt
2018-03-03 21:34 - 2018-03-03 21:34 - 002403328 _____ (Farbar) C:\Users\Greg\Desktop\FRST64.exe
2018-03-03 21:32 - 2018-03-03 21:32 - 000039040 ____R C:\Users\Greg\Desktop\fixlist.txt
2018-03-03 21:19 - 2018-03-03 21:19 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-03-03 21:01 - 2018-03-03 21:01 - 000001220 _____ C:\Users\Public\Desktop\Fast Video Downloader.lnk
2018-03-01 04:41 - 2018-03-01 04:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint 7
2018-03-01 04:41 - 2018-03-01 04:41 - 000000000 ____D C:\Program Files\Inpaint7
2018-03-01 04:40 - 2018-03-01 04:40 - 000000000 ____D C:\Users\Greg\Inpaint
2018-03-01 00:58 - 2018-03-02 01:47 - 000000000 ____D C:\Users\Greg\Documents\Six Figure Mentors
2018-02-28 17:34 - 2018-02-28 17:34 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2018-02-28 17:34 - 2018-02-28 17:34 - 000001174 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2018-02-28 05:34 - 2018-02-28 05:34 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-28 00:44 - 2018-03-02 23:58 - 000000000 ____D C:\Users\Greg\Documents\Ithrive
2018-02-27 23:39 - 2018-03-02 01:43 - 000000000 ____D C:\Users\Greg\Documents\The Real Skinny
2018-02-27 21:34 - 2018-02-27 21:34 - 000000000 ___HD C:\$SysReset
2018-02-27 06:07 - 2018-02-27 06:07 - 000718220 _____ C:\Users\Greg\Downloads\video_downloadhelper-7.2.0-an+fx (3).xpi
2018-02-27 05:58 - 2018-02-27 05:58 - 000718220 _____ C:\Users\Greg\Downloads\video_downloadhelper-7.2.0-an+fx (2).xpi
2018-02-27 05:58 - 2018-02-27 05:58 - 000718220 _____ C:\Users\Greg\Downloads\video_downloadhelper-7.2.0-an+fx (1).xpi
2018-02-27 05:55 - 2018-02-27 05:56 - 000718220 _____ C:\Users\Greg\Downloads\video_downloadhelper-7.2.0-an+fx.xpi
2018-02-27 05:50 - 2018-02-27 05:50 - 000313520 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Installer (4).exe
2018-02-27 05:47 - 2018-02-27 05:47 - 000313520 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Installer (3).exe
2018-02-27 05:46 - 2018-02-27 05:46 - 038670696 _____ (DownloadHelper ) C:\Users\Greg\Downloads\VdhCoAppSetup-1.1.3 (1).exe
2018-02-27 00:21 - 2018-02-28 05:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-27 00:19 - 2018-02-27 00:21 - 081726176 _____ (Malwarebytes ) C:\Users\Greg\Downloads\mb3-setup-adwc.adwc100.3.3.1.2183.exe
2018-02-27 00:19 - 2018-02-27 00:19 - 008222496 _____ (Malwarebytes) C:\Users\Greg\Downloads\adwcleaner_7.0.8.0.exe
2018-02-27 00:13 - 2018-03-03 22:04 - 000000000 ____D C:\AdwCleaner
2018-02-27 00:12 - 2018-02-27 00:12 - 008222496 _____ (Malwarebytes) C:\Users\Greg\Desktop\adwcleaner_7.0.8.0.exe
2018-02-26 22:58 - 2018-02-26 22:58 - 002403328 _____ (Farbar) C:\Users\Greg\Downloads\FRST64 (1).exe
2018-02-26 22:33 - 2018-02-26 23:00 - 000084848 _____ C:\Users\Greg\Downloads\Addition.txt
2018-02-26 22:32 - 2018-03-03 22:11 - 000000000 ____D C:\FRST
2018-02-26 22:32 - 2018-02-26 23:00 - 000083943 _____ C:\Users\Greg\Downloads\FRST.txt
2018-02-26 22:05 - 2018-02-26 22:06 - 042627704 _____ (IObit ) C:\Users\Greg\Downloads\IObit-Malware-Fighter-Setup (1).exe
2018-02-26 21:02 - 2018-02-26 21:02 - 000000000 ____D C:\Users\Greg\AppData\Local\Notepad++
2018-02-26 20:59 - 2018-02-26 20:59 - 000002073 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Powered.lnk
2018-02-26 20:59 - 2018-02-26 20:59 - 000001482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
2018-02-26 20:25 - 2018-02-27 22:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-26 20:25 - 2018-02-27 05:51 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-26 20:25 - 2018-02-27 05:51 - 000001006 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-26 20:25 - 2018-02-27 05:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-26 20:24 - 2018-02-26 20:24 - 000313520 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Installer (2).exe
2018-02-26 19:28 - 2018-02-26 19:28 - 000313520 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Installer (1).exe
2018-02-25 04:00 - 2018-02-25 04:00 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-24 19:35 - 2018-02-24 19:35 - 038670696 _____ (DownloadHelper ) C:\Users\Greg\Downloads\VdhCoAppSetup-1.1.3.exe
2018-02-23 21:35 - 2018-02-23 21:43 - 623138346 _____ C:\Users\Greg\Downloads\Autoimmune Secrets - Episode 03 [02-22-18] NEW - YouTube.mp4
2018-02-22 18:24 - 2018-02-22 18:24 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-499928188-2534183837-3826530114-1001
2018-02-22 18:23 - 2018-02-22 18:23 - 000002410 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-21 01:59 - 2018-02-21 01:59 - 000000000 ____D C:\Users\Greg\ansel
2018-02-21 01:13 - 2018-02-21 01:13 - 000000000 ____D C:\Users\Greg\AppData\Local\Gaijin
2018-02-21 01:13 - 2018-02-21 01:13 - 000000000 ____D C:\ProgramData\Gaijin
2018-02-21 01:12 - 2018-03-01 03:52 - 000000000 ____D C:\Users\Greg\AppData\Local\WarThunder
2018-02-21 01:12 - 2018-02-21 01:12 - 000002072 _____ C:\Users\Greg\Desktop\WarThunder.lnk
2018-02-21 01:12 - 2018-02-21 01:12 - 000000000 ____D C:\Users\Greg\Documents\My Games
2018-02-21 01:12 - 2018-02-21 01:12 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2018-02-21 01:11 - 2018-02-21 01:11 - 006351424 _____ (Gaijin Entertainment ) C:\Users\Greg\Downloads\wt_launcher_1.0.3.72.exe
2018-02-21 01:08 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2018-02-21 01:08 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2018-02-21 01:08 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-02-21 01:08 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2018-02-21 01:07 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2018-02-21 01:07 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2018-02-21 01:07 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2018-02-21 01:07 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2018-02-21 01:07 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2018-02-21 01:07 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-02-21 01:07 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-02-21 01:07 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-02-21 01:07 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-02-21 01:07 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-02-21 01:07 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-02-21 01:07 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-02-21 01:07 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-02-21 01:07 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-02-21 01:07 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-02-21 01:07 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-02-21 01:07 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-02-21 01:07 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-02-21 01:07 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-02-21 01:07 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-02-21 01:07 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-02-21 01:07 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-02-21 01:07 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-02-21 01:07 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-02-21 01:07 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-02-21 01:07 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-02-21 01:07 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-02-21 01:07 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-02-21 01:07 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-02-21 01:07 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-02-21 01:07 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-02-21 01:07 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-02-21 01:07 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-02-21 01:07 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-02-21 01:07 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-02-21 01:07 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-02-21 01:07 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-02-21 01:07 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-02-21 01:07 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-02-21 01:07 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-02-21 01:07 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-02-21 01:07 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-02-21 01:07 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-02-21 01:07 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-02-21 01:07 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2018-02-21 01:07 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2018-02-21 01:07 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-02-21 01:07 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-02-21 01:07 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-02-21 01:07 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-02-21 01:07 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-02-21 01:07 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-02-21 01:07 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-02-21 01:07 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-02-21 01:07 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-02-21 01:07 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-02-21 01:07 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-02-21 01:07 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-02-21 01:07 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-02-21 01:07 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-02-21 01:07 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-02-21 01:07 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-02-21 01:07 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-02-21 01:07 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-02-21 01:07 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-02-21 01:07 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-02-21 01:07 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-02-21 01:07 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-02-21 01:07 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-02-21 01:07 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-02-21 01:07 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-02-21 01:07 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-02-21 01:07 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-02-21 01:07 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-02-21 01:07 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-02-21 01:07 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-02-21 01:07 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-02-21 01:07 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-02-21 01:07 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-02-21 01:07 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-02-21 01:07 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-02-21 01:07 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-02-21 01:07 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-02-21 01:07 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-02-21 01:07 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-02-21 01:07 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-02-21 01:07 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-02-21 01:07 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-02-21 01:07 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-02-21 01:04 - 2018-02-21 01:08 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-02-21 01:04 - 2018-02-21 01:04 - 000000855 _____ C:\Users\Greg\Desktop\World of Warships.lnk
2018-02-21 01:04 - 2018-02-21 01:04 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2018-02-21 01:04 - 2018-02-21 01:04 - 000000000 ____D C:\Games
2018-02-21 01:02 - 2018-02-21 01:02 - 005107312 _____ (Wargaming.net ) C:\Users\Greg\Downloads\WoWS_internet_install_na_bjing5a43w4c.exe
2018-02-19 23:33 - 2018-02-19 23:39 - 341189346 _____ C:\Users\Greg\Downloads\Anonymous Down The Deep Dark Web Documentary.mp4
2018-02-19 21:10 - 2018-02-19 21:32 - 557117396 _____ C:\Users\Greg\Downloads\How To Earn 6+ Figures Online.mp4
2018-02-18 05:05 - 2018-02-26 21:15 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-18 05:03 - 2018-02-18 05:03 - 011217568 _____ (Piriform Ltd) C:\Users\Greg\Downloads\ccsetup540.exe
2018-02-17 13:52 - 2018-03-03 21:20 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-02-17 13:52 - 2018-03-03 21:19 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-02-17 13:52 - 2018-02-17 13:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-02-17 13:44 - 2018-02-17 13:45 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Greg\Downloads\spybotsd-2.6.46.exe
2018-02-15 04:54 - 2018-02-15 04:54 - 000001026 _____ C:\Users\Public\Desktop\Disk Master Professional.lnk
2018-02-15 04:54 - 2018-02-15 04:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Master Professional
2018-02-15 04:54 - 2018-02-15 04:54 - 000000000 ____D C:\ProgramData\Disk Master
2018-02-15 04:54 - 2018-02-15 04:54 - 000000000 ____D C:\Program Files\QILING
2018-02-15 04:54 - 2018-02-05 22:06 - 000256312 _____ (QILING Tech Co., Ltd.) C:\WINDOWS\system32\Drivers\vDisk.sys
2018-02-15 04:54 - 2018-02-05 22:06 - 000045368 _____ (QILING Tech Co., Ltd.) C:\WINDOWS\system32\Drivers\diskbckp.sys
2018-02-15 04:52 - 2018-02-15 04:52 - 002294264 _____ C:\Users\Greg\Downloads\SharewareOnSale_Giveaway_QILING_Disk_Master_Professional_hub.exe
2018-02-13 16:15 - 2018-02-13 16:15 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-13 16:15 - 2017-12-18 19:51 - 000137200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-02-13 16:15 - 2017-09-13 16:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-02-13 16:15 - 2017-09-13 16:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-02-13 16:15 - 2017-09-13 16:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-02-13 16:15 - 2017-09-13 16:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-02-12 04:02 - 2018-02-12 04:02 - 002340600 _____ C:\Users\Greg\Downloads\SharewareOnSale_Giveaway_CintaNotes_PRO_hub.exe
2018-02-12 04:02 - 2018-02-12 04:02 - 000001111 _____ C:\Users\Public\Desktop\CintaNotes.lnk
2018-02-12 00:03 - 2018-02-12 00:04 - 038911168 ____N C:\Users\Greg\Downloads\vlc-3.0.0-win32.exe
2018-02-09 01:08 - 2018-02-09 01:09 - 013739246 _____ C:\Users\Greg\Downloads\w_wile255.pdf
2018-02-09 01:08 - 2018-02-09 01:09 - 013739246 _____ C:\Users\Greg\Downloads\w_wile255 (1).pdf
2018-02-07 02:08 - 2018-02-05 19:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-07 02:08 - 2018-02-05 19:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 00:37 - 2018-02-07 00:37 - 000000000 ____D C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-02-06 23:47 - 2018-02-06 23:49 - 000000000 ____D C:\Users\Greg\Dr. Bergman
2018-02-06 17:25 - 2018-02-06 17:25 - 006165504 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-02-04 17:35 - 2018-02-04 17:35 - 000003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1517790891
2018-02-04 17:35 - 2018-02-04 17:35 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Opera Software
2018-02-04 17:35 - 2018-02-04 17:35 - 000000000 ____D C:\Users\Greg\AppData\Local\Opera Software
2018-02-04 17:35 - 2018-02-04 17:34 - 000001169 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2018-02-04 17:35 - 2018-02-04 17:34 - 000001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-02-04 17:34 - 2018-02-27 00:44 - 000000000 ____D C:\Program Files\Opera
2018-02-04 17:33 - 2018-02-04 17:33 - 001269688 _____ (Opera Software) C:\Users\Greg\Downloads\OperaSetup.exe
2018-02-04 12:44 - 2018-02-04 12:45 - 197398752 _____ C:\Users\Greg\Downloads\Q & A with Ty & Charlene Bollinger Part 2 - The Truth About .mp4
2018-02-03 23:36 - 2018-02-03 23:36 - 026590655 _____ C:\Users\Greg\Downloads\Memory Stimulator Main VSL.mp4
2018-02-02 01:04 - 2018-02-02 01:31 - 290809909 _____ C:\Users\Greg\Downloads\Mom Alexis Fawx in Yellow Panties [bleep]s Son - Pornhub.com.mp4
2018-02-01 19:58 - 2018-02-07 21:39 - 000000000 ____D C:\Users\Greg\Documents\LiveLongerFeelBetter
2018-02-01 18:50 - 2018-02-01 19:03 - 000000000 ____D C:\Users\Greg\Documents\TheBankersSecret
2018-02-01 13:14 - 2018-02-01 13:14 - 036357664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2018-02-01 13:14 - 2018-02-01 13:14 - 029389768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2018-02-01 13:14 - 2018-02-01 13:14 - 017036560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2018-02-01 13:13 - 2018-02-01 13:13 - 001690952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-02-01 13:13 - 2018-02-01 13:13 - 000991744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-02-01 13:13 - 2018-02-01 13:13 - 000942024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-02-01 13:13 - 2018-02-01 13:13 - 000235432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-02-01 13:13 - 2018-02-01 13:13 - 000054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 040246304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 004210536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 003624960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001998792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438873.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001683400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438873.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001109776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-02-01 13:12 - 2018-02-01 13:12 - 001041352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-02-01 13:11 - 2018-02-01 13:11 - 035166664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 023482944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 019218440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 013377544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-02-01 13:10 - 2018-02-01 13:10 - 010985720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-02-01 13:09 - 2018-02-01 13:09 - 001154256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-02-01 13:09 - 2018-02-01 13:09 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 014000816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 011896592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 004533664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-02-01 13:08 - 2018-02-01 13:08 - 003859632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-02-01 08:44 - 2018-02-01 08:44 - 000048510 _____ C:\WINDOWS\system32\nvinfo.pb
2018-02-01 08:44 - 2018-02-01 08:44 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2018-02-01 08:44 - 2018-02-01 08:44 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2018-02-01 04:04 - 2018-02-01 04:12 - 000000000 ____D C:\Users\Greg\Documents\Steganos Safe
2018-02-01 04:03 - 2018-02-01 04:03 - 000001123 _____ C:\Users\Public\Desktop\Steganos Safe.lnk
2018-02-01 04:03 - 2018-02-01 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 18
2018-02-01 04:03 - 2018-02-01 04:03 - 000000000 ____D C:\Program Files (x86)\Steganos Safe 18
2018-02-01 04:02 - 2018-02-01 04:02 - 000000000 ____D C:\Users\Greg\SteganosSafe18

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-03 22:12 - 2018-01-14 02:14 - 001272858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-03 22:09 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-03 22:07 - 2016-11-16 03:24 - 000000000 ____D C:\Users\Greg\AppData\LocalLow\Mozilla
2018-03-03 22:05 - 2018-01-14 02:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-03 22:05 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration
2018-03-03 22:05 - 2016-11-20 04:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-03 22:05 - 2016-11-20 04:12 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2018-03-03 22:04 - 2017-09-29 01:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-03 22:04 - 2016-11-23 03:55 - 000000000 ____D C:\ProgramData\IObit
2018-03-03 22:04 - 2014-11-16 23:31 - 000000000 ____D C:\WINDOWS\system32\log
2018-03-03 22:03 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-03 22:03 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-03 22:03 - 2016-11-23 03:55 - 000000000 ____D C:\Users\Greg\AppData\LocalLow\IObit
2018-03-03 22:03 - 2016-11-23 03:54 - 000000000 ____D C:\Users\Greg\AppData\Roaming\IObit
2018-03-03 22:01 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-03 21:26 - 2016-11-22 02:53 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WowApp
2018-03-03 21:25 - 2017-07-07 03:47 - 000000000 ____D C:\Program Files (x86)\Windscribe
2018-03-03 21:24 - 2016-11-01 21:43 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-03-03 21:01 - 2018-01-03 03:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast VD
2018-03-03 21:00 - 2018-01-03 03:54 - 000000000 ____D C:\Users\Greg\AppData\Local\FastVD
2018-03-03 20:52 - 2016-11-23 03:55 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-03 20:42 - 2018-01-14 02:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-03 00:28 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-03 00:27 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-03 00:25 - 2013-10-09 14:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-02 05:51 - 2016-11-23 03:55 - 000000000 ____D C:\ProgramData\ProductData
2018-03-02 01:48 - 2014-01-14 01:21 - 000000000 ____D C:\Users\Greg\AppData\Roaming\vlc
2018-03-02 01:44 - 2014-09-18 19:31 - 000000000 ____D C:\Users\Greg\Documents\DVDFab Media Player
2018-03-01 22:12 - 2016-12-18 19:45 - 000000000 ____D C:\Users\Greg\Documents\Essential Oils - Ancient Medicine
2018-03-01 04:40 - 2018-01-14 02:15 - 000000000 ____D C:\Users\Greg
2018-02-28 22:26 - 2016-09-03 21:15 - 000000000 ____D C:\Users\Greg\dwhelper
2018-02-27 23:50 - 2013-12-21 14:44 - 000000000 ____D C:\Users\Greg\AppData\Local\ElevatedDiagnostics
2018-02-27 23:40 - 2014-06-05 22:51 - 000000000 ____D C:\Users\Greg\Documents\The Legends Network
2018-02-27 22:44 - 2015-12-13 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-27 21:21 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-27 20:51 - 2013-12-21 00:13 - 000001606 _____ C:\WINDOWS\ATREX.INI
2018-02-27 20:51 - 2013-12-21 00:13 - 000000000 ____D C:\ATREX
2018-02-27 05:41 - 2014-02-16 15:59 - 000000000 ___RD C:\Users\Greg\Desktop\Old Firefox Data
2018-02-27 00:37 - 2016-01-20 03:31 - 000000000 ____D C:\ProgramData\Ashampoo
2018-02-26 21:02 - 2016-01-17 23:09 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Notepad++
2018-02-26 21:02 - 2013-12-20 21:02 - 000000000 ____D C:\Users\Greg\AppData\Local\Adobe
2018-02-26 19:53 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-26 19:39 - 2018-01-14 02:16 - 000000000 ____D C:\Users\Greg\AppData\Local\Packages
2018-02-25 23:03 - 2015-11-22 23:07 - 000000000 ____D C:\Users\Greg\Documents\Health
2018-02-25 22:50 - 2017-12-06 21:59 - 000000000 ____D C:\Users\Greg\Documents\AutoImmune Secrets
2018-02-24 19:36 - 2017-11-14 23:47 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2018-02-22 18:56 - 2014-01-21 00:13 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-22 18:56 - 2014-01-21 00:13 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-22 18:23 - 2015-06-14 20:14 - 000000000 ___RD C:\Users\Greg\SkyDrive
2018-02-18 12:04 - 2016-07-25 20:46 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Apowersoft
2018-02-18 05:07 - 2014-01-05 02:26 - 000000000 ____D C:\Users\Greg\AppData\Local\CrashDumps
2018-02-18 05:05 - 2016-05-05 02:59 - 000000872 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-18 05:05 - 2016-05-05 02:59 - 000000000 ____D C:\Program Files\CCleaner
2018-02-17 19:49 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-02-17 19:49 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-02-17 01:27 - 2017-09-11 19:58 - 000073728 _____ C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-13 22:58 - 2017-11-02 22:40 - 000000000 ____D C:\Users\Greg\Documents\The Sacred Plant
2018-02-13 16:15 - 2016-11-20 04:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-13 16:15 - 2016-01-25 19:59 - 000000000 ____D C:\temp
2018-02-13 16:12 - 2016-11-20 04:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-13 16:12 - 2016-11-20 04:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-02-12 04:07 - 2018-01-12 22:05 - 000000000 ___DC C:\WINDOWS\Panther
2018-02-12 04:02 - 2016-07-12 03:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CintaNotes
2018-02-12 04:02 - 2016-07-12 03:04 - 000000000 ____D C:\Program Files (x86)\CintaNotes
2018-02-12 00:07 - 2014-01-14 01:20 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-07 02:27 - 2018-01-24 23:22 - 000000000 ____D C:\WINDOWS\Minidump
2018-02-06 00:11 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-05 00:37 - 2017-07-15 12:01 - 000000000 ____D C:\Users\Greg\Documents\TheTruthAboutVaccines
2018-02-04 12:43 - 2014-08-24 16:19 - 000000000 ____D C:\Users\Greg\AppData\Local\EvernoteNW
2018-02-01 04:04 - 2016-09-27 02:05 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Steganos

==================== Files in the root of some directories =======

2016-07-03 15:46 - 2016-07-03 15:46 - 000000876 _____ () C:\Users\Greg\exe.reg
2014-10-06 23:10 - 2014-11-17 02:12 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.1.txt
2014-10-06 23:10 - 2014-11-16 23:46 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.2.txt
2014-10-06 23:10 - 2014-10-23 23:23 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.3.txt
2014-10-06 23:10 - 2014-10-06 23:10 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.4.txt
2014-10-06 23:10 - 2014-11-18 01:40 - 000001167 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.txt
2014-10-06 23:10 - 2014-11-18 01:40 - 000000000 _____ () C:\Users\Greg\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-01-14 00:42 - 2014-08-20 20:34 - 000014336 _____ () C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-06 23:06 - 2016-11-06 23:06 - 000000337 _____ () C:\Users\Greg\AppData\Local\Perfmon.PerfmonCfg
2016-11-06 23:06 - 2017-11-04 18:06 - 000007605 _____ () C:\Users\Greg\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2016-10-25 01:39 - 2016-10-25 01:39 - 001008816 _____ () C:\Users\Greg\AppData\Local\Temp\notifiertmp914864.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-18 05:16

==================== End of FRST.txt ============================

 

 

NOw my addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Greg (03-03-2018 22:13:42)
Running from C:\Users\Greg\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2018-01-14 09:41:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-499928188-2534183837-3826530114-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-499928188-2534183837-3826530114-503 - Limited - Disabled)
Greg (S-1-5-21-499928188-2534183837-3826530114-1001 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-499928188-2534183837-3826530114-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-499928188-2534183837-3826530114-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Aiseesoft Screen Recorder 1.0.8 (HKLM-x32\...\{DD85E531-C84E-4247-B7A3-5F0C22D276DB}_is1) (Version: 1.0.8 - Aiseesoft Studio)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
AllMyNotes Organizer (HKLM-x32\...\AllMyNotes Organizer) (Version: 3.21 - Vladonai Software)
Apowersoft Online Launcher version 1.4.4 (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.4 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AquaSoft DiaShow 7 Premium (HKLM-x32\...\{9FFC4C2D-374D-482B-AA58-67282CE23695}) (Version: 7.8.01 - AquaSoft) Hidden
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 9 (HKLM-x32\...\{0A11EA01-D628-EEFD-B5E8-864238AE9105}_is1) (Version: 9.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 2016 (HKLM-x32\...\{4209F371-38F5-0B47-1C5B-A4A8456950A3}_is1) (Version: 12.00.40 - Ashampoo GmbH & Co. KG)
Asoftech Photo Recovery (HKLM-x32\...\{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}) (Version: 3.16 - )
Atrex (HKLM-x32\...\Atrex) (Version: 10.02 - Millennium Software, LLC)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.8.1.0 - Auslogics Labs Pty Ltd)
AVG (HKLM\...\{4A4C705B-6D2D-4868-9C1C-02C7AAC7F32F}) (Version: 16.91.7690 - AVG Technologies)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
CintaNotes 3.11 (HKLM-x32\...\CintaNotes_is1) (Version:  - Cinta Software)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
C-Organizer Pro v 5.1.1 (HKLM-x32\...\C-Organizer Professional_is1) (Version:  - CSoftLab)
CrazyTalk Animator Standard (HKLM-x32\...\{789567FD-CAA2-4E1C-B38E-9072B3015FFD}) (Version: 1.2.2010.1 - Reallusion Inc.)
CSE HTML Validator Professional v16.05 (HKLM-x32\...\CSEHTMLVALIDATOR160_is1) (Version: 16.5.0.0 - AI Internet Solutions LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink PhotoDirector 6 (HKLM-x32\...\{6B684CDB-7255-4e46-9AB1-1D2F2D5540B3}) (Version: 6.0.6727.0 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)
Disk Master Professional version 4.3.7 (HKLM\...\{8213CE5C-49D8-45CC-98C1-7355D18995C5}_is1) (Version: 4.3.7 - QILING Tech Co., Ltd.)
DVDFab 8.2.3.0 (21/12/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.3.1.6 (19/09/2016) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab Media Player 2 (HKLM-x32\...\DVDFab Media Player 2_is1) (Version: 2.4.3.8 - Fengtao Software Inc.)
DVDFab Passkey 8.2.5.5 (09/12/2015) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version:  - Fengtao Software Inc.)
Easy audio mixer 2.1.3 (HKLM-x32\...\EasyAudioMixer2_is1) (Version: 2.1.3 - G.F. Software)
Evernote v. 6.7.5 (HKLM-x32\...\{65B334F4-9E45-11E7-A6A5-005056951CAD}) (Version: 6.7.5.5825 - Evernote Corp.)
Express Accounts Accounting Software (HKLM-x32\...\ExpressAccounts) (Version: 5.07 - NCH Software)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.04 - NCH Software)
Express Invoice Invoicing Software (HKLM-x32\...\ExpressInvoice) (Version: 4.32 - NCH Software)
Fast VD 3.1.0.0 (HKLM-x32\...\9ED08AFF-E977-47db-8923-2499D74C97C5_Fast VD_is1) (Version: 3.1.0.0 - FastPcTools)
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Hardwipe 5.1.3 (HKLM\...\{AD3CFB60-96FC-4830-830B-7BC538132B04}) (Version: 5.1.3 - Big Angry Dog)
Helicon Filter 5.5.4 (HKLM-x32\...\Helicon Filter 5_is1) (Version:  - Helicon Soft Ltd.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HippoEDIT 1.60.44 (HKLM-x32\...\HippoEDIT) (Version: 1.60.44 - HippoEDIT.com)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\HPConnectedMusic) (Version: 1.1 (build 87) hp - Meridian Audio Ltd)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Icecream Ebook Reader version 4.24 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 4.24 - Icecream Apps)
Icecream PDF Converter version 2.49 (HKLM-x32\...\{6811A286-E9F4-4035-9738-7721C087E500}_is1) (Version: 2.49 - Icecream Apps)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Inpaint 7.1 (HKLM\...\{5808866F-D115-46B2-8123-BB6801968101}_is1) (Version:  - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 3.58 - NCH Software)
iSyncr (HKLM-x32\...\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}) (Version: 5.1.6 - JRT Studio)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
Kodi (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LeaderTask 11.1.1.2 (HKLM-x32\...\LeaderTask_is1) (Version:  - Organizer LeaderTask LLC)
LopeEdit (HKLM-x32\...\LopeEdit_is1) (Version: 5.6.3 - LopeSoft)
Manuals Finder (HKLM-x32\...\Manuals Finder) (Version: 1.0 - Manuals Finder)
Mediatek Bluetooth Stack (HKLM-x32\...\{B39E1237-AB91-4DAE-BB8A-F7EF19C7BA2A}) (Version: 11.0.743.0 - Mediatek)
MergeModule_x64 (HKLM\...\{3D576235-F0CE-4B50-A9C6-0775B9E50B63}) (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{306CBA87-E890-4FBB-9AB8-E65C96D352B2}) (Version: 9.1.00 - Sony Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Opera Stable 50.0.2762.67 (HKLM-x32\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Peachtree Complete Accounting 2005 (HKLM-x32\...\InstallShield_{238E20DB-EF53-4388-9B97-2C9E45234D83}) (Version: 12.00.00 - Best Software SB, Inc)
PHOTO projects 3 (64-Bit) (HKLM\...\COLOR_PROJECTS_3_3_C935FDA1_is1) (Version: 3.34 - Franzis Verlag GmbH)
Photo Stamp Remover 9.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 9.0 - SoftOrbits)
PHOTOfunSTUDIO 5.0 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.320 - Panasonic Corporation)
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.7 - NGWIN)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}) (Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{8E5861CA-9B65-488B-972E-405AD03EBC7C}) (Version: 9.2.00 - Sony Corporation) Hidden
Privacy Protector for Windows 10 1.0 (HKLM-x32\...\Privacy Protector for Windows 10_is1) (Version: 1.0 - SoftOrbits)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanPapyrus (HKLM-x32\...\{D243A198-99BB-42A0-828E-98AE3F01D215}_is1) (Version: 16.11.2 - ScanPapyrus Team)
Simplenote 1.1.1 (HKLM-x32\...\e850fc3b-cc8a-5579-9299-32253cc2000f) (Version: 1.1.1 - Automattic, Inc.)
Skitch (HKLM-x32\...\Skitch 2.3.2.176) (Version: 2.3.2.176 - Evernote Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Soft Organizer version 6.15 (HKLM-x32\...\Soft Organizer_is1) (Version: 6.15 - ChemTable Software)
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3790 - SoftMaker Software GmbH)
SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - )
Steganos Safe 18 (HKLM-x32\...\{0A81476E-6553-443B-B34F-0BFE17ACAFFB}) (Version: 18.0.2 - Steganos Software GmbH)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Task Manager 20-20 (HKLM-x32\...\Task Manager 20-20) (Version:  - )
TC Web Conferencing (HKLM-x32\...\{8EB39AA7-4019-4550-AF6C-BE51BB27B446}) (Version: 8.421 - Digitalweb)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.93332 - TeamViewer)
Total Network Monitor 2.1.0 build 4040 (HKLM-x32\...\Total Network Monitor 2_is1) (Version: 2.1.0.4040 - Softinventive Lab Inc.)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2016 (HKLM-x32\...\{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}) (Version: 1.00.0000 - Intuit Canada)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Video Download Capture V6.0.4 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.0.4 - APOWERSOFT LIMITED)
Video Watermark Pro (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\VideoWatermarkPro) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.14 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.72 (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Watermark Software 8.2 (HKLM-x32\...\Watermark Software) (Version: 8.2 - watermark-software.com)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.12 - NCH Software)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinSplit Revolution (v11.04) (HKLM-x32\...\WinSplit Revolution) (Version: 11.04 - Raphael Lencrerot)
WinZip Self-Extractor (HKLM-x32\...\{98E8F5CD-4D07-4C66-992B-4BD3547C86AF}) (Version: 4.0.8672.0 - WinZip Computing, S.L.)
Wondershare Dr.Fone for Android(Build 6.5.0.12) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.5.0.12 - Wondershare Software Co.,Ltd.)
World of Warships (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
WowTron PDF Page Organizer 1.1.1 (HKLM-x32\...\WowTron PDF Page Organizer 1.1.1) (Version: 1.1.1 - WowTron Software Co. Ltd.)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_EN_is1) (Version:  - ZONER software)
Zoom (HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 11.1.0 - Inmatrix LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-499928188-2534183837-3826530114-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Greg\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-07-28] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers2: [BigAngryDog_HWipe] -> {B0FFE529-A5D3-4ECE-91C0-9E3585C373D8} => C:\Program Files\Hardwipe\hw-bin\hwshell.dll [2016-02-16] (Big Angry Dog)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers2: [SteganosShellExtension] -> {FAE0A3E0-3010-41BA-9DDC-A631394F047F} => C:\Program Files (x86)\Steganos Safe 18\ShellExtension.dll [2014-08-27] ()
ContextMenuHandlers3: [BigAngryDog_HWipe] -> {8154B7C1-BB68-457C-931A-5BFABBA86CD9} => C:\Program Files\Hardwipe\hw-bin\hwshell.dll [2016-02-16] (Big Angry Dog)
ContextMenuHandlers3: [SteganosShellExtension] -> {FAE0A3E0-3010-41BA-9DDC-A631394F047F} => C:\Program Files (x86)\Steganos Safe 18\ShellExtension.dll [2014-08-27] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files (x86)\Zoom Player\zpshlext64.dll [2008-08-05] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-18] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-07-28] (AVG Technologies CZ, s.r.o.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05C78C70-662D-4F6D-8810-35BF099881B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {0E1EE6F2-9E0A-4249-9154-EE969461CA27} - \Microsoft\Office\Office Automatic Updates -> No File <==== ATTENTION
Task: {0ED20C05-BF0A-4591-961B-AE402F022DDC} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {37CA121A-D5BB-4442-9655-F59890FC1AD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {39312CA7-DB5E-48F9-8417-7C960442F85F} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {3A0390A8-8F2D-4E5C-B5CC-6BC4030D0215} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {4C60F977-A1C6-4584-8F2F-C5C71191493D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {75D16A9D-9EDD-4356-BF2B-13D0FCA19B95} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {79B51D08-9D49-45D8-B5DF-A614547EEE0B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {7B108545-1B0E-47FE-B04D-B7494B15681D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {7C04B855-9F75-497E-944A-44084759A1E5} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe [2014-08-16] (NCH Software)
Task: {805164EA-2AA3-425C-A1E8-6D149AB49B0D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-03] (Microsoft Corporation)
Task: {8BA49648-A0F0-4D90-88A9-C2BFB602C0C0} - System32\Tasks\G2MUploadTask-S-1-5-21-499928188-2534183837-3826530114-1001 => C:\Users\Greg\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C3FFFA14-3E59-48D1-8A31-A6C362160402} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-03] (Microsoft Corporation)
Task: {D0DF5BC5-61BF-485E-9E7C-9DB48957E0A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DE5B7C63-0110-4A07-A95D-19E938677E2B} - System32\Tasks\Opera scheduled Autoupdate 1517790891 => C:\Program Files\Opera\launcher.exe [2018-01-21] (Opera Software)
Task: {FD92DBCA-D09B-4FBC-9C94-8DEA392D80A9} - System32\Tasks\G2MUpdateTask-S-1-5-21-499928188-2534183837-3826530114-1001 => C:\Users\Greg\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Greg\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Watermark Pro\Buy Video Watermark Pro on online.lnk -> hxxp:
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Watermark Pro\Video Watermark Pro on the web.lnk -> hxxp:

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-12 13:53 - 2011-04-12 13:53 - 000015360 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitHook64.DLL
2017-12-13 18:33 - 2017-12-13 18:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 18:33 - 2017-12-13 18:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-03 21:59 - 2018-03-03 22:00 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-03 21:59 - 2018-03-03 22:00 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2011-04-12 13:53 - 2011-04-12 13:53 - 003951616 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe
2011-04-12 13:53 - 2011-04-12 13:53 - 000015872 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
2011-04-12 13:53 - 2011-04-12 13:53 - 000017920 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr64.exe
2011-04-12 13:53 - 2011-04-12 13:53 - 000013312 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitHook32.DLL
2011-04-12 13:53 - 2011-04-12 13:53 - 000011264 _____ () C:\Program Files (x86)\WinSplit Revolution\WinSplitLib.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-10-29 22:13 - 2017-04-11 15:10 - 000275152 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\CrashRpt1403.dll
2017-10-29 22:13 - 2017-04-11 15:10 - 000092368 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\MouseHook.dll
2013-10-09 14:05 - 2013-03-12 07:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 22:53 - 2013-03-12 22:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-03-03 22:06 - 2018-03-03 22:06 - 000098816 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32api.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000110080 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\pywintypes27.dll
2018-03-03 22:06 - 2018-03-03 22:06 - 000364544 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\pythoncom27.dll
2018-03-03 22:06 - 2018-03-03 22:06 - 000320512 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32com.shell.shell.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000914432 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_hashlib.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 001176576 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._core_.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000806400 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._gdi_.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000816128 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._windows_.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 001067008 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._controls_.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000733184 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._misc_.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000682496 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\pysqlite2._sqlite.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000088064 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_ctypes.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000686080 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\unicodedata.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000119808 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32file.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000108544 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32security.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000007168 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\hashobjs_ext.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000017920 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\thumbnails_ext.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000088064 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\usb_ext.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000012800 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\common.time34.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000018432 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32event.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000167936 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32gui.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000046080 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_socket.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 001303552 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_ssl.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000128512 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_elementtree.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000127488 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\pyexpat.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000038912 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32inet.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000036864 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_psutil_windows.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000525208 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\windows._lib_cacheinvalidation.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000011264 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32crypt.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000123392 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._wizard.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000077312 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._html2.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000027648 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_multiprocessing.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000020480 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\_yappi.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000035840 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32process.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000078848 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\wx._animate.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000024064 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32pipe.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000010240 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\select.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000025600 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32pdh.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000017408 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32profile.pyd
2018-03-03 22:06 - 2018-03-03 22:06 - 000022528 ____R () C:\Users\Greg\AppData\Local\Temp\_MEI108082\win32ts.pyd
2013-12-21 15:30 - 2013-08-12 08:32 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-03-03 21:34 - 2018-03-03 21:34 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-499928188-2534183837-3826530114-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254 - 75.153.171.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: wlidsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "iSyncr.lnk"
HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 5.0 HD Edition.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\StartupFolder: => "C-Organizer Pro.lnk"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "AllMyNotes"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "Skitch"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "DVDFab Passkey"
HKU\S-1-5-21-499928188-2534183837-3826530114-1001\...\StartupApproved\Run: => "WowApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{639ABA07-D07B-4BCE-8C2B-D94A95C759D5}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe
FirewallRules: [UDP Query User{CDC858AC-C080-4E71-B683-256D9895E591}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe
FirewallRules: [TCP Query User{24D577C9-E239-4496-AB9E-708D992E045D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{651A976A-347C-494A-A545-A3187A04F57A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0DED404C-F4DC-47E6-BF17-3C38AC5FE254}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{6758B403-CA70-4D33-8824-36C763E3C63F}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{A5D94479-CD5D-40DD-85D8-EFF567F3F94F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FBF1A908-A0F3-451D-9B8E-15F1E49B8F74}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B559943A-36F1-4B1A-8791-F1691D2FF08D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5F90CE09-8E07-4449-9EB2-10E9C1773745}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{F7F588DA-DED8-4F89-B2B0-3DC5DA67756F}C:\users\greg\appdata\local\warthunder\launcher.exe] => (Block) C:\users\greg\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{ACBD9EE8-ACDC-4EFE-A267-64C3F1D9E3F6}C:\users\greg\appdata\local\warthunder\launcher.exe] => (Block) C:\users\greg\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{CF3C1799-99DA-41C7-9554-05683622D93A}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{7ED3DDE8-232C-4289-802A-72744017F025}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe

==================== Restore Points =========================

26-02-2018 16:10:52 Scheduled Checkpoint
26-02-2018 21:49:07 Removed WeatherBuddy
03-03-2018 20:52:53 Removed Bonjour

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2018 10:03:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.16299.98, time stamp: 0xefd6d9e3
Faulting module name: combase.dll, version: 10.0.16299.15, time stamp: 0x3db461b4
Exception code: 0xc0000005
Fault offset: 0x00000000000b67f8
Faulting process id: 0x2284
Faulting application start time: 0x01d3b374b1d41bd8
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 9d2f5d25-a610-4028-afa0-36de472f4665
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2018 10:05:07 PM) (Source: sptd2) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/03/2018 10:04:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The pipe has been ended.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8147.35 MB
Available physical RAM: 5318.58 MB
Total Virtual: 13011.35 MB
Available Virtual: 10113.01 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.64 GB) (Free:129.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.61 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (SimpleDrive) (Fixed) (Total:298.09 GB) (Free:26.11 GB) NTFS
Drive g: (Cavalry) (Fixed) (Total:931.51 GB) (Free:60.96 GB) NTFS

\\?\Volume{4fc6d7a9-d295-4a16-8d77-3bdab76785a4}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.64 GB) NTFS
\\?\Volume{2c0bae54-7976-4b23-b7a6-5efdbacc5e98}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.31 GB) FAT32
\\?\Volume{0f32a574-36a9-406b-a1bd-087c02e752f8}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{825c3c32-9ad9-4625-95a6-1493accbe4d9}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F9B9E3C3)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 95B1D41A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7B794979)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#7
gnrook
Posted 03 March 2018 - 11:24 PM

gnrook

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

here is my MTB log

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Greg (administrator) on 03-03-2018 at 22:23:22
Running from "C:\Users\Greg\Desktop"
Microsoft Windows 10 Home  (X64)
Model: 500-199 Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Ralink RT3290 802.11bgn Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=disabled dhcpmediasense=disabled
add route prefix=157.56.121.89/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.133.204/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.129.21/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=77.67.29.176/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.108.33/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.57.107.27/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.57.107.163/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.57.101.163/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.39.10/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.223.20.82/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=2.22.61.66/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=2.22.61.43/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.96.54/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.124.87/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.106.189/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.240.220/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=104.96.147.3/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=137.117.235.16/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=137.116.81.24/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=111.221.29.253/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.71/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.63/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.186/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.126/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.114/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.108.23/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.108.29/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.115.60/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.94/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.93/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=111.221.29.177/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.185.70/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.92/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.91/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.9/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.7/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.11/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.39.117.230/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.6.100/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.32/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.30.202/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.165.248/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.22/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.165.253/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.218.212.69/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.99.10.11/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.102.21.4/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=212.30.134.205/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=212.30.134.204/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.68.166.254/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.223.94/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.114.58/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.29.238/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.101.29/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=131.253.40.37/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.139.2/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.200/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.237.208.126/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.80.62/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.80.58/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.139.254/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=168.63.108.233/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.91.77/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.93/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.92/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled mtu=1500 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled mtu=1500 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled rabaseddnsconfig=disabled dhcpstaticipcoexistence=disabled
set interface interface="ethernet_4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : downstair-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : telus

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-46-A0-A0-B8-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 70-18-8B-56-55-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : telus
   Description . . . . . . . . . . . : Ralink RT3290 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 70-18-8B-56-55-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:56a:75a2:f300:810e:14d:aa39:81eb(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:56a:75a2:f300:1096:df85:f7bd:fa5c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::810e:14d:aa39:81eb%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : March 3, 2018 10:06:12 PM
   Lease Expires . . . . . . . . . . : March 4, 2018 10:06:11 PM
   Default Gateway . . . . . . . . . : fe80::1278:5bff:fedb:4da0%5
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 359667851
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-F0-FA-69-74-46-A0-A0-B8-50
   DNS Servers . . . . . . . . . . . : 2001:568:ff09:10c::53
                                       2001:568:ff09:10a::114
                                       192.168.1.254
                                       75.153.171.114
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 70-18-8B-56-55-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  node-1w7jr9n24twqzs2cg5ed4tjkj.ipv6.telus.net
Address:  2001:568:ff09:10c::53

Name:    google.com
Addresses:  2607:f8b0:4009:80f::200e
      172.217.3.206


Pinging google.com [2607:f8b0:400a:809::200e] with 32 bytes of data:
Reply from 2607:f8b0:400a:809::200e: time=24ms
Reply from 2607:f8b0:400a:809::200e: time=22ms

Ping statistics for 2607:f8b0:400a:809::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 24ms, Average = 23ms
Server:  node-1w7jr9n24twqzs2cg5ed4tjkj.ipv6.telus.net
Address:  2001:568:ff09:10c::53

Name:    yahoo.com
Addresses:  2001:4998:c:e33::53
      2001:4998:58:2201::73
      206.190.39.42
      98.139.180.180


Pinging yahoo.com [2001:4998:58:2201::73] with 32 bytes of data:
Reply from 2001:4998:58:2201::73: time=71ms
Reply from 2001:4998:58:2201::73: time=74ms

Ping statistics for 2001:4998:58:2201::73:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 71ms, Maximum = 74ms, Average = 72ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...74 46 a0 a0 b8 50 ......Realtek PCIe GBE Family Controller
 11...70 18 8b 56 55 35 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...70 18 8b 56 55 33 ......Ralink RT3290 802.11bgn Wi-Fi Adapter
  3...70 18 8b 56 55 34 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.71     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.71    311
     192.168.1.71  255.255.255.255         On-link      192.168.1.71    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.71    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.71    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.71    311
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    157.56.121.89  255.255.255.255         On-link        1
   157.55.133.204  255.255.255.255         On-link        1
    157.55.129.21  255.255.255.255         On-link        1
     77.67.29.176  255.255.255.255         On-link        1
     65.52.108.33  255.255.255.255         On-link        1
     23.57.107.27  255.255.255.255         On-link        1
    23.57.107.163  255.255.255.255         On-link        1
    23.57.101.163  255.255.255.255         On-link        1
      65.55.39.10  255.255.255.255         On-link        1
     23.223.20.82  255.255.255.255         On-link        1
       2.22.61.66  255.255.255.255         On-link        1
       2.22.61.43  255.255.255.255         On-link        1
     157.56.96.54  255.255.255.255         On-link        1
    157.56.124.87  255.255.255.255         On-link        1
   157.56.106.189  255.255.255.255         On-link        1
   157.55.240.220  255.255.255.255         On-link        1
     104.96.147.3  255.255.255.255         On-link        1
   137.117.235.16  255.255.255.255         On-link        1
    137.116.81.24  255.255.255.255         On-link        1
   111.221.29.253  255.255.255.255         On-link        1
     65.55.252.71  255.255.255.255         On-link        1
     65.55.252.63  255.255.255.255         On-link        1
    65.55.138.186  255.255.255.255         On-link        1
    65.55.138.126  255.255.255.255         On-link        1
    65.55.138.114  255.255.255.255         On-link        1
     65.55.108.23  255.255.255.255         On-link        1
     65.52.108.29  255.255.255.255         On-link        1
   134.170.115.60  255.255.255.255         On-link        1
     65.52.100.94  255.255.255.255         On-link        1
     65.52.100.93  255.255.255.255         On-link        1
   111.221.29.177  255.255.255.255         On-link        1
   134.170.185.70  255.255.255.255         On-link        1
     65.52.100.92  255.255.255.255         On-link        1
     65.52.100.91  255.255.255.255         On-link        1
      65.52.100.9  255.255.255.255         On-link        1
      65.52.100.7  255.255.255.255         On-link        1
     65.52.100.11  255.255.255.255         On-link        1
    65.39.117.230  255.255.255.255         On-link        1
       64.4.6.100  255.255.255.255         On-link        1
       64.4.54.32  255.255.255.255         On-link        1
   134.170.30.202  255.255.255.255         On-link        1
  134.170.165.248  255.255.255.255         On-link        1
       64.4.54.22  255.255.255.255         On-link        1
  134.170.165.253  255.255.255.255         On-link        1
    23.218.212.69  255.255.255.255         On-link        1
      23.99.10.11  255.255.255.255         On-link        1
      23.102.21.4  255.255.255.255         On-link        1
   212.30.134.205  255.255.255.255         On-link        1
   212.30.134.204  255.255.255.255         On-link        1
   207.68.166.254  255.255.255.255         On-link        1
    207.46.223.94  255.255.255.255         On-link        1
    207.46.114.58  255.255.255.255         On-link        1
     65.55.29.238  255.255.255.255         On-link        1
    207.46.101.29  255.255.255.255         On-link        1
    131.253.40.37  255.255.255.255         On-link        1
    191.232.139.2  255.255.255.255         On-link        1
   204.79.197.200  255.255.255.255         On-link        1
  191.237.208.126  255.255.255.255         On-link        1
    191.232.80.62  255.255.255.255         On-link        1
    191.232.80.58  255.255.255.255         On-link        1
  191.232.139.254  255.255.255.255         On-link        1
   168.63.108.233  255.255.255.255         On-link        1
     157.56.91.77  255.255.255.255         On-link        1
     65.55.252.93  255.255.255.255         On-link        1
     65.55.252.92  255.255.255.255         On-link        1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    311 ::/0                     fe80::1278:5bff:fedb:4da0
  1    331 ::1/128                  On-link
  5    311 2001:56a:75a2:f300::/64  On-link
  5    311 2001:56a:75a2:f300:1096:df85:f7bd:fa5c/128
                                    On-link
  5    311 2001:56a:75a2:f300:810e:14d:aa39:81eb/128
                                    On-link
  5    311 fe80::/64                On-link
  5    311 fe80::810e:14d:aa39:81eb/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [] ()
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/03/2018 10:03:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.16299.98, time stamp: 0xefd6d9e3
Faulting module name: combase.dll, version: 10.0.16299.15, time stamp: 0x3db461b4
Exception code: 0xc0000005
Fault offset: 0x00000000000b67f8
Faulting process id: 0x2284
Faulting application start time: 0xwuauclt.exe0
Faulting application path: wuauclt.exe1
Faulting module path: wuauclt.exe2
Report Id: wuauclt.exe3
Faulting package full name: wuauclt.exe4
Faulting package-relative application ID: wuauclt.exe5


System errors:
=============
Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2018 10:05:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2018 10:05:07 PM) (Source: sptd2) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/03/2018 10:04:46 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
%%109 = The pipe has been ended.


Error: (03/03/2018 10:03:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: 2018-02 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4074588).

Error: (03/03/2018 10:03:46 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Aiseesoft Screen Recorder 1.0.8 (HKLM-x32\...\{DD85E531-C84E-4247-B7A3-5F0C22D276DB}_is1) (Version: 1.0.8 - Aiseesoft Studio)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
AllMyNotes Organizer (HKLM-x32\...\AllMyNotes Organizer) (Version: 3.21 - Vladonai Software)
Apowersoft Online Launcher version 1.4.4 (HKCU\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.4 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AquaSoft DiaShow 7 Premium (HKLM-x32\...\{9FFC4C2D-374D-482B-AA58-67282CE23695}) (Version: 7.8.01 - AquaSoft) Hidden
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 9 (HKLM-x32\...\{0A11EA01-D628-EEFD-B5E8-864238AE9105}_is1) (Version: 9.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 2016 (HKLM-x32\...\{4209F371-38F5-0B47-1C5B-A4A8456950A3}_is1) (Version: 12.00.40 - Ashampoo GmbH & Co. KG)
Asoftech Photo Recovery (HKLM-x32\...\{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}) (Version: 3.16 - )
Atrex (HKLM-x32\...\Atrex) (Version: 10.02 - Millennium Software, LLC)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.8.1.0 - Auslogics Labs Pty Ltd)
AVG (HKLM\...\{4A4C705B-6D2D-4868-9C1C-02C7AAC7F32F}) (Version: 16.91.7690 - AVG Technologies)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
CintaNotes 3.11 (HKLM-x32\...\CintaNotes_is1) (Version:  - Cinta Software)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
C-Organizer Pro v 5.1.1 (HKLM-x32\...\C-Organizer Professional_is1) (Version:  - CSoftLab)
CrazyTalk Animator Standard (HKLM-x32\...\{789567FD-CAA2-4E1C-B38E-9072B3015FFD}) (Version: 1.2.2010.1 - Reallusion Inc.)
CSE HTML Validator Professional v16.05 (HKLM-x32\...\CSEHTMLVALIDATOR160_is1) (Version: 16.5.0.0 - AI Internet Solutions LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink PhotoDirector 6 (HKLM-x32\...\{6B684CDB-7255-4e46-9AB1-1D2F2D5540B3}) (Version: 6.0.6727.0 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)
Disk Master Professional version 4.3.7 (HKLM\...\{8213CE5C-49D8-45CC-98C1-7355D18995C5}_is1) (Version: 4.3.7 - QILING Tech Co., Ltd.)
DVDFab 8.2.3.0 (21/12/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.3.1.6 (19/09/2016) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab Media Player 2 (HKLM-x32\...\DVDFab Media Player 2_is1) (Version: 2.4.3.8 - Fengtao Software Inc.)
DVDFab Passkey 8.2.5.5 (09/12/2015) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version:  - Fengtao Software Inc.)
Easy audio mixer 2.1.3 (HKLM-x32\...\EasyAudioMixer2_is1) (Version: 2.1.3 - G.F. Software)
Evernote v. 6.7.5 (HKLM-x32\...\{65B334F4-9E45-11E7-A6A5-005056951CAD}) (Version: 6.7.5.5825 - Evernote Corp.)
Express Accounts Accounting Software (HKLM-x32\...\ExpressAccounts) (Version: 5.07 - NCH Software)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.04 - NCH Software)
Express Invoice Invoicing Software (HKLM-x32\...\ExpressInvoice) (Version: 4.32 - NCH Software)
Fast VD 3.1.0.0 (HKLM-x32\...\9ED08AFF-E977-47db-8923-2499D74C97C5_Fast VD_is1) (Version: 3.1.0.0 - FastPcTools)
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKCU\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Hardwipe 5.1.3 (HKLM\...\{AD3CFB60-96FC-4830-830B-7BC538132B04}) (Version: 5.1.3 - Big Angry Dog)
Helicon Filter 5.5.4 (HKLM-x32\...\Helicon Filter 5_is1) (Version:  - Helicon Soft Ltd.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HippoEDIT 1.60.44 (HKLM-x32\...\HippoEDIT) (Version: 1.60.44 - HippoEDIT.com)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 87) hp - Meridian Audio Ltd)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Icecream Ebook Reader version 4.24 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 4.24 - Icecream Apps)
Icecream PDF Converter version 2.49 (HKLM-x32\...\{6811A286-E9F4-4035-9738-7721C087E500}_is1) (Version: 2.49 - Icecream Apps)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Inpaint 7.1 (HKLM\...\{5808866F-D115-46B2-8123-BB6801968101}_is1) (Version:  - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 3.58 - NCH Software)
iSyncr (HKLM-x32\...\{46ABA73A-9045-4BA4-9BAE-FA855F26EF47}) (Version: 5.1.6 - JRT Studio)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
Kodi (HKCU\...\Kodi) (Version:  - XBMC-Foundation)
LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LeaderTask 11.1.1.2 (HKLM-x32\...\LeaderTask_is1) (Version:  - Organizer LeaderTask LLC)
LopeEdit (HKLM-x32\...\LopeEdit_is1) (Version: 5.6.3 - LopeSoft)
Manuals Finder (HKLM-x32\...\Manuals Finder) (Version: 1.0 - Manuals Finder)
Mediatek Bluetooth Stack (HKLM-x32\...\{B39E1237-AB91-4DAE-BB8A-F7EF19C7BA2A}) (Version: 11.0.743.0 - Mediatek)
MergeModule_x64 (HKLM\...\{3D576235-F0CE-4B50-A9C6-0775B9E50B63}) (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{306CBA87-E890-4FBB-9AB8-E65C96D352B2}) (Version: 9.1.00 - Sony Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Opera Stable 50.0.2762.67 (HKLM-x32\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Peachtree Complete Accounting 2005 (HKLM-x32\...\InstallShield_{238E20DB-EF53-4388-9B97-2C9E45234D83}) (Version: 12.00.00 - Best Software SB, Inc)
PHOTO projects 3 (64-Bit) (HKLM\...\COLOR_PROJECTS_3_3_C935FDA1_is1) (Version: 3.34 - Franzis Verlag GmbH)
Photo Stamp Remover 9.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 9.0 - SoftOrbits)
PHOTOfunSTUDIO 5.0 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.320 - Panasonic Corporation)
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.7 - NGWIN)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}) (Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{8E5861CA-9B65-488B-972E-405AD03EBC7C}) (Version: 9.2.00 - Sony Corporation) Hidden
Privacy Protector for Windows 10 1.0 (HKLM-x32\...\Privacy Protector for Windows 10_is1) (Version: 1.0 - SoftOrbits)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanPapyrus (HKLM-x32\...\{D243A198-99BB-42A0-828E-98AE3F01D215}_is1) (Version: 16.11.2 - ScanPapyrus Team)
Simplenote 1.1.1 (HKLM-x32\...\e850fc3b-cc8a-5579-9299-32253cc2000f) (Version: 1.1.1 - Automattic, Inc.)
Skitch (HKLM-x32\...\Skitch 2.3.2.176) (Version: 2.3.2.176 - Evernote Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Soft Organizer version 6.15 (HKLM-x32\...\Soft Organizer_is1) (Version: 6.15 - ChemTable Software)
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3790 - SoftMaker Software GmbH)
SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - )
Steganos Safe 18 (HKLM-x32\...\{0A81476E-6553-443B-B34F-0BFE17ACAFFB}) (Version: 18.0.2 - Steganos Software GmbH)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Task Manager 20-20 (HKLM-x32\...\Task Manager 20-20) (Version:  - )
TC Web Conferencing (HKLM-x32\...\{8EB39AA7-4019-4550-AF6C-BE51BB27B446}) (Version: 8.421 - Digitalweb)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.93332 - TeamViewer)
Total Network Monitor 2.1.0 build 4040 (HKLM-x32\...\Total Network Monitor 2_is1) (Version: 2.1.0.4040 - Softinventive Lab Inc.)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2016 (HKLM-x32\...\{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}) (Version: 1.00.0000 - Intuit Canada)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Video Download Capture V6.0.4 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.0.4 - APOWERSOFT LIMITED)
Video Watermark Pro (HKCU\...\VideoWatermarkPro) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.14 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.72 (HKCU\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Watermark Software 8.2 (HKLM-x32\...\Watermark Software) (Version: 8.2 - watermark-software.com)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.12 - NCH Software)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinSplit Revolution (v11.04) (HKLM-x32\...\WinSplit Revolution) (Version: 11.04 - Raphael Lencrerot)
WinZip Self-Extractor (HKLM-x32\...\{98E8F5CD-4D07-4C66-992B-4BD3547C86AF}) (Version: 4.0.8672.0 - WinZip Computing, S.L.)
Wondershare Dr.Fone for Android(Build 6.5.0.12) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.5.0.12 - Wondershare Software Co.,Ltd.)
World of Warships (HKCU\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
WowTron PDF Page Organizer 1.1.1 (HKLM-x32\...\WowTron PDF Page Organizer 1.1.1) (Version: 1.1.1 - WowTron Software Co. Ltd.)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_EN_is1) (Version:  - ZONER software)
Zoom (HKCU\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 11.1.0 - Inmatrix LTD)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: ROOT\SCANNER\0000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 8147.35 MB
Available physical RAM: 5030.43 MB
Total Virtual: 13011.35 MB
Available Virtual: 9683 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:910.64 GB) (Free:129.96 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:18.61 GB) (Free:2.25 GB) NTFS
4 Drive f: (SimpleDrive) (Fixed) (Total:298.09 GB) (Free:26.11 GB) NTFS
5 Drive g: (Cavalry) (Fixed) (Total:931.51 GB) (Free:60.96 GB) NTFS

========================= Users: ========================================

User accounts for \\DOWNSTAIR-PC

Administrator            DefaultAccount           Greg                     
Guest                    WDAGUtilityAccount       

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP