Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I have a virus.

Slow system Virus Stressed Help me please

  • Please log in to reply

#1
Supermatt01

Supermatt01

    Member

  • Member
  • PipPip
  • 45 posts

I think I have a virus. For two weeks My computer has been acting strangely. It has been slow to boot and to shut down. It has failed to load programs and crashes hard. I was able to make a full backup, but I am worried that backup may be contaminated. I have tried lots of antivirus programs, even MB. Nothing was found. I did a scan with FRST. 

Something is wrong. Please, Geekstogo; you're my only hope. 

As always, if you can help me I will Tweet it and Post it to my Facebook.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by Supermatt (administrator) on SUPERMATT-PC (07-05-2018 14:03:30)
Running from C:\Users\Supermatt\Desktop
Loaded Profiles: Supermatt (Available Profiles: Supermatt & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.EXE
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2015-01-10] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-14] (COMODO)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-04-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1328632 2015-12-25] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-08-14] (VMware, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [353104 2017-09-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
IFEO\adappmgr.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe audition cs6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe extension manager cs6.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe prelude.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\avidapplicationmanager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bridge.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\chromodo.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cnmnsst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dreamweaver.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\e_gupa30.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\e_iinsggi.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fireworks.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\flash.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\flashbuilder.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\flashplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hitmanpro.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\illustrator.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\indesign.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mbam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\puran utilities.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rpsystray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\vmnetcfg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\vmplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\vmware.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2017-08-25]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{99E377DB-D2D0-44A5-8533-AA8BE1381644}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-06-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-09-16]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.3.1
Tcpip\..\Interfaces\{4D667F57-0C7B-4433-8185-D6FCF6C28DC4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{91B9594E-1066-4CA0-B867-D2996DA72B2B}: [DhcpNameServer] 192.168.3.1 192.168.3.1
Tcpip\..\Interfaces\{E7FEDADC-9F33-43B5-A033-D31CF0FC7FBB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F0A0A4C6-46AF-48B0-962C-F8E4B085E072}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-08-17] (RealDownloader)
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-29] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-29] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-08-17] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-29] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-29] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF DefaultProfile: 9yuxk64l.default
FF ProfilePath: C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default [2018-05-07]
FF user.js: detected! => C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\user.js [2018-01-30]
FF Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF Extension: (AdBlock) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-01] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-02-02] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-09-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-09-16] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=cr&dcr=0&ei=2sKOWvWJNomi0QT0yb_oDw&fg=1","hxxps://duckduckgo.com/"
CHR Profile: C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default [2018-05-07]
CHR Extension: (Beatlab) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2018-01-13]
CHR Extension: (Docs) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-13]
CHR Extension: (Google Drive) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-13]
CHR Extension: (MEGA) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-05-05]
CHR Extension: (DuckDuckGo) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-05-05]
CHR Extension: (Audiotool) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2018-01-13]
CHR Extension: (YouTube) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-13]
CHR Extension: (Dragon Web Extension) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2018-02-03]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-13]
CHR Extension: (AdBlock) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-04]
CHR Extension: (Tab Cookies) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahecghojagkcoehfhfknajofkokndjm [2018-01-13]
CHR Extension: (Omnibox NCR) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohddgnpofoogkkjejnmcgleamcfbhhc [2018-02-22]
CHR Extension: (Flat - Music scores and guitar tabs editor) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg [2018-01-13]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-10-15] (SUPERAntiSpyware.com)
S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-04-17] (AVG Technologies CZ, s.r.o.)
S4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-04-07] (Comodo)
S4 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-14] (COMODO)
S3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [642712 2017-06-04] (Foolish IT LLC)
R3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [642712 2017-06-04] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [642712 2017-06-04] (Foolish IT LLC)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2015-01-25] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2015-01-25] (MAGIX®) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-27] (SurfRight B.V.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-04-16] (Malwarebytes)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-04-16] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
S3 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
S4 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-16] (RealNetworks, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5614592 2018-01-22] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48640 2018-01-22] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [41472 2018-01-22] (AVG Technologies CZ, s.r.o.)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-08-14] ()
S3 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2017-04-04] (Google Inc)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-10-16] (The OpenVPN Project)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2015-07-05] (CrystalIdea Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-02-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-02-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-02-01] (COMODO)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2016-03-29] (Wireless Data Device)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-05-05] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-12-25] (Windows ® Win 7 DDK provider)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-25] (Etron Technology Inc)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [32768 2017-04-04] (Google Inc)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2015-01-10] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-02-01] (COMODO)
S3 leusbser; C:\Windows\System32\DRIVERS\leusbser.sys [238080 2015-07-01] (QUALCOMM Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-04-16] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2018-05-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-04-16] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
S3 plkusbser; C:\Windows\System32\DRIVERS\plkusbser.sys [113664 2008-01-23] (QUALCOMM Incorporated)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [49208 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2015-01-10] (Synaptics Incorporated)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-14] (The OpenVPN Project) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2015-05-17] (TOSHIBA Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-11-15] (AVG Netherlands B.V.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2015-01-29] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-12-17] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-12-17] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-12-17] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2015-04-04] (Windows ® Win 7 DDK provider)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)
S2 memudrv; \??\C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Windows\System32\Tasks\RealPlayer (32-bit) "
2018-05-07 14:03 - 2018-05-07 14:05 - 000333943 _____ C:\Users\Supermatt\Desktop\FRST.txt
2018-05-07 13:59 - 2018-05-07 13:59 - 000000000 ____D C:\Users\Supermatt\Desktop\FRST-OlderVersion
2018-05-06 17:41 - 2018-05-06 17:41 - 000003544 ____N C:\bootsqm.dat
2018-05-06 10:26 - 2018-05-06 10:26 - 000000199 _____ C:\Users\Supermatt\Desktop\Windows P keys.txt
2018-05-05 16:42 - 2018-05-05 16:42 - 002125128 _____ C:\Users\Supermatt\Downloads\pxengine4_10_28a.zip
2018-05-05 16:38 - 2018-05-05 16:38 - 001593914 _____ C:\Users\Supermatt\Downloads\pxengine3_00_58a.zip
2018-05-05 16:02 - 2018-05-05 16:04 - 000079200 _____ C:\Users\Supermatt\Downloads\cdrom.inf_amd64_neutral_8363d00ecae4322d.zip
2018-05-05 13:22 - 2018-05-05 13:22 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2018-05-05 12:43 - 2018-05-05 17:40 - 000313962 _____ C:\Windows\ntbtlog.txt
2018-05-03 19:53 - 2018-05-03 19:53 - 000003136 _____ C:\Windows\System32\Tasks\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88}
2018-05-03 15:26 - 2018-01-22 14:45 - 000036864 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2018-05-03 15:26 - 2018-01-22 14:45 - 000034816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2018-05-03 15:25 - 2018-01-22 14:45 - 000048640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2018-05-03 15:25 - 2018-01-22 14:45 - 000041472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2018-05-01 09:26 - 2018-05-01 09:26 - 000000000 ____D C:\RegBackup
2018-04-30 17:42 - 2018-04-30 17:42 - 000000000 ____D C:\Users\Supermatt\Desktop\revisi k 13 th 2016 dan 2017
2018-04-30 16:52 - 2018-05-03 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-04-30 16:50 - 2018-05-03 13:28 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-04-29 17:46 - 2018-04-29 17:46 - 000006460 _____ C:\Users\Supermatt\Documents\Going to the animal park.vpj
2018-04-29 17:46 - 2018-04-29 17:46 - 000000000 ____D C:\Users\Supermatt\Documents\VideoPad Projects
2018-04-29 07:25 - 2018-04-29 07:19 - 000111048 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-04-28 14:49 - 2018-04-28 14:50 - 108967184 _____ (Microsoft Corporation) C:\Users\Supermatt\Downloads\OfficeLangPack2013_Indonesian_x86.exe
2018-04-23 13:36 - 2018-04-23 13:36 - 000001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2018-04-23 13:36 - 2018-04-23 13:36 - 000001139 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2018-04-23 13:36 - 2018-04-23 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2018-04-23 13:36 - 2018-04-23 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2018-04-22 13:22 - 2018-04-23 16:56 - 000000000 ____D C:\Users\Supermatt\Downloads\MEmu Download
2018-04-22 13:20 - 2018-04-23 19:36 - 000000000 ____D C:\Users\Supermatt\.MemuHyperv
2018-04-20 09:33 - 2018-04-21 11:35 - 000009872 _____ C:\Users\Supermatt\Documents\Elsha's Kitchen.xlsx
2018-04-19 11:04 - 2018-04-19 11:04 - 000002597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2018-04-19 11:04 - 2018-04-19 11:04 - 000002585 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2018-04-19 11:04 - 2018-04-19 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2018-04-19 11:00 - 2018-05-06 17:57 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2018-04-19 10:59 - 2018-04-19 11:01 - 000000000 ____D C:\Users\Supermatt\AppData\Local\AvgSetupLog
2018-04-19 08:13 - 2018-01-22 14:52 - 000045568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2018-04-17 21:34 - 2018-04-19 10:44 - 000000000 ____D C:\AVG_Remover
2018-04-17 17:15 - 2018-01-06 01:50 - 000749664 _____ (Nitro Software, Inc.) C:\Windows\system32\NxPrinterMonitor11.dll
2018-04-16 18:24 - 2018-05-05 13:42 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-15 16:53 - 2018-04-15 16:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-15 16:43 - 2018-04-15 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-04-15 15:12 - 2018-04-15 15:12 - 000000000 ____D C:\Users\Supermatt\AppData\Local\ElevatedDiagnostics
2018-04-15 15:01 - 2018-04-15 15:01 - 000092993 _____ C:\Users\Supermatt\Downloads\o15-ctrremove.diagcab
2018-04-15 14:45 - 2018-04-15 17:51 - 000000000 ____D C:\Users\Supermatt\Desktop\temp ms office
2018-04-14 21:35 - 2018-04-15 04:44 - 524288000 _____ C:\Users\Supermatt\Downloads\sanet.cd_MS_Office_2016_Pro_Plus_VL_X64_MULTi-17_APRIL_2018_Gen2.zip.002
2018-04-13 16:35 - 2018-04-13 16:55 - 000000000 ____D C:\Games
2018-04-13 16:34 - 2018-04-15 13:36 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\.tlauncher
2018-04-11 18:51 - 2018-04-12 10:33 - 000000000 ____D C:\Program Files\Nitro
2018-04-11 18:00 - 2018-04-11 18:19 - 119860441 _____ C:\Users\Supermatt\Downloads\Nitro.Pro.Enterprise.10.5.9.9_x64.softarchive.la.rar
2018-04-08 17:26 - 2018-04-08 17:31 - 012742614 _____ C:\Users\Supermatt\Downloads\[Sinan_Ozdemir]_Principles_of_Data_Science(b-ok.xyz).epub
2018-04-08 08:35 - 2018-04-08 08:35 - 000000000 ____D C:\Users\Supermatt\AppData\Local\mpress
2018-04-07 16:04 - 2018-04-07 16:04 - 018254536 _____ C:\Users\Supermatt\Downloads\[Ip_Chun,_Tse_Michael.]_Wing_Chun_Kung_Fu_Traditi(b-ok.xyz).pdf
2018-04-07 09:13 - 2018-04-07 09:13 - 002595246 _____ C:\Users\Supermatt\Downloads\[Francis_A._Schaeffer]_The_Complete_Works_of_Franc(b-ok.xyz).zip
2018-04-07 07:37 - 2018-04-23 19:38 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-04-07 07:37 - 2018-04-14 07:48 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\NCH Software
2018-04-07 07:36 - 2018-04-23 13:36 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-04-07 07:36 - 2018-04-15 13:36 - 000000000 ____D C:\ProgramData\NCH Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-07 14:03 - 2017-10-06 13:08 - 000000000 ____D C:\FRST
2018-05-07 14:00 - 2015-04-16 00:59 - 001474832 _____ C:\Windows\system32\Drivers\sfi.dat
2018-05-07 13:59 - 2017-10-06 12:57 - 002406912 _____ (Farbar) C:\Users\Supermatt\Desktop\FRST64.exe
2018-05-07 13:59 - 2009-07-14 11:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-07 13:59 - 2009-07-14 11:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-07 13:53 - 2014-01-08 23:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-07 13:51 - 2015-01-24 07:08 - 000000091 _____ C:\HaxLogs.txt
2018-05-07 13:51 - 2014-01-12 19:27 - 000000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-05-07 13:51 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-07 13:27 - 2014-01-10 22:23 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\tixati
2018-05-07 13:24 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\vlc
2018-05-07 07:34 - 2016-05-08 23:34 - 000000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 21c10e27-ccfc-4374-ba01-ca0342dad29e.job
2018-05-07 02:00 - 2016-05-08 23:34 - 000000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8d4cec7-3213-4dad-986f-f07cc5b45c2b.job
2018-05-06 18:40 - 2009-07-14 12:13 - 000901690 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-06 18:40 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-05-06 18:29 - 2015-01-29 16:07 - 000003978 _____ C:\Windows\System32\Tasks\UALU notificatin
2018-05-06 18:01 - 2014-01-08 23:26 - 000000000 ____D C:\Users\Supermatt\AppData\Local\Apps\2.0
2018-05-06 13:23 - 2016-01-29 12:01 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-05-06 11:56 - 2015-05-17 02:48 - 000000000 ____D C:\Users\Supermatt\Documents\Bluetooth Exchange Folder
2018-05-06 09:10 - 2017-10-25 21:45 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-05 13:54 - 2014-01-08 23:27 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-05 13:54 - 2014-01-08 23:27 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-05 13:44 - 2018-02-23 18:38 - 000004492 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-05 13:44 - 2015-07-02 08:29 - 000003442 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2018-05-05 13:44 - 2014-06-23 22:59 - 000003016 _____ C:\Windows\System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73}
2018-05-05 13:44 - 2014-06-23 22:58 - 000003016 _____ C:\Windows\System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69}
2018-05-05 13:42 - 2017-12-19 21:07 - 000003238 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000
2018-05-05 13:42 - 2017-12-19 21:06 - 000003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000
2018-05-05 13:42 - 2014-12-06 13:06 - 000003696 _____ C:\Windows\System32\Tasks\Adobe online update program
2018-05-05 13:41 - 2014-02-18 00:37 - 000003758 _____ C:\Windows\System32\Tasks\Real Player online update program
2018-05-05 13:12 - 2016-08-14 14:36 - 000000000 ____D C:\ProgramData\VMware
2018-05-03 17:23 - 2018-01-01 11:47 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-03 17:23 - 2018-01-01 11:47 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-03 17:02 - 2015-09-14 17:03 - 000002976 _____ C:\Windows\System32\Tasks\Intel® GPA Monitor 13.3
2018-05-03 15:01 - 2014-01-08 20:52 - 000000000 ____D C:\Users\Supermatt
2018-05-03 15:00 - 2017-10-04 23:10 - 005300384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-03 14:57 - 2017-11-12 19:08 - 000000000 ____D C:\Windows\System32\Tasks\COMODO
2018-05-03 14:57 - 2016-02-08 14:12 - 000000000 ____D C:\Users\Administrator.Supermatt-PC
2018-05-03 14:57 - 2016-01-31 03:35 - 000000000 ____D C:\Program Files\HitmanPro
2018-05-03 14:57 - 2015-12-14 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-03 14:57 - 2015-12-14 00:01 - 000000000 ____D C:\Program Files\7-Zip
2018-05-03 14:57 - 2015-06-26 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-03 14:57 - 2015-01-24 01:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-05-03 14:57 - 2015-01-13 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-03 14:57 - 2014-01-12 13:55 - 000000000 ____D C:\Program Files\Common Files\Nitro
2018-05-03 14:57 - 2014-01-12 13:55 - 000000000 ____D C:\Program Files (x86)\Nitro
2018-05-03 14:57 - 2014-01-09 18:42 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-05-03 14:53 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\registration
2018-05-03 14:46 - 2014-02-17 10:33 - 000000000 ____D C:\ProgramData\Real
2018-05-03 14:45 - 2018-01-29 22:11 - 000000000 ____D C:\ProgramData\Avg
2018-05-01 08:17 - 2014-02-14 14:30 - 000000000 ____D C:\Users\Supermatt\Downloads\Compressed
2018-04-30 17:56 - 2015-05-05 23:41 - 000000000 ____D C:\Users\HomeGroupUser$
2018-04-30 17:56 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Guest
2018-04-30 17:55 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Administrator
2018-04-30 06:16 - 2014-02-14 14:30 - 000000000 ____D C:\Users\Supermatt\Downloads\Video
2018-04-29 17:33 - 2014-02-21 18:50 - 000000000 ____D C:\ProgramData\Temp
2018-04-29 13:37 - 2014-01-12 14:54 - 000001915 _____ C:\Users\Supermatt\AppData\Roaming\SAS7_000.DAT
2018-04-29 07:42 - 2015-04-27 20:51 - 000085032 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-04-29 07:26 - 2014-01-09 00:42 - 000000000 ____D C:\Program Files (x86)\Java
2018-04-29 07:24 - 2015-01-24 00:59 - 000000000 ____D C:\Program Files\Java
2018-04-29 07:19 - 2015-01-24 01:01 - 000111048 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-04-29 07:14 - 2016-04-01 23:52 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-04-28 22:21 - 2014-01-08 20:58 - 000180176 _____ C:\Users\Supermatt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-28 15:33 - 2014-01-09 18:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-28 15:33 - 2009-07-14 09:34 - 000000478 _____ C:\Windows\win.ini
2018-04-28 15:30 - 2011-04-12 15:28 - 000000000 ____D C:\Windows\ShellNew
2018-04-28 03:46 - 2016-03-10 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-04-22 13:19 - 2014-01-14 12:59 - 000000000 ____D C:\Users\Supermatt\.android
2018-04-22 00:20 - 2016-04-23 02:46 - 000002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2018-04-19 17:47 - 2014-05-31 11:33 - 000000000 ____D C:\Users\Supermatt\Documents\Calibre Library
2018-04-19 11:00 - 2015-03-01 14:27 - 000000000 ____D C:\Program Files (x86)\AVG
2018-04-17 16:55 - 2018-03-25 13:37 - 000001054 _____ C:\Users\Supermatt\Desktop\Puran Utilities.lnk
2018-04-17 16:46 - 2017-10-04 19:15 - 000000000 ____D C:\Users\Supermatt\AppData\Local\CrashDumps
2018-04-17 15:48 - 2017-11-09 17:50 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-04-15 16:35 - 2014-01-09 18:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-15 16:25 - 2009-07-14 10:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-15 15:11 - 2014-01-09 18:41 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-15 13:37 - 2018-03-25 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Utilities
2018-04-15 13:37 - 2014-05-31 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2018-04-15 13:37 - 2014-01-09 18:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-04-15 13:24 - 2017-03-09 06:27 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\.minecraft
2018-04-15 13:12 - 2014-01-09 18:39 - 000000000 __RHD C:\MSOCache
2018-04-07 15:33 - 2014-05-31 11:37 - 000000000 ____D C:\Users\Supermatt\AppData\Local\calibre-cache

==================== Files in the root of some directories =======

2015-01-03 00:20 - 2015-01-03 00:20 - 005404888 _____ (COMODO) C:\ProgramData\cis28B.exe
2016-02-27 11:20 - 2016-02-27 11:20 - 003429056 _____ (COMODO) C:\ProgramData\cis6DFC.exe
2017-11-12 09:05 - 2017-08-29 11:52 - 004784832 _____ (COMODO) C:\ProgramData\cisCB19.exe
2017-11-12 09:05 - 2017-08-29 11:56 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-08-17 14:59 - 2017-08-17 14:59 - 000000604 ____H () C:\Program Files (x86)\Br1S
2014-04-30 09:03 - 2014-04-30 09:03 - 002174976 ____N (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2017-08-21 23:48 - 2017-08-21 23:48 - 000000605 ____H () C:\Program Files (x86)\Common Files\Br4S
2016-08-02 21:33 - 2016-08-02 21:33 - 000000330 _____ () C:\Program Files (x86)\Common Files\eInstruction.ini
2017-08-17 23:20 - 2010-01-15 10:36 - 000075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2014-01-19 01:20 - 2014-06-18 00:57 - 004216840 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2017-08-16 18:01 - 2017-08-25 15:07 - 001562498 _____ () C:\Users\Supermatt\AppData\Roaming\AvidApplicationManager_Install.log
2016-08-03 13:58 - 2016-11-27 23:12 - 000001505 _____ () C:\Users\Supermatt\AppData\Roaming\evmanage.prf
2016-08-03 13:54 - 2016-11-27 22:55 - 000000074 _____ () C:\Users\Supermatt\AppData\Roaming\evplay.prf
2016-08-12 13:10 - 2018-03-26 17:47 - 000004086 _____ () C:\Users\Supermatt\AppData\Roaming\evpro32.prf
2014-01-12 14:54 - 2018-04-29 13:37 - 000001915 _____ () C:\Users\Supermatt\AppData\Roaming\SAS7_000.DAT
2015-05-02 23:29 - 2015-05-02 23:31 - 000047104 ___SH () C:\Users\Supermatt\AppData\Roaming\Thumbs.db
2016-02-09 17:39 - 2016-05-10 20:28 - 000000504 _____ () C:\Users\Supermatt\AppData\Roaming\Weather Monitor_Settings.ini
2016-05-29 16:30 - 2016-10-24 19:03 - 000019456 _____ () C:\Users\Supermatt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-17 23:37 - 2015-08-17 23:37 - 000000036 _____ () C:\Users\Supermatt\AppData\Local\housecall.guid.cache
2015-02-18 16:01 - 2015-07-31 10:02 - 000007603 _____ () C:\Users\Supermatt\AppData\Local\Resmon.ResmonCfg
2015-08-18 01:08 - 2015-08-18 01:08 - 000000010 _____ () C:\Users\Supermatt\AppData\Local\sponge.last.runtime.cache
2015-05-11 21:44 - 2015-05-11 21:46 - 000000000 _____ () C:\Users\Supermatt\AppData\Local\TaskMan.cmd.done
2014-07-16 20:27 - 2014-07-16 20:27 - 000000000 _____ () C:\Users\Supermatt\AppData\Local\{B6A17797-1312-4D71-B698-87AF7CAD21F9}

Some files in TEMP:
====================
2018-05-03 16:07 - 2018-05-03 16:07 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext1261804521494961108.dll
2018-05-04 09:22 - 2018-05-04 09:22 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext2199720197495350632.dll
2018-05-03 16:47 - 2018-05-03 16:47 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext3019161824338952284.dll
2018-05-04 14:44 - 2018-05-04 14:44 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext4095260913454169706.dll
2018-05-03 15:12 - 2018-05-03 15:12 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5316181530305744407.dll
2018-04-20 08:14 - 2018-04-20 08:14 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5548591749658421109.dll
2018-05-03 20:29 - 2018-05-03 20:29 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5805253463151181967.dll
2018-05-04 16:15 - 2018-05-04 16:15 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext6533485191856689063.dll
2018-05-03 21:58 - 2018-05-03 21:58 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext7179398710160451432.dll
2018-05-05 13:17 - 2018-05-05 13:17 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext8778474399459458408.dll
2018-04-28 22:41 - 2018-04-28 22:41 - 001884616 _____ (Oracle Corporation) C:\Users\Supermatt\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-04-28 15:27 - 2013-02-21 06:17 - 000150600 _____ (Microsoft Corporation) C:\Users\Supermatt\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION

LastRegBack: 2018-04-28 00:07

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Supermatt (07-05-2018 14:12:41)
Running from C:\Users\Supermatt\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-08 13:51:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3797239318-1157007529-570800937-500 - Administrator - Disabled) => C:\Users\Administrator.Supermatt-PC
Guest (S-1-5-21-3797239318-1157007529-570800937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3797239318-1157007529-570800937-1002 - Limited - Enabled)
Supermatt (S-1-5-21-3797239318-1157007529-570800937-1000 - Administrator - Enabled) => C:\Users\Supermatt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.3.0.33 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Alive Video Converter (version 3.1.8.6) (HKLM-x32\...\Alive Video Converter_is1) (Version:  - AliveMedia, Inc.)
Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anime Studio Pro 10.1.1 (HKLM\...\ASP1011_is1) (Version: 10.1.1 - Smith Micro Software, Inc.)
Anime Studio Pro 11.0 (HKLM\...\ASP1100_is1) (Version: 11.0 - Smith Micro Software, Inc.)
AOMEI Partition Assistant Unlimited Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version:  - AOMEI Technology Co., Ltd.)
APK Studio (HKLM-x32\...\APK Studio d49d3de) (Version: d49d3de - Vaibhav Pandey)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Maya LT 2015 (HKLM\...\{2FB97E5C-14A5-47C8-BD85-69CC70471291}) (Version: 15.10.373.0 - Autodesk) Hidden
Autodesk Maya LT 2015 (HKLM\...\Autodesk Maya LT 2015) (Version: 15.10.373.0 - Autodesk)
AVG PC TuneUp (HKLM-x32\...\{9C775BB6-1453-45EB-8C78-A5CC5199113D}) (Version: 16.77.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.1.115 - Avid Technology, Inc.)
Bing Bar (HKLM-x32\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{7F1AA7AB-E4FB-46F7-AC2F-57D78D63A368}) (Version: 3.19.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 48.12.18.254 - Comodo)
Classware (HKLM-x32\...\{5F945DFC-3BD1-74F7-5090-8885D0F4B1C5}) (Version: 1.2.3 - Cambridge University Press Holdings Limited) Hidden
Classware (HKLM-x32\...\Classware.D18242EEED0228FFB0408CDB0EFA905F46FFD844.1) (Version: v1.2.3.7574 - Cambridge University Press Holdings Limited)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{4F6FC44D-AE9F-472B-8F00-B8388BC9AA04}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.2 - Foolish IT LLC)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1905.56 - CyberLink Corp.)
DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX121 Series Printer Uninstall (HKLM\...\EPSON TX121 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{4A0259D2-7278-4B23-B594-60B4124015A6}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{B9FDCE73-DC39-4671-8F2E-2CA5ACB924B0}) (Version: 10.02.0000 - Rick Meyers)
ExamView Assessment Suite (HKLM-x32\...\{C59DE8FB-B81E-4386-B719-A8C95C16544B}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Beginner) (HKLM-x32\...\{eebe1d9a-486c-40e7-ae07-1892b3b2b7b4}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Elementary) (HKLM-x32\...\{ecb8a57a-21dc-4667-95f5-e2eff83733df}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Pre-intermediate) (HKLM-x32\...\{78d3c66f-5c7d-4da7-96eb-4e405a5406f2}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 1-3) (HKLM-x32\...\{8da61a8f-877e-443d-b448-3d1e60118184}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 4-6) (HKLM-x32\...\{4431b83a-1e23-458e-9f6c-a1d8270b6694}) (Version: 8.1.107.70421 - eInstruction)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FMW 1 (HKLM\...\{DFA0CE4A-C162-40C1-A977-12E60098EB72}) (Version: 1.227.11 - AVG Technologies) Hidden
GameMaker Studio 2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\GameMakerStudio2) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hippo Animator 3.8 (HKLM\...\Hippo Animator 3) (Version: 3.8.5316.24610 - Hippo Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
IL Autogun (HKLM-x32\...\IL Autogun) (Version:  - Image-Line)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Graphics Performance Analyzers 2013 R3 (HKLM\...\{B48DBBEE-2CCB-492E-2571-78ECE93329CB}) (Version: 13.3.0.207307 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.5 - PACE Anti-Piracy, Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Kernel for VHD ver 12.06.01 (HKLM-x32\...\Kernel for VHD_is1) (Version:  - Lepide Software Pvt.Ltd)
LenovoTool 1.2.2_os (HKLM-x32\...\LenovoTool) (Version: 1.2.2_os - Lenovo)
LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
LifeBeg (HKLM-x32\...\{BC41E108-ACA5-25E9-039A-09085C1A15F0}) (Version: 1.0 - UNKNOWN) Hidden
LifeBeg (HKLM-x32\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifeElem (HKLM-x32\...\{926447E2-8B00-F3D3-FA7A-73DE25CE5CF9}) (Version: 1.0 - UNKNOWN) Hidden
LifeElem (HKLM-x32\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifePreInt (HKLM-x32\...\{76B7A5CD-3757-D3A7-7321-86677926B755}) (Version: 1.0 - UNKNOWN) Hidden
LifePreInt (HKLM-x32\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Independence Libraries Common Files (HKLM\...\{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Libraries Common Files (HKLM-x32\...\MAGIX_{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro 3.1 VST-Plugins (HKLM\...\{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 VST-Plugins (HKLM-x32\...\MAGIX_{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro Software Suite 3.1 (HKLM\...\{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.1 (HKLM-x32\...\MAGIX_{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG)
MAGIX Music Maker 2014 Premium (HKLM\...\{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM\...\{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM-x32\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM\...\{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Visuals) (HKLM\...\{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Visuals) (HKLM-x32\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium Soundpools (HKLM\...\{095A41CD-2500-4783-AE28-87E05653CDE7}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (HKLM\...\{6F1F7E62-A579-434C-9610-F6FE2930C02E}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
Math Resource Studio 5 (HKLM-x32\...\{946E9741-5FAE-4011-9019-BC1FAF3FE99D}) (Version: 5.0.14.1 - Schoolhouse Technologies)
MCreator 1.7.7 (HKLM-x32\...\MCreator 1.7.7 Installer) (Version:  - Pylo)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Toolkit 2.4.0.0 (HKLM-x32\...\Microsoft Toolkit 2.4.0.0) (Version: 2.4.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
Our World 1 AE 2.0 (HKLM-x32\...\Our World 1 AE 2.0) (Version: 1.0.0.0 - )
Our World 2 AE 2.0 (HKLM-x32\...\Our World 2 AE 2.0) (Version: 1.0.0.0 - )
Our World 4 AE 2.0 (HKLM-x32\...\Our World 4 AE 2.0) (Version: 1.0.0.0 - )
Our World 6 AE 2.0 (HKLM-x32\...\Our World 6 AE 2.0) (Version: 1.0.0.0 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Puran Utilities 3.1 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated)
RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Schoolhouse Test 4 (HKLM-x32\...\{F5C9D54B-C338-4EF1-89D4-94F369CFC061}) (Version: 4.0.3.3 - Schoolhouse Technologies)
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.2.0.89 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Singing Coach 5 Pro (HKLM-x32\...\Singing Coach 5 Pro) (Version: 5.0.5.0 - Electronic Learning Products, Inc. )
Speech Support (HKLM-x32\...\Speech Support) (Version:  - LEC)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
SuperBeam (HKLM\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 7 - LiveQoS Inc)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.14.0 - Synaptics Incorporated)
Telegram Desktop version 1.0.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Turbo Studio 17 (HKLM-x32\...\{80bc26f1-601d-4766-b205-404db5168343}) (Version: 17.0.1.0 - Code Systems)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.3 - CrystalIDEA Software, Inc.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.01 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (HKLM\...\{84CB6E60-E7CB-429F-AF9A-44F035889123}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 add-on content (HKLM\...\{77C4AF18-19ED-489E-84D3-203E3862F6BC}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (HKLM\...\{5D8D5B24-732C-4AA6-ABFE-9EAFF12064A4}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (HKLM\...\{C1109FC5-35DA-403C-AE1D-99295EDB6FA9}) (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (HKLM\...\{7A22C523-501D-4FD2-B9AD-BBEE8AFAED44}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (HKLM\...\{3CAD92B3-6BA0-44A4-A546-162520A80BB3}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (HKLM\...\{96826F72-1E29-4AB8-9312-84E664DCE474}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (HKLM\...\{4F6B2EA9-4598-4653-B13A-E27AA387DC9B}) (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.)
Vocabulary Worksheet Factory 5 (HKLM-x32\...\{DCC3A680-485D-4C55-AEDE-A87483B99E54}) (Version: 5.0.20.4 - Schoolhouse Technologies)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WhatsApp (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WhatsApp) (Version: 0.2.8000 - WhatsApp)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Data Recovery(Build 5.0.3.13) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.3.13 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
XiaoMiTool version 0.4.1 (HKLM-x32\...\{1A2DAE03-6903-4871-A909-237AB764A4B6}_is1) (Version: 0.4.1 - Francesco Tescari)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.8.20150402 - Xilisoft)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-16] (RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-10] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02170602-07F0-446E-8EF6-4FCF2D7FCE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0FE1F78F-1F58-4105-9BDE-B3C6ED7DD4B2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {1A52B213-DA38-4CB7-BF83-8E1A4458448E} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.)
Task: {217CAB11-5A88-4B6B-8196-A4DB24ADE963} - System32\Tasks\{B81634CD-E33F-477E-BE2A-01BA37F57777} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {268EAEAA-A07B-4AA6-9162-C427C41DEB1D} - System32\Tasks\Update\ProxyUpdate => C:\Windows\Prefetch\AVG_PCTuneUp.exe <==== ATTENTION
Task: {2A4C739A-E4F7-4C74-AF24-3F7327C1C522} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2D159C88-B96E-48E4-87F6-84431EADC166} - System32\Tasks\{FDB7A662-A7D5-4A80-88F5-8A1C522277DD} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u65-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {35541BD8-08B8-456E-977E-5ABF73EA6E11} - System32\Tasks\Intel® GPA Monitor 13.3 => C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe [2015-09-14] (Intel Corporation)
Task: {3704F14D-700A-4BAE-A91E-66B9EA645E52} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {3AE3FB84-1465-4EBA-B033-D42FECA4FA61} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3B379C0B-3EAA-438B-BF2B-70A69A3F725C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {3BD3C4D8-5152-4ABB-ACB9-F60AE7A8216E} - System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {44256EF3-D3FB-4FAB-B907-6740E3065266} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {47B38BDB-0F7A-4FDB-9956-602A9CCBD69D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4F68631E-92EC-4599-8299-E5B773FEE018} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {582212B9-A012-48FD-915E-975D0E0ED486} - System32\Tasks\{276A30E3-DC17-4817-B9CF-7C12127C6DE2} => C:\Windows\system32\pcalua.exe -a C:\Users\Supermatt\Desktop\MiFlashUnlock_1.1.0317.1_en\MiUsbDriver.exe
Task: {58526FD5-F666-4078-B306-47B0D26CB9AA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {59BB5577-DD6F-4D2D-A725-2A3A440C2A0F} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {5C1D53F2-A431-4D09-9788-5288219B42B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {62D1B557-2D88-412B-A8EE-670747BB8D9C} - \RealPlayer (32-bit)  -> No File <==== ATTENTION
Task: {7D57EBF5-3183-4D3C-B0D2-EE0509E50F84} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-03-14] (COMODO)
Task: {8F4CF6A0-B45B-4E52-9009-C505F9D7A091} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2015-04-17] (COMODO CA Limited)
Task: {906A2DDB-F2B5-443F-A1FF-80906798196F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-03-14] (COMODO)
Task: {9318C4DF-FB4C-4824-9DC9-A68C7E1F1356} - System32\Tasks\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microvirt\MEmu\uninstall\uninstall.exe" -c -u
Task: {9EA43A95-A8CD-4975-B11A-748D6AC8948D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2017-09-16] (RealNetworks, Inc.)
Task: {A207CBFF-F373-4A2B-B8D7-218E07F1F27C} - System32\Tasks\{D7259A02-C46F-4BF8-AFFA-C68E495F17D5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {A9EE4656-CBCB-40A3-AD82-BD7D16B21D4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {AC6746AC-3DDB-4151-A4FD-E07E2AE93159} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {AFDA95AA-E786-438B-994E-9AF9C9915827} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B0C50936-9A0B-408D-95D3-92E39A4583F2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {B24A5D00-4852-4973-BF13-57FE01076CA3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-23] (Adobe Systems Incorporated)
Task: {B9D978BB-B3D5-4B06-9602-D416B970ACE0} - System32\Tasks\SUPERAntiSpyware Scheduled Task c8d4cec7-3213-4dad-986f-f07cc5b45c2b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {C9C4CB60-7785-4BFB-8AB1-7CEE5D431073} - System32\Tasks\{983DFDD9-AB89-45AD-8EFD-BAFE6774E08C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Security Task Manager\Setup.exe" -d "C:\Program Files (x86)\Security Task Manager"
Task: {D2E424D9-CBBF-40E0-94DB-B3DCE6506001} - System32\Tasks\SUPERAntiSpyware Scheduled Task 21c10e27-ccfc-4374-ba01-ca0342dad29e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {E00DAAA3-C20A-4AAA-B36F-38F78DE05BA1} - System32\Tasks\{8902A5A3-54A0-4BBF-892E-12ED7A2F33E5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {E20FE766-DA34-4D12-92B8-EAA36B178DE7} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {E620F070-9DCA-4003-9542-72629F7DB336} - System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {F253961A-27C4-473E-BCE3-AC65C4E55B84} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2015-01-29] (Acer Incorporated)
Task: {F9A4D47A-3C11-494D-9AB2-342BFBEAC2BB} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28] (Oracle Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 21c10e27-ccfc-4374-ba01-ca0342dad29e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8d4cec7-3213-4dad-986f-f07cc5b45c2b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Supermatt\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-08-29 05:56 - 2018-03-14 00:17 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-08-29 05:56 - 2018-03-14 00:17 - 000244416 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2009-09-21 15:04 - 2009-09-21 15:04 - 001501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2017-07-20 16:03 - 2017-09-07 15:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2013-10-17 11:23 - 2013-10-17 11:23 - 008866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-18 05:42 - 2016-05-18 05:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-06-25 09:08 - 2010-06-25 09:08 - 000173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-02-28 09:21 - 2015-12-25 15:28 - 001328632 _____ () C:\Program Files (x86)\DFX\DFX.exe
2015-02-28 09:14 - 2015-12-25 15:28 - 000133624 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-02-28 09:18 - 2015-12-25 15:28 - 000134648 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-02-28 09:48 - 2015-12-25 15:28 - 000051192 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2015-02-28 09:43 - 2015-12-25 15:28 - 000052216 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2018-04-19 10:59 - 2016-06-24 02:07 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)



==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-12 23:18 - 2016-12-17 00:32 - 000000697 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 license.superantispyware.com
127.0.0.1 tonec.com
127.0.0.1 http://www.tonec.com
127.0.0.1 internetdownloadmanager.com
0.0.0.0 license.superantispyware.com
0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DragonSvc => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart                                                                                                                                                                                                     
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe                                                                                                                                                                                                       
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot                                                                                                                                                                                                   
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "PowerDVD12DMREngine"
HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{219A26F1-820B-49F7-B661-6C4E6944FC2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AAAA85EC-D718-47C9-879C-CDA8579CEFF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{705D0812-999F-4EF8-8025-FFA528D0E6D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{80E07C3D-27C6-47CF-8574-218C777634AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9848B36B-2273-4286-BF90-C2B5466218E2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{6F5EA031-9D3E-4CB9-8F7D-9A40E84582ED}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{87BC4FC3-2EB9-476F-9BB0-DE43EC4B3C67}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{9DAF9614-B9CF-4360-BDF7-6B2C919C1F08}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{5E34C749-0653-4A6F-A3E0-A49DEAA7974D}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{3754294B-8BC5-409F-B742-3D4DB2D82D78}] => (Allow) LPort=51001
FirewallRules: [{CE38EE3F-28BE-444A-A851-C14A7EEE0DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8A0746D9-2F0D-4D23-A0EB-85FB8C59C068}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B2529E6-9DCF-451A-B3F5-1A29AFC0D005}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2968D884-222C-4949-BA1D-5AE2871B37FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{717759C5-69C3-4E26-B94C-3195D192A090}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{79F7CDED-6AC6-4D56-A3FF-0993692193FC}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{7C74F8CF-3178-4E87-8461-C3E22F58B130}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{C5604AA7-992D-4CCB-8CEB-0F774590582D}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{85E81382-982E-4DC7-9488-F0B13DBE20CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{0022D6B1-7412-4FA2-B941-CC9CC80AF313}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{AAF0200E-A99F-484B-88DD-31680040AB7C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{AC0B44C7-FB73-499A-A74A-537201C64AA8}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{FD1E42B2-3866-4BC7-B7CC-2E4EFA78BBAB}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{A8C5307B-204A-4D37-AB9D-B92A42C31853}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FB183F9E-6CEC-4CBF-B482-D0647D4D7F83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9E6A5106-9A61-419D-8BD2-BC947901BB3D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{56C037E2-0A93-42E4-9547-FC027885C4A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6C1857C7-8DD9-4830-A921-AB9EFE6799DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F20B86A7-CAC9-4BF8-8B0C-FF956FA04AD7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{1794799F-581F-4D42-A2EA-8107C64E181E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [UDP Query User{1D2BD891-2C37-4825-9E90-86328CF4945E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D582C995-C7C4-45BC-80B6-D9EC290B85D2}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{5C2A35BE-D115-46D0-81DE-4FDC493A134C}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D3A755B2-C040-419E-BB8D-5A0E1A85A434}] => (Allow) LPort=8080
FirewallRules: [{02FFB931-CD4D-4B17-BDA6-D75E1BB10A7E}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{27D72650-BB1A-456A-B524-C7BEAED4FAF9}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{286DC3F0-C4B8-419E-9431-C1A34A1B4656}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{8339AEBF-2F6E-4822-A7D0-9CD7FD90361B}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{60BC5D15-6BDE-48CE-A1F3-220D15C2DFDD}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6A17B749-DC74-46E5-9372-143DA0658AF0}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{D1255087-7376-482A-9997-246634CE9C89}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{3288B3B5-C77A-4E44-8B9A-3380D4679FBF}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6E2601F2-02AB-4D75-BE72-ED4D258538E9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{FEE5923B-4360-48B6-8921-ADF4A4D7FF64}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{22A4CDB9-0712-421B-A4F5-47328E5673E2}] => (Allow) LPort=7935
FirewallRules: [{6FDEC213-17B7-449F-A107-AA36C0B3CB02}] => (Allow) C:\Windows\SysWOW64\router.exe
FirewallRules: [TCP Query User{B0CA7870-EE47-4CD0-AE1D-840F0019323E}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [UDP Query User{A35E3EB5-8AE3-4C09-A4DB-024B80BCD2A4}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [TCP Query User{7294E9ED-8FF7-43D3-B62D-640521C54937}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D1388B3A-DDC7-416E-BAB4-993690A1BF3A}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{D8368476-864A-4ECA-B099-C05D851CB68D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2621560F-4D18-498B-87A1-57AF8CE63EA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8C91258-814D-4C2C-93F4-84E16EFC64ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4FFFDBAD-5CAD-4679-B3B0-E93DC90FC6AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE2522F0-A7BC-429B-A14D-6ADF52657A8E}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CF44B602-D564-4384-B8C6-565D3BD0C9D6}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CC846382-CC29-4046-A8DB-D39D3375CC9D}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{60CB4EC5-7966-44CA-999C-4E623543290A}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{48B2E9D5-9083-4DAB-9A59-8CC242D86704}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{5E3F9622-3508-450F-9C87-5FF416430443}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{526BD3DF-653B-4ABD-93DA-0A65DCEBC387}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{11C51389-8697-4972-83E3-0DA53541B953}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{8C089F28-6842-444C-8022-39AC99CAE226}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{91A56486-9729-4326-9EFA-432BB85D8F21}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{0A90557A-DA7B-477D-B9A2-32ABC7026234}] => (Allow) LPort=17234
FirewallRules: [{F724E459-45E6-4AD0-98CB-50B4B5068122}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{0EA1ACAC-67E7-4B25-B10C-AB3D7AC8B4FB}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{291BBA65-4AB4-458E-B33B-0C37F2CF719B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{F791C0A0-D5CE-407D-BD89-D525C9CAEFA1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{90BA8D38-E7A8-4830-9CDB-DCF48A6894E3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{BCB8BD7E-2521-4551-96F6-3D99F8A624C5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{7D8BFB07-6AF2-4380-8E48-FD2B18D910F6}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{6418B01D-8DFA-4722-8942-AF673C661486}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{592A0725-5F25-40EF-9DB3-7C6E823657E0}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{7109E65B-E4A1-4B09-8A8C-C7A4D7C00EA1}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{02FE2634-D65F-4430-B855-A78C6BAE88FD}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{D8BE8888-629A-4AFA-B6E0-75E40B4E3F23}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{8AE424B6-BFB7-455B-AE17-5D821A455C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EC9EB48D-E841-4687-B421-45BCD07D0EC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3BF257-E86D-4A8D-945A-F475DAF09348}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{A519E786-F885-47A0-AC8C-2AA235288156}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{F6C97284-8D40-4FC7-BC40-75B818AA48DA}] => (Allow) LPort=8080
FirewallRules: [{D1D458A2-2D9D-4467-B5AD-6FBE36B636DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-05-2018 14:53:23 Buddy safe
04-05-2018 16:34:55 Windows Backup

==================== Faulty Device Manager Devices =============

Name: memudrv
Description: memudrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: memudrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2018 01:52:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/07/2018 01:37:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2018 05:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2018 11:51:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2018 05:47:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2018 05:33:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2018 04:24:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2018 03:12:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f58

Start Time: 01d3e4482c769914

Termination Time: 13

Application Path: C:\Windows\system32\mmc.exe

Report Id: 9322a4fc-503b-11e8-880e-f07bcbf0f62a


System errors:
=============
Error: (05/07/2018 02:02:47 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (05/07/2018 01:54:01 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (05/07/2018 01:53:44 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (05/07/2018 01:51:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/07/2018 01:51:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The memudrv service failed to start due to the following error:
The system cannot find the path specified.

Error: (05/07/2018 01:48:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error:
The authentication service is unknown.

Error: (05/07/2018 01:47:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/07/2018 01:47:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


CodeIntegrity:
===================================

Date: 2017-11-12 23:12:24.098
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-12 23:12:23.973
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-12 23:04:32.628
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-12 23:04:32.581
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-05 22:49:57.890
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-05 22:49:57.827
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-05 15:02:37.109
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-05 15:02:36.953
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 5812.5 MB
Available physical RAM: 3834.38 MB
Total Virtual: 11952.71 MB
Available Virtual: 9650.7 MB

==================== Drives ================================

Drive c: (Disk4) (Fixed) (Total:529.09 GB) (Free:234.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Disk2) (Fixed) (Total:402.32 GB) (Free:168.33 GB) NTFS
Drive m: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:357.14 GB) NTFS

\\?\Volume{05205e46-78e8-11e3-9a7e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 01C54DC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=402.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=529.1 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C03BCFB4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Best to post each log as you get it so they don't get lost.

 

Uninstall:

AVG PC TuneUp (It seems to be doing some odd things)

Bing Bar (waste of browser space)

CCleaner (Use can cause problems as it has become a bit too agressive in removing stuff)

Chromodo (unsecure knockoff of Google Chrome)

CryptoPrevent (Makes it hard to make changes.  Have it remove its policies.  You can reinstall it when we are done)

HitmanPro 3.7 (Dangerous.  Sometimes it removes malware incorrectly and the PC will not boot)

Java 8 Update 171 (64-bit) (Java is no longer used by most websites because it is so vulnerable.  Do not reinstall unless you really need it for some website you frequent)
Java 8 Update 171
Java SE Development Kit 7 Update 75 (64-bit) (Obsolete version and thus dangerous)

Microsoft Silverlight (no longer supported)

SUPERAntiSpyware (makes it hard to make changes.  I wouldn't bother reinstalling after we are done)

WinPatrol (makes it hard to make changes)

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

 

Reboot

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

 

Run a FRST scan again with Addition.txt checked.  Try to copy and paste the logs rather than attaching them.  Use two posts if necessary.

 

These next can be another post if necessary:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
2018-05-08 06:49:03, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:03, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:05, Info                  CSI    0000000c [SR] Verify complete
2018-05-08 06:49:06, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:06, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:08, Info                  CSI    00000010 [SR] Verify complete
2018-05-08 06:49:09, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:09, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:12, Info                  CSI    00000014 [SR] Verify complete
2018-05-08 06:49:12, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:12, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:14, Info                  CSI    00000018 [SR] Verify complete
2018-05-08 06:49:15, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:15, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:17, Info                  CSI    0000001c [SR] Verify complete
2018-05-08 06:49:18, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:18, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:20, Info                  CSI    00000020 [SR] Verify complete
2018-05-08 06:49:21, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:21, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:23, Info                  CSI    00000024 [SR] Verify complete
2018-05-08 06:49:24, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:24, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:25, Info                  CSI    00000028 [SR] Verify complete
2018-05-08 06:49:26, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:26, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:29, Info                  CSI    0000002c [SR] Verify complete
2018-05-08 06:49:29, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:29, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:31, Info                  CSI    00000030 [SR] Verify complete
2018-05-08 06:49:32, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:32, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:40, Info                  CSI    00000034 [SR] Verify complete
2018-05-08 06:49:40, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:40, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:44, Info                  CSI    00000038 [SR] Verify complete
2018-05-08 06:49:44, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:44, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:47, Info                  CSI    0000003c [SR] Verify complete
2018-05-08 06:49:47, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:47, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:51, Info                  CSI    00000040 [SR] Verify complete
2018-05-08 06:49:52, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:52, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:54, Info                  CSI    00000044 [SR] Verify complete
2018-05-08 06:49:54, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:54, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2018-05-08 06:49:57, Info                  CSI    00000048 [SR] Verify complete
2018-05-08 06:49:58, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:49:58, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:02, Info                  CSI    0000004c [SR] Verify complete
2018-05-08 06:50:03, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:03, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:08, Info                  CSI    00000050 [SR] Verify complete
2018-05-08 06:50:08, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:08, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:11, Info                  CSI    00000054 [SR] Verify complete
2018-05-08 06:50:12, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:12, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:16, Info                  CSI    00000058 [SR] Verify complete
2018-05-08 06:50:16, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:16, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:25, Info                  CSI    0000005d [SR] Verify complete
2018-05-08 06:50:26, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:26, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:36, Info                  CSI    00000063 [SR] Verify complete
2018-05-08 06:50:36, Info                  CSI    00000064 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:36, Info                  CSI    00000065 [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:41, Info                  CSI    00000069 [SR] Verify complete
2018-05-08 06:50:42, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:42, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:46, Info                  CSI    0000006d [SR] Verify complete
2018-05-08 06:50:47, Info                  CSI    0000006e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:47, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2018-05-08 06:50:53, Info                  CSI    00000075 [SR] Verify complete
2018-05-08 06:50:54, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:50:54, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2018-05-08 06:51:03, Info                  CSI    00000098 [SR] Verify complete
2018-05-08 06:51:04, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:51:04, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2018-05-08 06:51:12, Info                  CSI    0000009c [SR] Verify complete
2018-05-08 06:51:12, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:51:12, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2018-05-08 06:51:21, Info                  CSI    000000a0 [SR] Verify complete
2018-05-08 06:51:22, Info                  CSI    000000a1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:51:22, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2018-05-08 06:51:28, Info                  CSI    000000a4 [SR] Verify complete
2018-05-08 06:51:28, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:51:28, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2018-05-08 06:51:36, Info                  CSI    000000a8 [SR] Verify complete
2018-05-08 06:51:36, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:51:36, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2018-05-08 06:51:42, Info                  CSI    000000ac [SR] Verify complete
2018-05-08 06:51:42, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:51:42, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2018-05-08 06:51:49, Info                  CSI    000000b0 [SR] Verify complete
2018-05-08 06:51:50, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:51:50, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2018-05-08 06:52:03, Info                  CSI    000000d5 [SR] Verify complete
2018-05-08 06:52:04, Info                  CSI    000000d6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:52:04, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
2018-05-08 06:52:13, Info                  CSI    000000d9 [SR] Verify complete
2018-05-08 06:52:13, Info                  CSI    000000da [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:52:13, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2018-05-08 06:52:29, Info                  CSI    000000dd [SR] Verify complete
2018-05-08 06:52:31, Info                  CSI    000000de [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:52:31, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2018-05-08 06:52:45, Info                  CSI    000000e3 [SR] Verify complete
2018-05-08 06:52:46, Info                  CSI    000000e4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:52:46, Info                  CSI    000000e5 [SR] Beginning Verify and Repair transaction
2018-05-08 06:52:52, Info                  CSI    000000e7 [SR] Verify complete
2018-05-08 06:52:52, Info                  CSI    000000e8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:52:52, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
2018-05-08 06:52:58, Info                  CSI    000000eb [SR] Verify complete
2018-05-08 06:52:58, Info                  CSI    000000ec [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:52:58, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2018-05-08 06:53:05, Info                  CSI    000000ef [SR] Verify complete
2018-05-08 06:53:05, Info                  CSI    000000f0 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:53:05, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2018-05-08 06:53:17, Info                  CSI    00000104 [SR] Verify complete
2018-05-08 06:53:18, Info                  CSI    00000105 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:53:18, Info                  CSI    00000106 [SR] Beginning Verify and Repair transaction
2018-05-08 06:53:22, Info                  CSI    00000108 [SR] Verify complete
2018-05-08 06:53:23, Info                  CSI    00000109 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:53:23, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
2018-05-08 06:53:28, Info                  CSI    0000010c [SR] Verify complete
2018-05-08 06:53:28, Info                  CSI    0000010d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:53:28, Info                  CSI    0000010e [SR] Beginning Verify and Repair transaction
2018-05-08 06:53:33, Info                  CSI    00000110 [SR] Verify complete
2018-05-08 06:53:34, Info                  CSI    00000111 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:53:34, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
2018-05-08 06:53:42, Info                  CSI    00000115 [SR] Verify complete
2018-05-08 06:53:43, Info                  CSI    00000116 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:53:43, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
2018-05-08 06:53:57, Info                  CSI    0000011a [SR] Verify complete
2018-05-08 06:53:58, Info                  CSI    0000011b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:53:58, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2018-05-08 06:54:03, Info                  CSI    0000011e [SR] Verify complete
2018-05-08 06:54:04, Info                  CSI    0000011f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:54:04, Info                  CSI    00000120 [SR] Beginning Verify and Repair transaction
2018-05-08 06:54:07, Info                  CSI    00000122 [SR] Verify complete
2018-05-08 06:54:08, Info                  CSI    00000123 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:54:08, Info                  CSI    00000124 [SR] Beginning Verify and Repair transaction
2018-05-08 06:54:18, Info                  CSI    00000126 [SR] Verify complete
2018-05-08 06:54:19, Info                  CSI    00000127 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:54:19, Info                  CSI    00000128 [SR] Beginning Verify and Repair transaction
2018-05-08 06:54:25, Info                  CSI    0000012a [SR] Verify complete
2018-05-08 06:54:26, Info                  CSI    0000012b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:54:26, Info                  CSI    0000012c [SR] Beginning Verify and Repair transaction
2018-05-08 06:54:35, Info                  CSI    0000012e [SR] Verify complete
2018-05-08 06:54:36, Info                  CSI    0000012f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:54:36, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2018-05-08 06:54:51, Info                  CSI    0000013c [SR] Verify complete
2018-05-08 06:54:53, Info                  CSI    0000013d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:54:53, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2018-05-08 06:55:04, Info                  CSI    0000014c [SR] Verify complete
2018-05-08 06:55:04, Info                  CSI    0000014d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:55:04, Info                  CSI    0000014e [SR] Beginning Verify and Repair transaction
2018-05-08 06:55:15, Info                  CSI    00000150 [SR] Verify complete
2018-05-08 06:55:16, Info                  CSI    00000151 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:55:16, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2018-05-08 06:55:39, Info                  CSI    00000154 [SR] Verify complete
2018-05-08 06:55:40, Info                  CSI    00000155 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:55:40, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2018-05-08 06:55:54, Info                  CSI    00000159 [SR] Verify complete
2018-05-08 06:55:54, Info                  CSI    0000015a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:55:54, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
2018-05-08 06:56:07, Info                  CSI    0000015d [SR] Verify complete
2018-05-08 06:56:07, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:56:07, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2018-05-08 06:56:17, Info                  CSI    00000161 [SR] Verify complete
2018-05-08 06:56:18, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:56:18, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2018-05-08 06:56:35, Info                  CSI    00000165 [SR] Verify complete
2018-05-08 06:56:35, Info                  CSI    00000166 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:56:35, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2018-05-08 06:56:44, Info                  CSI    00000169 [SR] Verify complete
2018-05-08 06:56:44, Info                  CSI    0000016a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:56:44, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2018-05-08 06:56:58, Info                  CSI    0000016f [SR] Verify complete
2018-05-08 06:56:59, Info                  CSI    00000170 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:56:59, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2018-05-08 06:57:21, Info                  CSI    00000173 [SR] Verify complete
2018-05-08 06:57:22, Info                  CSI    00000174 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:57:22, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
2018-05-08 06:57:37, Info                  CSI    00000178 [SR] Verify complete
2018-05-08 06:57:37, Info                  CSI    00000179 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:57:37, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2018-05-08 06:58:09, Info                  CSI    0000017c [SR] Verify complete
2018-05-08 06:58:10, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:58:10, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2018-05-08 06:58:31, Info                  CSI    00000181 [SR] Verify complete
2018-05-08 06:58:32, Info                  CSI    00000182 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:58:32, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2018-05-08 06:58:49, Info                  CSI    00000185 [SR] Verify complete
2018-05-08 06:58:50, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:58:50, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2018-05-08 06:59:03, Info                  CSI    0000018a [SR] Verify complete
2018-05-08 06:59:03, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:59:03, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2018-05-08 06:59:12, Info                  CSI    0000018e [SR] Verify complete
2018-05-08 06:59:13, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:59:13, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2018-05-08 06:59:20, Info                  CSI    00000192 [SR] Verify complete
2018-05-08 06:59:20, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:59:20, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2018-05-08 06:59:30, Info                  CSI    00000196 [SR] Verify complete
2018-05-08 06:59:30, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:59:30, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2018-05-08 06:59:41, Info                  CSI    0000019b [SR] Verify complete
2018-05-08 06:59:41, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:59:41, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2018-05-08 06:59:48, Info                  CSI    000001a0 [SR] Verify complete
2018-05-08 06:59:49, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:59:49, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2018-05-08 06:59:54, Info                  CSI    000001a4 [SR] Verify complete
2018-05-08 06:59:54, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 06:59:54, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:02, Info                  CSI    000001a9 [SR] Verify complete
2018-05-08 07:00:02, Info                  CSI    000001aa [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:02, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:11, Info                  CSI    000001ae [SR] Verify complete
2018-05-08 07:00:12, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:12, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:19, Info                  CSI    000001b3 [SR] Verify complete
2018-05-08 07:00:20, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:20, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:28, Info                  CSI    000001b7 [SR] Verify complete
2018-05-08 07:00:29, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:29, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:39, Info                  CSI    000001bc [SR] Verify complete
2018-05-08 07:00:39, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:39, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:47, Info                  CSI    000001c0 [SR] Verify complete
2018-05-08 07:00:48, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:48, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:51, Info                  CSI    000001c4 [SR] Verify complete
2018-05-08 07:00:51, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:51, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2018-05-08 07:00:58, Info                  CSI    000001c8 [SR] Verify complete
2018-05-08 07:00:58, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:00:58, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2018-05-08 07:01:07, Info                  CSI    000001cc [SR] Verify complete
2018-05-08 07:01:08, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:01:08, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2018-05-08 07:01:20, Info                  CSI    000001d0 [SR] Verify complete
2018-05-08 07:01:20, Info                  CSI    000001d1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:01:20, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
2018-05-08 07:01:33, Info                  CSI    000001d4 [SR] Verify complete
2018-05-08 07:01:34, Info                  CSI    000001d5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:01:34, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
2018-05-08 07:01:44, Info                  CSI    000001d8 [SR] Verify complete
2018-05-08 07:01:44, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:01:44, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2018-05-08 07:02:05, Info                  CSI    000001dc [SR] Verify complete
2018-05-08 07:02:05, Info                  CSI    000001dd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:02:05, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2018-05-08 07:02:32, Info                  CSI    000001e0 [SR] Verify complete
2018-05-08 07:02:32, Info                  CSI    000001e1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:02:32, Info                  CSI    000001e2 [SR] Beginning Verify and Repair transaction
2018-05-08 07:02:41, Info                  CSI    000001e4 [SR] Verify complete
2018-05-08 07:02:42, Info                  CSI    000001e5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:02:42, Info                  CSI    000001e6 [SR] Beginning Verify and Repair transaction
2018-05-08 07:02:50, Info                  CSI    000001e8 [SR] Verify complete
2018-05-08 07:02:51, Info                  CSI    000001e9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:02:51, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2018-05-08 07:02:53, Info                  CSI    000001ec [SR] Verify complete
2018-05-08 07:02:54, Info                  CSI    000001ed [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:02:54, Info                  CSI    000001ee [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:00, Info                  CSI    000001f0 [SR] Verify complete
2018-05-08 07:03:01, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:01, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:11, Info                  CSI    000001f4 [SR] Verify complete
2018-05-08 07:03:12, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:12, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:17, Info                  CSI    000001f8 [SR] Verify complete
2018-05-08 07:03:17, Info                  CSI    000001f9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:17, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:18, Info                  CSI    000001fc [SR] Verify complete
2018-05-08 07:03:18, Info                  CSI    000001fd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:18, Info                  CSI    000001fe [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:22, Info                  CSI    00000206 [SR] Verify complete
2018-05-08 07:03:23, Info                  CSI    00000207 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:23, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:31, Info                  CSI    0000020a [SR] Verify complete
2018-05-08 07:03:31, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:31, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:42, Info                  CSI    0000020e [SR] Verify complete
2018-05-08 07:03:43, Info                  CSI    0000020f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:43, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
2018-05-08 07:03:51, Info                  CSI    00000212 [SR] Verify complete
2018-05-08 07:03:52, Info                  CSI    00000213 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:03:52, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2018-05-08 07:04:04, Info                  CSI    00000216 [SR] Verify complete
2018-05-08 07:04:04, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:04:04, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2018-05-08 07:04:17, Info                  CSI    0000021a [SR] Verify complete
2018-05-08 07:04:18, Info                  CSI    0000021b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:04:18, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2018-05-08 07:04:29, Info                  CSI    0000021f [SR] Verify complete
2018-05-08 07:04:30, Info                  CSI    00000220 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:04:30, Info                  CSI    00000221 [SR] Beginning Verify and Repair transaction
2018-05-08 07:04:37, Info                  CSI    00000223 [SR] Verify complete
2018-05-08 07:04:37, Info                  CSI    00000224 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:04:37, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
2018-05-08 07:04:46, Info                  CSI    00000227 [SR] Verify complete
2018-05-08 07:04:47, Info                  CSI    00000228 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:04:47, Info                  CSI    00000229 [SR] Beginning Verify and Repair transaction
2018-05-08 07:05:15, Info                  CSI    0000022e [SR] Verify complete
2018-05-08 07:05:15, Info                  CSI    0000022f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:05:15, Info                  CSI    00000230 [SR] Beginning Verify and Repair transaction
2018-05-08 07:05:30, Info                  CSI    00000235 [SR] Verify complete
2018-05-08 07:05:31, Info                  CSI    00000236 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:05:31, Info                  CSI    00000237 [SR] Beginning Verify and Repair transaction
2018-05-08 07:05:45, Info                  CSI    00000239 [SR] Verify complete
2018-05-08 07:05:46, Info                  CSI    0000023a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:05:46, Info                  CSI    0000023b [SR] Beginning Verify and Repair transaction
2018-05-08 07:06:00, Info                  CSI    00000247 [SR] Verify complete
2018-05-08 07:06:01, Info                  CSI    00000248 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:06:01, Info                  CSI    00000249 [SR] Beginning Verify and Repair transaction
2018-05-08 07:06:16, Info                  CSI    0000024f [SR] Verify complete
2018-05-08 07:06:16, Info                  CSI    00000250 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:06:16, Info                  CSI    00000251 [SR] Beginning Verify and Repair transaction
2018-05-08 07:06:35, Info                  CSI    00000253 [SR] Verify complete
2018-05-08 07:06:35, Info                  CSI    00000254 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:06:35, Info                  CSI    00000255 [SR] Beginning Verify and Repair transaction
2018-05-08 07:06:45, Info                  CSI    00000259 [SR] Verify complete
2018-05-08 07:06:46, Info                  CSI    0000025a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:06:46, Info                  CSI    0000025b [SR] Beginning Verify and Repair transaction
2018-05-08 07:06:56, Info                  CSI    0000025d [SR] Verify complete
2018-05-08 07:06:56, Info                  CSI    0000025e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:06:56, Info                  CSI    0000025f [SR] Beginning Verify and Repair transaction
2018-05-08 07:07:06, Info                  CSI    00000284 [SR] Verify complete
2018-05-08 07:07:07, Info                  CSI    00000285 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:07:07, Info                  CSI    00000286 [SR] Beginning Verify and Repair transaction
2018-05-08 07:07:19, Info                  CSI    00000288 [SR] Verify complete
2018-05-08 07:07:19, Info                  CSI    00000289 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:07:19, Info                  CSI    0000028a [SR] Beginning Verify and Repair transaction
2018-05-08 07:07:29, Info                  CSI    0000028c [SR] Verify complete
2018-05-08 07:07:29, Info                  CSI    0000028d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:07:29, Info                  CSI    0000028e [SR] Beginning Verify and Repair transaction
2018-05-08 07:07:40, Info                  CSI    00000290 [SR] Verify complete
2018-05-08 07:07:41, Info                  CSI    00000291 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:07:41, Info                  CSI    00000292 [SR] Beginning Verify and Repair transaction
2018-05-08 07:07:50, Info                  CSI    000002a0 [SR] Verify complete
2018-05-08 07:07:50, Info                  CSI    000002a1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:07:50, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2018-05-08 07:08:08, Info                  CSI    000002a4 [SR] Verify complete
2018-05-08 07:08:09, Info                  CSI    000002a5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:08:09, Info                  CSI    000002a6 [SR] Beginning Verify and Repair transaction
2018-05-08 07:08:18, Info                  CSI    000002b4 [SR] Verify complete
2018-05-08 07:08:19, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:08:19, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
2018-05-08 07:08:23, Info                  CSI    000002b8 [SR] Verify complete
2018-05-08 07:08:23, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:08:23, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
2018-05-08 07:08:30, Info                  CSI    000002bc [SR] Verify complete
2018-05-08 07:08:31, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:08:31, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2018-05-08 07:08:42, Info                  CSI    000002c1 [SR] Verify complete
2018-05-08 07:08:43, Info                  CSI    000002c2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:08:43, Info                  CSI    000002c3 [SR] Beginning Verify and Repair transaction
2018-05-08 07:08:45, Info                  CSI    000002c5 [SR] Verify complete
2018-05-08 07:08:46, Info                  CSI    000002c6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:08:46, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
2018-05-08 07:08:56, Info                  CSI    000002c9 [SR] Verify complete
2018-05-08 07:08:56, Info                  CSI    000002ca [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:08:56, Info                  CSI    000002cb [SR] Beginning Verify and Repair transaction
2018-05-08 07:09:06, Info                  CSI    000002cd [SR] Verify complete
2018-05-08 07:09:06, Info                  CSI    000002ce [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:09:06, Info                  CSI    000002cf [SR] Beginning Verify and Repair transaction
2018-05-08 07:09:20, Info                  CSI    000002d1 [SR] Verify complete
2018-05-08 07:09:20, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:09:20, Info                  CSI    000002d3 [SR] Beginning Verify and Repair transaction
2018-05-08 07:09:33, Info                  CSI    000002ed [SR] Verify complete
2018-05-08 07:09:33, Info                  CSI    000002ee [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:09:33, Info                  CSI    000002ef [SR] Beginning Verify and Repair transaction
2018-05-08 07:10:00, Info                  CSI    000002f1 [SR] Verify complete
2018-05-08 07:10:01, Info                  CSI    000002f2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:10:01, Info                  CSI    000002f3 [SR] Beginning Verify and Repair transaction
2018-05-08 07:10:11, Info                  CSI    000002f5 [SR] Verify complete
2018-05-08 07:10:12, Info                  CSI    000002f6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:10:12, Info                  CSI    000002f7 [SR] Beginning Verify and Repair transaction
2018-05-08 07:10:20, Info                  CSI    000002f9 [SR] Verify complete
2018-05-08 07:10:21, Info                  CSI    000002fa [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:10:21, Info                  CSI    000002fb [SR] Beginning Verify and Repair transaction
2018-05-08 07:10:29, Info                  CSI    000002ff [SR] Verify complete
2018-05-08 07:10:29, Info                  CSI    00000300 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:10:29, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
2018-05-08 07:10:39, Info                  CSI    00000303 [SR] Verify complete
2018-05-08 07:10:39, Info                  CSI    00000304 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:10:39, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
2018-05-08 07:10:54, Info                  CSI    00000307 [SR] Verify complete
2018-05-08 07:10:55, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:10:55, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
2018-05-08 07:11:05, Info                  CSI    0000030b [SR] Verify complete
2018-05-08 07:11:05, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:11:05, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
2018-05-08 07:11:19, Info                  CSI    00000310 [SR] Verify complete
2018-05-08 07:11:20, Info                  CSI    00000311 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:11:20, Info                  CSI    00000312 [SR] Beginning Verify and Repair transaction
2018-05-08 07:11:36, Info                  CSI    00000314 [SR] Verify complete
2018-05-08 07:11:36, Info                  CSI    00000315 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:11:36, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
2018-05-08 07:11:47, Info                  CSI    00000318 [SR] Verify complete
2018-05-08 07:11:48, Info                  CSI    00000319 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:11:48, Info                  CSI    0000031a [SR] Beginning Verify and Repair transaction
2018-05-08 07:11:59, Info                  CSI    0000031c [SR] Verify complete
2018-05-08 07:12:00, Info                  CSI    0000031d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:12:00, Info                  CSI    0000031e [SR] Beginning Verify and Repair transaction
2018-05-08 07:12:15, Info                  CSI    00000321 [SR] Verify complete
2018-05-08 07:12:16, Info                  CSI    00000322 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:12:16, Info                  CSI    00000323 [SR] Beginning Verify and Repair transaction
2018-05-08 07:12:26, Info                  CSI    00000325 [SR] Verify complete
2018-05-08 07:12:27, Info                  CSI    00000326 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:12:27, Info                  CSI    00000327 [SR] Beginning Verify and Repair transaction
2018-05-08 07:12:43, Info                  CSI    00000329 [SR] Verify complete
2018-05-08 07:12:44, Info                  CSI    0000032a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:12:44, Info                  CSI    0000032b [SR] Beginning Verify and Repair transaction
2018-05-08 07:12:57, Info                  CSI    0000032d [SR] Verify complete
2018-05-08 07:12:58, Info                  CSI    0000032e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 07:12:58, Info                  CSI    0000032f [SR] Beginning Verify and Repair transaction
2018-05-08 07:13:11, Info                  CSI    00000331 [SR] Verify complete
2018-05-08 07:13:12, Info                  CSI    00000332 [SR] Verifying 43 (0x000000000000002b) components
2018-05-08 07:13:12, Info                  CSI    00000333 [SR] Beginning Verify and Repair transaction
2018-05-08 07:13:16, Info                  CSI    00000335 [SR] Verify complete
2018-05-08 07:13:16, Info                  CSI    00000336 [SR] Repairing 0 components
2018-05-08 07:13:16, Info                  CSI    00000337 [SR] Beginning Verify and Repair transaction
2018-05-08 07:13:16, Info                  CSI    00000339 [SR] Repair complete

  • 0

#4
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/05/2018 6:16:57 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2018 6:08:32 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.
 
Log: 'System' Date/Time: 08/05/2018 4:50:28 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 08/05/2018 4:50:05 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 07/05/2018 11:52:22 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.
 
Log: 'System' Date/Time: 07/05/2018 11:42:00 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Log: 'System' Date/Time: 07/05/2018 11:38:42 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The WebcamMax, WDM Video Capture service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 07/05/2018 11:38:21 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The memudrv service failed to start due to the following error:  The system cannot find the path specified.
 
Log: 'System' Date/Time: 07/05/2018 11:35:42 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 07/05/2018 11:35:29 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
 
Log: 'System' Date/Time: 07/05/2018 11:34:40 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
 
Log: 'System' Date/Time: 07/05/2018 11:33:50 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2018 11:08:35 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/05/2018 11:08:31 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/05/2018 11:36:46 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
 
Log: 'System' Date/Time: 07/05/2018 11:35:50 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 07/05/2018 11:35:50 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 

  • 0

#5
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by Supermatt (administrator) on SUPERMATT-PC (08-05-2018 18:56:48)
Running from C:\Users\Supermatt\Desktop
Loaded Profiles: Supermatt (Available Profiles: Supermatt & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Puran Software) C:\Windows\System32\PuranDefragS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2015-01-10] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-14] (COMODO)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1328632 2015-12-25] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-08-14] (VMware, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [353104 2017-09-16] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2015-01-11] (WordWeb Software)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [EPSON TX121 Series (Copy 4)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGI.EXE [224768 2016-05-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [GoogleChromeAutoLaunch_50818B30D6C98E2F19EF6E17C729E2E7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1586008 2018-04-26] (Google Inc.)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [1348096 2018-02-23] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2017-08-25]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{99E377DB-D2D0-44A5-8533-AA8BE1381644}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-06-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-09-16]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.3.1
Tcpip\..\Interfaces\{4D667F57-0C7B-4433-8185-D6FCF6C28DC4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{91B9594E-1066-4CA0-B867-D2996DA72B2B}: [DhcpNameServer] 192.168.3.1 192.168.3.1
Tcpip\..\Interfaces\{E7FEDADC-9F33-43B5-A033-D31CF0FC7FBB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F0A0A4C6-46AF-48B0-962C-F8E4B085E072}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-08-17] (RealDownloader)
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-08-17] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF DefaultProfile: 9yuxk64l.default
FF ProfilePath: C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default [2018-05-08]
FF user.js: detected! => C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\user.js [2018-01-30]
FF Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF Extension: (AdBlock) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-01] [Legacy] [not signed]
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-09-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-09-16] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=cr&dcr=0&ei=2sKOWvWJNomi0QT0yb_oDw&fg=1","hxxps://duckduckgo.com/"
CHR Profile: C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default [2018-05-08]
CHR Extension: (Beatlab) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2018-01-13]
CHR Extension: (Docs) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-13]
CHR Extension: (Google Drive) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-13]
CHR Extension: (MEGA) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-05-05]
CHR Extension: (DuckDuckGo) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-05-05]
CHR Extension: (Audiotool) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2018-01-13]
CHR Extension: (YouTube) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-13]
CHR Extension: (Dragon Web Extension) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2018-02-03]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-13]
CHR Extension: (AdBlock) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-04]
CHR Extension: (Tab Cookies) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahecghojagkcoehfhfknajofkokndjm [2018-01-13]
CHR Extension: (Omnibox NCR) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohddgnpofoogkkjejnmcgleamcfbhhc [2018-02-22]
CHR Extension: (Flat - Music scores and guitar tabs editor) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg [2018-01-13]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-14] (COMODO)
S3 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)
S3 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2015-01-25] (MAGIX AG) [File not signed]
R2 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2015-01-25] (MAGIX®) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-04-16] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-04-16] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
R3 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-16] (RealNetworks, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-08-14] ()
R3 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2017-04-04] (Google Inc)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-10-16] (The OpenVPN Project)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2015-07-05] (CrystalIdea Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-02-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-02-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-02-01] (COMODO)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2016-03-29] (Wireless Data Device)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-05-05] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-12-25] (Windows ® Win 7 DDK provider)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-25] (Etron Technology Inc)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [32768 2017-04-04] (Google Inc)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2015-01-10] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-02-01] (COMODO)
S3 leusbser; C:\Windows\System32\DRIVERS\leusbser.sys [238080 2015-07-01] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-04-16] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2018-05-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-04-16] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
S3 plkusbser; C:\Windows\System32\DRIVERS\plkusbser.sys [113664 2008-01-23] (QUALCOMM Incorporated)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [49208 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2015-01-10] (Synaptics Incorporated)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-14] (The OpenVPN Project) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2015-05-17] (TOSHIBA Corporation) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2015-01-29] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-12-17] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-12-17] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-12-17] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2015-04-04] (Windows ® Win 7 DDK provider)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)
S2 memudrv; \??\C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
Error(1) reading file: "C:\Windows\System32\Tasks\RealPlayer (32-bit) "
2018-05-08 18:16 - 2018-05-08 18:18 - 000004085 _____ C:\VEW.txt
2018-05-08 14:12 - 2018-05-08 14:12 - 000042447 _____ C:\Users\Supermatt\Desktop\junk.txt
2018-05-08 06:49 - 2018-05-08 06:49 - 000061440 _____ ( ) C:\Users\Supermatt\Desktop\VEW.exe
2018-05-08 06:27 - 2018-05-08 06:27 - 020975616 _____ C:\Users\Supermatt\Documents\App log clear.evtx
2018-05-08 06:25 - 2018-05-08 06:25 - 020975616 _____ C:\Users\Supermatt\Documents\Event logs for system.evtx
2018-05-07 14:12 - 2018-05-07 14:18 - 000167032 _____ C:\Users\Supermatt\Desktop\Addition.txt
2018-05-07 14:03 - 2018-05-08 19:01 - 000027762 _____ C:\Users\Supermatt\Desktop\FRST.txt
2018-05-07 13:59 - 2018-05-07 13:59 - 000000000 ____D C:\Users\Supermatt\Desktop\FRST-OlderVersion
2018-05-06 10:26 - 2018-05-06 10:26 - 000000199 _____ C:\Users\Supermatt\Desktop\Windows P keys.txt
2018-05-05 16:42 - 2018-05-05 16:42 - 002125128 _____ C:\Users\Supermatt\Downloads\pxengine4_10_28a.zip
2018-05-05 16:38 - 2018-05-05 16:38 - 001593914 _____ C:\Users\Supermatt\Downloads\pxengine3_00_58a.zip
2018-05-05 16:02 - 2018-05-05 16:04 - 000079200 _____ C:\Users\Supermatt\Downloads\cdrom.inf_amd64_neutral_8363d00ecae4322d.zip
2018-05-05 13:22 - 2018-05-05 13:22 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2018-05-05 12:43 - 2018-05-05 17:40 - 000313962 _____ C:\Windows\ntbtlog.txt
2018-05-03 19:53 - 2018-05-03 19:53 - 000003136 _____ C:\Windows\System32\Tasks\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88}
2018-05-01 09:26 - 2018-05-01 09:26 - 000000000 ____D C:\RegBackup
2018-04-30 17:42 - 2018-04-30 17:42 - 000000000 ____D C:\Users\Supermatt\Desktop\revisi k 13 th 2016 dan 2017
2018-04-30 16:52 - 2018-05-03 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-04-30 16:50 - 2018-05-03 13:28 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-04-29 17:46 - 2018-04-29 17:46 - 000006460 _____ C:\Users\Supermatt\Documents\Going to the animal park.vpj
2018-04-29 17:46 - 2018-04-29 17:46 - 000000000 ____D C:\Users\Supermatt\Documents\VideoPad Projects
2018-04-28 14:49 - 2018-04-28 14:50 - 108967184 _____ (Microsoft Corporation) C:\Users\Supermatt\Downloads\OfficeLangPack2013_Indonesian_x86.exe
2018-04-23 13:36 - 2018-04-23 13:36 - 000001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2018-04-23 13:36 - 2018-04-23 13:36 - 000001139 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2018-04-23 13:36 - 2018-04-23 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2018-04-23 13:36 - 2018-04-23 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2018-04-22 13:22 - 2018-04-23 16:56 - 000000000 ____D C:\Users\Supermatt\Downloads\MEmu Download
2018-04-22 13:20 - 2018-04-23 19:36 - 000000000 ____D C:\Users\Supermatt\.MemuHyperv
2018-04-20 09:33 - 2018-04-21 11:35 - 000009872 _____ C:\Users\Supermatt\Documents\Elsha's Kitchen.xlsx
2018-04-19 10:59 - 2018-05-07 21:56 - 000000000 ____D C:\Users\Supermatt\AppData\Local\AvgSetupLog
2018-04-17 21:34 - 2018-04-19 10:44 - 000000000 ____D C:\AVG_Remover
2018-04-17 17:15 - 2018-01-06 01:50 - 000749664 _____ (Nitro Software, Inc.) C:\Windows\system32\NxPrinterMonitor11.dll
2018-04-16 18:24 - 2018-05-07 21:52 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-15 16:53 - 2018-04-15 16:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-15 16:43 - 2018-04-15 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-04-15 15:12 - 2018-04-15 15:12 - 000000000 ____D C:\Users\Supermatt\AppData\Local\ElevatedDiagnostics
2018-04-15 15:01 - 2018-04-15 15:01 - 000092993 _____ C:\Users\Supermatt\Downloads\o15-ctrremove.diagcab
2018-04-15 14:45 - 2018-04-15 17:51 - 000000000 ____D C:\Users\Supermatt\Desktop\temp ms office
2018-04-14 21:35 - 2018-04-15 04:44 - 524288000 _____ C:\Users\Supermatt\Downloads\sanet.cd_MS_Office_2016_Pro_Plus_VL_X64_MULTi-17_APRIL_2018_Gen2.zip.002
2018-04-13 16:35 - 2018-04-13 16:55 - 000000000 ____D C:\Games
2018-04-13 16:34 - 2018-04-15 13:36 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\.tlauncher
2018-04-11 18:51 - 2018-04-12 10:33 - 000000000 ____D C:\Program Files\Nitro
2018-04-11 18:00 - 2018-04-11 18:19 - 119860441 _____ C:\Users\Supermatt\Downloads\Nitro.Pro.Enterprise.10.5.9.9_x64.softarchive.la.rar
2018-04-08 17:26 - 2018-04-08 17:31 - 012742614 _____ C:\Users\Supermatt\Downloads\[Sinan_Ozdemir]_Principles_of_Data_Science(b-ok.xyz).epub
2018-04-08 08:35 - 2018-04-08 08:35 - 000000000 ____D C:\Users\Supermatt\AppData\Local\mpress
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-08 18:58 - 2015-04-16 00:59 - 001474832 _____ C:\Windows\system32\Drivers\sfi.dat
2018-05-08 18:56 - 2017-10-06 13:08 - 000000000 ____D C:\FRST
2018-05-08 06:47 - 2009-07-14 11:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-08 06:47 - 2009-07-14 11:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-08 06:40 - 2015-09-14 17:03 - 000002976 _____ C:\Windows\System32\Tasks\Intel® GPA Monitor 13.3
2018-05-08 06:39 - 2014-01-12 19:27 - 000000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-05-08 06:38 - 2016-08-14 14:36 - 000000000 ____D C:\ProgramData\VMware
2018-05-08 06:37 - 2015-01-24 07:08 - 000000091 _____ C:\HaxLogs.txt
2018-05-08 06:37 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-08 06:21 - 2016-03-16 00:20 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\WinPatrol
2018-05-08 06:21 - 2016-03-16 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-05-08 06:21 - 2016-03-16 00:18 - 000000000 ____D C:\ProgramData\InstallMate
2018-05-08 06:20 - 2016-05-08 23:33 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-08 00:25 - 2015-01-24 00:59 - 000000000 ____D C:\Program Files\Java
2018-05-08 00:07 - 2014-01-09 00:42 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-07 23:11 - 2016-01-31 03:35 - 000000000 ____D C:\Program Files\HitmanPro
2018-05-07 22:58 - 2014-09-01 21:31 - 000000000 ____D C:\Users\Supermatt\AppData\Local\Comodo
2018-05-07 22:35 - 2016-02-25 18:30 - 000001566 __RSH C:\ProgramData\ntuser.pol
2018-05-07 22:33 - 2018-01-29 22:11 - 000000000 ____D C:\ProgramData\Avg
2018-05-07 22:33 - 2015-03-01 14:27 - 000000000 ____D C:\Program Files (x86)\AVG
2018-05-07 21:54 - 2018-02-23 18:38 - 000004490 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-07 21:54 - 2015-07-02 08:29 - 000003440 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2018-05-07 21:54 - 2014-06-23 22:59 - 000003014 _____ C:\Windows\System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73}
2018-05-07 21:54 - 2014-06-23 22:58 - 000003014 _____ C:\Windows\System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69}
2018-05-07 21:52 - 2017-12-19 21:07 - 000003236 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000
2018-05-07 21:52 - 2017-12-19 21:06 - 000003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000
2018-05-07 21:52 - 2014-12-06 13:06 - 000003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2018-05-07 21:51 - 2014-02-18 00:37 - 000003756 _____ C:\Windows\System32\Tasks\Real Player online update program
2018-05-07 17:09 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\vlc
2018-05-07 15:38 - 2017-10-04 19:15 - 000000000 ____D C:\Users\Supermatt\AppData\Local\CrashDumps
2018-05-07 13:59 - 2017-10-06 12:57 - 002406912 _____ (Farbar) C:\Users\Supermatt\Desktop\FRST64.exe
2018-05-07 13:53 - 2014-01-08 23:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-07 13:27 - 2014-01-10 22:23 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\tixati
2018-05-06 18:40 - 2009-07-14 12:13 - 000901690 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-06 18:40 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-05-06 18:29 - 2015-01-29 16:07 - 000003978 _____ C:\Windows\System32\Tasks\UALU notificatin
2018-05-06 18:01 - 2014-01-08 23:26 - 000000000 ____D C:\Users\Supermatt\AppData\Local\Apps\2.0
2018-05-06 13:23 - 2016-01-29 12:01 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-05-06 11:56 - 2015-05-17 02:48 - 000000000 ____D C:\Users\Supermatt\Documents\Bluetooth Exchange Folder
2018-05-05 13:54 - 2014-01-08 23:27 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-05 13:54 - 2014-01-08 23:27 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-03 17:23 - 2018-01-01 11:47 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-03 17:23 - 2018-01-01 11:47 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-03 15:01 - 2014-01-08 20:52 - 000000000 ____D C:\Users\Supermatt
2018-05-03 15:00 - 2017-10-04 23:10 - 005300384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-03 14:57 - 2017-11-12 19:08 - 000000000 ____D C:\Windows\System32\Tasks\COMODO
2018-05-03 14:57 - 2016-02-08 14:12 - 000000000 ____D C:\Users\Administrator.Supermatt-PC
2018-05-03 14:57 - 2015-12-14 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-03 14:57 - 2015-12-14 00:01 - 000000000 ____D C:\Program Files\7-Zip
2018-05-03 14:57 - 2015-06-26 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-03 14:57 - 2014-01-12 13:55 - 000000000 ____D C:\Program Files\Common Files\Nitro
2018-05-03 14:57 - 2014-01-12 13:55 - 000000000 ____D C:\Program Files (x86)\Nitro
2018-05-03 14:57 - 2014-01-09 18:42 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-05-03 14:53 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\registration
2018-05-03 14:46 - 2014-02-17 10:33 - 000000000 ____D C:\ProgramData\Real
2018-05-01 08:17 - 2014-02-14 14:30 - 000000000 ____D C:\Users\Supermatt\Downloads\Compressed
2018-04-30 17:56 - 2015-05-05 23:41 - 000000000 ____D C:\Users\HomeGroupUser$
2018-04-30 17:56 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Guest
2018-04-30 17:55 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Administrator
2018-04-30 06:16 - 2014-02-14 14:30 - 000000000 ____D C:\Users\Supermatt\Downloads\Video
2018-04-29 17:33 - 2014-02-21 18:50 - 000000000 ____D C:\ProgramData\Temp
2018-04-29 13:37 - 2014-01-12 14:54 - 000001915 _____ C:\Users\Supermatt\AppData\Roaming\SAS7_000.DAT
2018-04-29 07:42 - 2015-04-27 20:51 - 000085032 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-04-28 22:21 - 2014-01-08 20:58 - 000180176 _____ C:\Users\Supermatt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-28 15:33 - 2014-01-09 18:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-28 15:33 - 2009-07-14 09:34 - 000000478 _____ C:\Windows\win.ini
2018-04-28 15:30 - 2011-04-12 15:28 - 000000000 ____D C:\Windows\ShellNew
2018-04-28 03:46 - 2016-03-10 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-04-23 19:38 - 2018-04-07 07:37 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-04-23 13:36 - 2018-04-07 07:36 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-04-22 13:19 - 2014-01-14 12:59 - 000000000 ____D C:\Users\Supermatt\.android
2018-04-22 00:20 - 2016-04-23 02:46 - 000002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2018-04-19 17:47 - 2014-05-31 11:33 - 000000000 ____D C:\Users\Supermatt\Documents\Calibre Library
2018-04-17 16:55 - 2018-03-25 13:37 - 000001054 _____ C:\Users\Supermatt\Desktop\Puran Utilities.lnk
2018-04-17 15:48 - 2017-11-09 17:50 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-04-15 16:35 - 2014-01-09 18:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-15 16:25 - 2009-07-14 10:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-15 15:11 - 2014-01-09 18:41 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-15 13:37 - 2018-03-25 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Utilities
2018-04-15 13:37 - 2014-05-31 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2018-04-15 13:37 - 2014-01-09 18:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-04-15 13:36 - 2018-04-07 07:36 - 000000000 ____D C:\ProgramData\NCH Software
2018-04-15 13:24 - 2017-03-09 06:27 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\.minecraft
2018-04-15 13:12 - 2014-01-09 18:39 - 000000000 __RHD C:\MSOCache
2018-04-14 07:48 - 2018-04-07 07:37 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\NCH Software
 
==================== Files in the root of some directories =======
 
2015-01-03 00:20 - 2015-01-03 00:20 - 005404888 _____ (COMODO) C:\ProgramData\cis28B.exe
2016-02-27 11:20 - 2016-02-27 11:20 - 003429056 _____ (COMODO) C:\ProgramData\cis6DFC.exe
2017-11-12 09:05 - 2017-08-29 11:52 - 004784832 _____ (COMODO) C:\ProgramData\cisCB19.exe
2017-11-12 09:05 - 2017-08-29 11:56 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-08-17 14:59 - 2017-08-17 14:59 - 000000604 ____H () C:\Program Files (x86)\Br1S
2014-04-30 09:03 - 2014-04-30 09:03 - 002174976 ____N (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2017-08-21 23:48 - 2017-08-21 23:48 - 000000605 ____H () C:\Program Files (x86)\Common Files\Br4S
2016-08-02 21:33 - 2016-08-02 21:33 - 000000330 _____ () C:\Program Files (x86)\Common Files\eInstruction.ini
2017-08-17 23:20 - 2010-01-15 10:36 - 000075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2014-01-19 01:20 - 2014-06-18 00:57 - 004216840 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2017-08-16 18:01 - 2017-08-25 15:07 - 001562498 _____ () C:\Users\Supermatt\AppData\Roaming\AvidApplicationManager_Install.log
2016-08-03 13:58 - 2016-11-27 23:12 - 000001505 _____ () C:\Users\Supermatt\AppData\Roaming\evmanage.prf
2016-08-03 13:54 - 2016-11-27 22:55 - 000000074 _____ () C:\Users\Supermatt\AppData\Roaming\evplay.prf
2016-08-12 13:10 - 2018-03-26 17:47 - 000004086 _____ () C:\Users\Supermatt\AppData\Roaming\evpro32.prf
2014-01-12 14:54 - 2018-04-29 13:37 - 000001915 _____ () C:\Users\Supermatt\AppData\Roaming\SAS7_000.DAT
2015-05-02 23:29 - 2015-05-02 23:31 - 000047104 ___SH () C:\Users\Supermatt\AppData\Roaming\Thumbs.db
2016-02-09 17:39 - 2016-05-10 20:28 - 000000504 _____ () C:\Users\Supermatt\AppData\Roaming\Weather Monitor_Settings.ini
2016-05-29 16:30 - 2016-10-24 19:03 - 000019456 _____ () C:\Users\Supermatt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-17 23:37 - 2015-08-17 23:37 - 000000036 _____ () C:\Users\Supermatt\AppData\Local\housecall.guid.cache
2015-02-18 16:01 - 2015-07-31 10:02 - 000007603 _____ () C:\Users\Supermatt\AppData\Local\Resmon.ResmonCfg
2015-08-18 01:08 - 2015-08-18 01:08 - 000000010 _____ () C:\Users\Supermatt\AppData\Local\sponge.last.runtime.cache
2015-05-11 21:44 - 2015-05-11 21:46 - 000000000 _____ () C:\Users\Supermatt\AppData\Local\TaskMan.cmd.done
2014-07-16 20:27 - 2014-07-16 20:27 - 000000000 _____ () C:\Users\Supermatt\AppData\Local\{B6A17797-1312-4D71-B698-87AF7CAD21F9}
 
Some files in TEMP:
====================
2018-05-03 16:07 - 2018-05-03 16:07 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext1261804521494961108.dll
2018-05-08 06:43 - 2018-05-08 06:43 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext2009245552345696483.dll
2018-05-04 09:22 - 2018-05-04 09:22 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext2199720197495350632.dll
2018-05-03 16:47 - 2018-05-03 16:47 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext3019161824338952284.dll
2018-05-04 14:44 - 2018-05-04 14:44 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext4095260913454169706.dll
2018-05-03 15:12 - 2018-05-03 15:12 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5316181530305744407.dll
2018-04-20 08:14 - 2018-04-20 08:14 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5548591749658421109.dll
2018-05-03 20:29 - 2018-05-03 20:29 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5805253463151181967.dll
2018-05-04 16:15 - 2018-05-04 16:15 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext6533485191856689063.dll
2018-05-03 21:58 - 2018-05-03 21:58 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext7179398710160451432.dll
2018-05-05 13:17 - 2018-05-05 13:17 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext8778474399459458408.dll
2018-05-07 23:11 - 2016-04-08 17:35 - 011441744 _____ (SurfRight B.V.) C:\Users\Supermatt\AppData\Local\Temp\HitmanPro.exe
2018-04-28 22:41 - 2018-04-28 22:41 - 001884616 _____ (Oracle Corporation) C:\Users\Supermatt\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-04-28 15:27 - 2013-02-21 06:17 - 000150600 _____ (Microsoft Corporation) C:\Users\Supermatt\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
 
LastRegBack: 2018-05-08 14:53
 
==================== End of FRST.txt ============================

  • 0

#6
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Supermatt (08-05-2018 19:03:18)
Running from C:\Users\Supermatt\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-08 13:51:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3797239318-1157007529-570800937-500 - Administrator - Disabled) => C:\Users\Administrator.Supermatt-PC
Guest (S-1-5-21-3797239318-1157007529-570800937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3797239318-1157007529-570800937-1002 - Limited - Enabled)
Supermatt (S-1-5-21-3797239318-1157007529-570800937-1000 - Administrator - Enabled) => C:\Users\Supermatt
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.3.0.33 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Alive Video Converter (version 3.1.8.6) (HKLM-x32\...\Alive Video Converter_is1) (Version:  - AliveMedia, Inc.)
Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anime Studio Pro 10.1.1 (HKLM\...\ASP1011_is1) (Version: 10.1.1 - Smith Micro Software, Inc.)
Anime Studio Pro 11.0 (HKLM\...\ASP1100_is1) (Version: 11.0 - Smith Micro Software, Inc.)
AOMEI Partition Assistant Unlimited Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version:  - AOMEI Technology Co., Ltd.)
APK Studio (HKLM-x32\...\APK Studio d49d3de) (Version: d49d3de - Vaibhav Pandey)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Maya LT 2015 (HKLM\...\{2FB97E5C-14A5-47C8-BD85-69CC70471291}) (Version: 15.10.373.0 - Autodesk) Hidden
Autodesk Maya LT 2015 (HKLM\...\Autodesk Maya LT 2015) (Version: 15.10.373.0 - Autodesk)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.1.115 - Avid Technology, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{7F1AA7AB-E4FB-46F7-AC2F-57D78D63A368}) (Version: 3.19.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
Classware (HKLM-x32\...\{5F945DFC-3BD1-74F7-5090-8885D0F4B1C5}) (Version: 1.2.3 - Cambridge University Press Holdings Limited) Hidden
Classware (HKLM-x32\...\Classware.D18242EEED0228FFB0408CDB0EFA905F46FFD844.1) (Version: v1.2.3.7574 - Cambridge University Press Holdings Limited)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{4F6FC44D-AE9F-472B-8F00-B8388BC9AA04}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.2 - Foolish IT LLC)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1905.56 - CyberLink Corp.)
DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX121 Series Printer Uninstall (HKLM\...\EPSON TX121 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{4A0259D2-7278-4B23-B594-60B4124015A6}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{B9FDCE73-DC39-4671-8F2E-2CA5ACB924B0}) (Version: 10.02.0000 - Rick Meyers)
ExamView Assessment Suite (HKLM-x32\...\{C59DE8FB-B81E-4386-B719-A8C95C16544B}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Beginner) (HKLM-x32\...\{eebe1d9a-486c-40e7-ae07-1892b3b2b7b4}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Elementary) (HKLM-x32\...\{ecb8a57a-21dc-4667-95f5-e2eff83733df}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Pre-intermediate) (HKLM-x32\...\{78d3c66f-5c7d-4da7-96eb-4e405a5406f2}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 1-3) (HKLM-x32\...\{8da61a8f-877e-443d-b448-3d1e60118184}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 4-6) (HKLM-x32\...\{4431b83a-1e23-458e-9f6c-a1d8270b6694}) (Version: 8.1.107.70421 - eInstruction)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
GameMaker Studio 2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\GameMakerStudio2) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hippo Animator 3.8 (HKLM\...\Hippo Animator 3) (Version: 3.8.5316.24610 - Hippo Studios)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
IL Autogun (HKLM-x32\...\IL Autogun) (Version:  - Image-Line)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Graphics Performance Analyzers 2013 R3 (HKLM\...\{B48DBBEE-2CCB-492E-2571-78ECE93329CB}) (Version: 13.3.0.207307 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.5 - PACE Anti-Piracy, Inc.)
Kernel for VHD ver 12.06.01 (HKLM-x32\...\Kernel for VHD_is1) (Version:  - Lepide Software Pvt.Ltd)
LenovoTool 1.2.2_os (HKLM-x32\...\LenovoTool) (Version: 1.2.2_os - Lenovo)
LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
LifeBeg (HKLM-x32\...\{BC41E108-ACA5-25E9-039A-09085C1A15F0}) (Version: 1.0 - UNKNOWN) Hidden
LifeBeg (HKLM-x32\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifeElem (HKLM-x32\...\{926447E2-8B00-F3D3-FA7A-73DE25CE5CF9}) (Version: 1.0 - UNKNOWN) Hidden
LifeElem (HKLM-x32\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifePreInt (HKLM-x32\...\{76B7A5CD-3757-D3A7-7321-86677926B755}) (Version: 1.0 - UNKNOWN) Hidden
LifePreInt (HKLM-x32\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Independence Libraries Common Files (HKLM\...\{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Libraries Common Files (HKLM-x32\...\MAGIX_{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro 3.1 VST-Plugins (HKLM\...\{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 VST-Plugins (HKLM-x32\...\MAGIX_{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro Software Suite 3.1 (HKLM\...\{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.1 (HKLM-x32\...\MAGIX_{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG)
MAGIX Music Maker 2014 Premium (HKLM\...\{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM\...\{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM-x32\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM\...\{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Visuals) (HKLM\...\{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Visuals) (HKLM-x32\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium Soundpools (HKLM\...\{095A41CD-2500-4783-AE28-87E05653CDE7}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (HKLM\...\{6F1F7E62-A579-434C-9610-F6FE2930C02E}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
Math Resource Studio 5 (HKLM-x32\...\{946E9741-5FAE-4011-9019-BC1FAF3FE99D}) (Version: 5.0.14.1 - Schoolhouse Technologies)
MCreator 1.7.7 (HKLM-x32\...\MCreator 1.7.7 Installer) (Version:  - Pylo)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Toolkit 2.4.0.0 (HKLM-x32\...\Microsoft Toolkit 2.4.0.0) (Version: 2.4.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
Our World 1 AE 2.0 (HKLM-x32\...\Our World 1 AE 2.0) (Version: 1.0.0.0 - )
Our World 2 AE 2.0 (HKLM-x32\...\Our World 2 AE 2.0) (Version: 1.0.0.0 - )
Our World 4 AE 2.0 (HKLM-x32\...\Our World 4 AE 2.0) (Version: 1.0.0.0 - )
Our World 6 AE 2.0 (HKLM-x32\...\Our World 6 AE 2.0) (Version: 1.0.0.0 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Puran Utilities 3.1 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated)
RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Schoolhouse Test 4 (HKLM-x32\...\{F5C9D54B-C338-4EF1-89D4-94F369CFC061}) (Version: 4.0.3.3 - Schoolhouse Technologies)
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.2.0.89 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Singing Coach 5 Pro (HKLM-x32\...\Singing Coach 5 Pro) (Version: 5.0.5.0 - Electronic Learning Products, Inc. )
Speech Support (HKLM-x32\...\Speech Support) (Version:  - LEC)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SuperBeam (HKLM\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 7 - LiveQoS Inc)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.14.0 - Synaptics Incorporated)
Telegram Desktop version 1.0.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Turbo Studio 17 (HKLM-x32\...\{80bc26f1-601d-4766-b205-404db5168343}) (Version: 17.0.1.0 - Code Systems)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.3 - CrystalIDEA Software, Inc.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.01 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (HKLM\...\{84CB6E60-E7CB-429F-AF9A-44F035889123}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 add-on content (HKLM\...\{77C4AF18-19ED-489E-84D3-203E3862F6BC}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (HKLM\...\{5D8D5B24-732C-4AA6-ABFE-9EAFF12064A4}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (HKLM\...\{C1109FC5-35DA-403C-AE1D-99295EDB6FA9}) (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (HKLM\...\{7A22C523-501D-4FD2-B9AD-BBEE8AFAED44}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (HKLM\...\{3CAD92B3-6BA0-44A4-A546-162520A80BB3}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (HKLM\...\{96826F72-1E29-4AB8-9312-84E664DCE474}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (HKLM\...\{4F6B2EA9-4598-4653-B13A-E27AA387DC9B}) (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.)
Vocabulary Worksheet Factory 5 (HKLM-x32\...\{DCC3A680-485D-4C55-AEDE-A87483B99E54}) (Version: 5.0.20.4 - Schoolhouse Technologies)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WhatsApp (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WhatsApp) (Version: 0.2.8000 - WhatsApp)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Data Recovery(Build 5.0.3.13) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.3.13 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
XiaoMiTool version 0.4.1 (HKLM-x32\...\{1A2DAE03-6903-4871-A909-237AB764A4B6}_is1) (Version: 0.4.1 - Francesco Tescari)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.8.20150402 - Xilisoft)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-16] (RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-10] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02170602-07F0-446E-8EF6-4FCF2D7FCE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0FE1F78F-1F58-4105-9BDE-B3C6ED7DD4B2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {1A52B213-DA38-4CB7-BF83-8E1A4458448E} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {217CAB11-5A88-4B6B-8196-A4DB24ADE963} - System32\Tasks\{B81634CD-E33F-477E-BE2A-01BA37F57777} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {268EAEAA-A07B-4AA6-9162-C427C41DEB1D} - System32\Tasks\Update\ProxyUpdate => C:\Windows\Prefetch\AVG_PCTuneUp.exe <==== ATTENTION
Task: {2D159C88-B96E-48E4-87F6-84431EADC166} - System32\Tasks\{FDB7A662-A7D5-4A80-88F5-8A1C522277DD} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u65-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {35541BD8-08B8-456E-977E-5ABF73EA6E11} - System32\Tasks\Intel® GPA Monitor 13.3 => C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe [2015-09-14] (Intel Corporation)
Task: {3704F14D-700A-4BAE-A91E-66B9EA645E52} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {3AE3FB84-1465-4EBA-B033-D42FECA4FA61} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3BD3C4D8-5152-4ABB-ACB9-F60AE7A8216E} - System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {47B38BDB-0F7A-4FDB-9956-602A9CCBD69D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4F68631E-92EC-4599-8299-E5B773FEE018} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {582212B9-A012-48FD-915E-975D0E0ED486} - System32\Tasks\{276A30E3-DC17-4817-B9CF-7C12127C6DE2} => C:\Windows\system32\pcalua.exe -a C:\Users\Supermatt\Desktop\MiFlashUnlock_1.1.0317.1_en\MiUsbDriver.exe
Task: {58526FD5-F666-4078-B306-47B0D26CB9AA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {59BB5577-DD6F-4D2D-A725-2A3A440C2A0F} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {5C1D53F2-A431-4D09-9788-5288219B42B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {62D1B557-2D88-412B-A8EE-670747BB8D9C} - \RealPlayer (32-bit)  -> No File <==== ATTENTION
Task: {7D57EBF5-3183-4D3C-B0D2-EE0509E50F84} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-03-14] (COMODO)
Task: {8F4CF6A0-B45B-4E52-9009-C505F9D7A091} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2015-04-17] (COMODO CA Limited)
Task: {906A2DDB-F2B5-443F-A1FF-80906798196F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-03-14] (COMODO)
Task: {9318C4DF-FB4C-4824-9DC9-A68C7E1F1356} - System32\Tasks\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microvirt\MEmu\uninstall\uninstall.exe" -c -u
Task: {9EA43A95-A8CD-4975-B11A-748D6AC8948D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2017-09-16] (RealNetworks, Inc.)
Task: {A207CBFF-F373-4A2B-B8D7-218E07F1F27C} - System32\Tasks\{D7259A02-C46F-4BF8-AFFA-C68E495F17D5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {A9EE4656-CBCB-40A3-AD82-BD7D16B21D4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {AC6746AC-3DDB-4151-A4FD-E07E2AE93159} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {AFDA95AA-E786-438B-994E-9AF9C9915827} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B0C50936-9A0B-408D-95D3-92E39A4583F2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {B24A5D00-4852-4973-BF13-57FE01076CA3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-23] (Adobe Systems Incorporated)
Task: {C9C4CB60-7785-4BFB-8AB1-7CEE5D431073} - System32\Tasks\{983DFDD9-AB89-45AD-8EFD-BAFE6774E08C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Security Task Manager\Setup.exe" -d "C:\Program Files (x86)\Security Task Manager"
Task: {E00DAAA3-C20A-4AAA-B36F-38F78DE05BA1} - System32\Tasks\{8902A5A3-54A0-4BBF-892E-12ED7A2F33E5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {E20FE766-DA34-4D12-92B8-EAA36B178DE7} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {E620F070-9DCA-4003-9542-72629F7DB336} - System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {F253961A-27C4-473E-BCE3-AC65C4E55B84} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2015-01-29] (Acer Incorporated)
Task: {F9A4D47A-3C11-494D-9AB2-342BFBEAC2BB} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Supermatt\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-29 05:56 - 2018-03-14 00:17 - 000244416 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-08-29 05:56 - 2018-03-14 00:17 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 008866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-18 05:42 - 2016-05-18 05:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-09-21 15:04 - 2009-09-21 15:04 - 001501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-02-28 09:21 - 2015-12-25 15:28 - 001328632 _____ () C:\Program Files (x86)\DFX\DFX.exe
2010-06-25 09:08 - 2010-06-25 09:08 - 000173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-02-28 09:14 - 2015-12-25 15:28 - 000133624 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-02-28 09:18 - 2015-12-25 15:28 - 000134648 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-02-28 09:48 - 2015-12-25 15:28 - 000051192 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2016-04-14 17:16 - 2016-08-14 14:37 - 012471368 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-08-12 16:15 - 2015-08-12 16:15 - 007803392 _____ () c:\program files\avid\application manager\jre\bin\server\jvm.dll
2018-05-08 06:43 - 2018-05-08 06:43 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext2009245552345696483.dll
2017-07-20 16:03 - 2017-09-07 15:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2018-05-03 17:23 - 2018-04-26 10:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-05-03 17:23 - 2018-04-26 10:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2014-09-13 22:46 - 2014-09-04 10:41 - 000047496 ____N () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-13 22:46 - 2014-09-04 10:41 - 000104328 ____N () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-02-28 09:43 - 2015-12-25 15:28 - 000052216 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 001309768 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 000199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 000396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 000173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\autoexec.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\BcmBtRSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bdsandboxuh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdsandboxuiskin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\btwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280C.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280I.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280O.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNMIUAA.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNMLMAA.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\E_IBCBGGI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gfxSrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hccutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ig4icd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcmjit64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxCoIn_v2993.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IGFXDEVLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxexps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrara.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrchs.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcht.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcsy.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdan.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdeu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrell.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrenu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxresn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxress.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfin.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfra.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrheb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrhrv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrhun.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrita.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrjpn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrkor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnld.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrplk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrptb.lrc:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igfxrptg.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrrom.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrrus.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsky.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrslv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsve.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtha.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtrk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxsrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxTMM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IntcDAuC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnN64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTKSMlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTKSMSettingsIPC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SupportTool.exe.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynCtrl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SynGlwPadShlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynTPAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynTPCo8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vmnetbridge.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vnetinst.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC280L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC280U.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ig4icd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igdumdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmjit32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxdv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxexps32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MaxxAudioAPOShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft Toolkit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\subinacl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynTPCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynTPEnhPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ViewPDF01.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vorbis.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wPDFView01.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\androidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\aswTap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bcbtums.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwaudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwl2cap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwrchid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\CisUtMonitor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cmnxusbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cnnctfy3.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfx11_1x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfx12x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IntcDAud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IntelHaxm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\k57nd60a.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\kbfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\leusbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndiskhaz.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SynTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tapSF0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmactmon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TMEBC64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmeevw.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmevtmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmnciesc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmusa.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TosBtCi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosporte.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfcom.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Tosrfhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfnds.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TosRfSnd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TurboB.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSB.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vmci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetadapter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetbridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wcmvcam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cis28B.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cis6DFC.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [169]
AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-100 pic.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-75.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1.  Chairein.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\10. MICHAEL.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\12. BILLY.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\13. SAMANTHA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. HENOKH.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle - English.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160105.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160113.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2337_the_simple_past_tense.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\3. ALFEUS.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\31785_whats_the_weather_like.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\32186_jobs__occupations.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\3650559416010026653.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\4. VICTORIA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\43_____Macmillan_English_Grammar_in_Context__gnv__..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\461785816034XXXX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\4745_the_present_perfect_tense.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\488939-images-of-soccer-field.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\5. SHALOM.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\6 Kung Fu Secrets for Flexibility & Higher Kicks.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\6. CECILIA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\67Grammar_Games_For_Children______..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\7. JASON'S.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\7010296916010026635.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\8. NATHAN.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\8m05bb36g04.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. THIERY.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\adjectives.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\All MTK USB Driver 2014.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Analytic-Rubric-Template.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ANSWER SHEET GRADE 4-6 TEST 1 SEMESTER 2 2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\A_Better_Camera_Unlocked_v3.31.TROJAN.ONHAX.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible 2.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Blood Moon Rise.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bluetooth_Broadcom_6.3.0.6000_W7x64_A.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\book on a desk.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy and girl talking.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy in a musem.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy soldier.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\boy-girl- Hello.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\brickman.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\C._K.Chu_-_The_Book_of_Nei_Kung_1st_ed.pdf.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\calibre-64bit-2.38.0.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\can-you-tell-me-the-way.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CAT B GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cat in a box.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160118_0055794802.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160418_0060467347.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cn+v5-8gb.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\coherence-cohesion.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\com.nuance.swype.trial_2.1.0.2010030.41841-2010030_minAPI14(armeabi)(nodpi).apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cows can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Crazy katy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cu31924031764594.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\D467_Storytelling_handbook_FINAL_web.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\demonstrative-pronouns.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DriverBackupAxioo9G.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\drove a car.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Dungeon Master II - The Legend of Skullkeep.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\dungeon-master-2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2-w-instructions.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EC FINALTEST MAY 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\english-pronouns.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\English_Grammar_in_Use_rd_Edition_CD___Demonoid.com___..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20093122229851430194.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2009521133639530074079.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20096719959341029384.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201021914855766628530.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201022401613547116161.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201098125924964636505.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2011629165151324736806.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201421402831610.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2016122233302070.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_04192016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EXE.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EX_Kernel_Manager_2.55.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part1.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part2.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\F8CB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Family Sturcture.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FBFBBBAD0DD7E14D41B8610E16DD97E18AFDD350.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FE Advanced - the MoonX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fire Resque.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FL_SM_v2.0.1[Androidiha.com].apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fragment.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FRX07.1_Full_Bundle_20110901.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fundamentals_of_English_Grammar-Teacher_s_Guide_0130136344.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GBX0A_Full_Bundle_11.3.2011.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Girl and Boy talking.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Globe1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 5- 6 SPELLBEE 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\guitar-sale-poster.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\hard work.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to go to the dentist.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to take out the trash.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Hobbies.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Holistic-Rubric-Template.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\HostsMan_4.6.103_installer.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\House burn.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Hubble space from NASA.Gov.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\HxDSetupEN.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM Integration Extention.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM.6.25.Build.12-Maherz.softarchive.net.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman.6.26.2f.softarchive.la.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDMGCExt.crx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh_Adonai_(Hebrew)_Elisheva_Shomron_(w_lyrics).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kernel.VHD.12.06.01.softarchive.net.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\kernel_injector.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lazy guy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lenovo-P780-ReParted-0.2.2-ID-EN-Aroma.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\listening test 1 semester 2 grade 7 - 9  2016 - 2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\little-girl-in-museum.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\making-words-negative-verbs.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\man-falling-down-stairs1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\manual.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\map_places-in-town.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MEGA-RECOVERYKEY.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Men can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\meteos-mtk6589-rom-edit-8gb-en.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MicrosoftFixit50641.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiFlashUnlock_1.1.0317.1_en.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mintywhite-1003-fonts-megapack.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Mounts2SD-3.4.8-unlocked.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MSTK.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MT65xx-Port-Lewa.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MTK6589_Partition_4GB_8GB_16GB.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mysteries.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\never drove a car.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\never rode a horse.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\NewGoogleInstaller2.0MS.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\NewKingrootV4.82_C138_B250_en_release_2016_03_09_105203.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\numbers.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Old man boarding.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\P780ROW_8Gb_ReParted_Data_no_int_sd_no_backup.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Paramedic help.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\paraphrasing plant cycle-6.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\parts-of-a-plant.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Patch_V6-2015-07-01.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PATRICIA1812_503535968.CSV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\People can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\plant-vocabulary-worksheet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment 2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\produkey-x64.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Puppy for sale.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\puppy under a tree.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Pure_Graphic_HD_Tweak.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Reflex_Bow-Pleasure_Paradox-GApps-ODEX-saga.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\REMA-TIP-TOP-SC2000-Cement-Bonding-Procedures-Rev4.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Remix_OS_for_PC_Android_M_64bit_B2016112101.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rode a horse.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\row+v5-8gb.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\RUGOS_0.TTF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rules.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Samuel.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Santo (Kadosh) .mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\scaryman.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ScatterEditor_v1.06.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Scatter_files_4GB_and_8GB.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Seeder-2.0.0.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1040.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1106.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Sharp dressed man.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SileadTouch.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SILVA-Sniper.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\simple present tense daily routines exercises worksheet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-1 (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-2.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\souvenirs.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\spelling bee word list.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\stack-mvp-membership-resources-6ae8.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\sunrise_182853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SUPERAntiSpyware.Pro.6.0.1212.sanet.me.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\superbeam-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\swimming.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Talking together.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017 (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test3-openrecovery-TWRP-saga-2.8.1.2-unofficial.img:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\The Middle East in Jesus Day.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\toporesize-0.7.1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\touch-driver-win8-10.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\TPDriver.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-studio-17.0.794.1.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.4.0rev2-p780row.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.7.1rev1-p780row+.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UAPM-1.41.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ubuntu-14.04.4-desktop-i386.iso.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Unconfirmed 820659.crdownload:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\unit-3.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UPDATE-SuperSU-v2.46.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UWT.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VHDTool.w32.1.0-b1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WeatherMonitor.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\well dressed girl.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\What's your name.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Win.KMS.Activator.Ultimate.2016.3.0.softarchive.la.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WinDroid 7 (GGT) 09-04-2016 0-18-37.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\x-demonoidcom-x_over_70_english_grammar_and_writing_books_5100102926.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\xposed-v80-sdk22-arm64-MIUI-edition-by-SolarWarez-20160217.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\XposedInstaller_3.0_alpha4.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\[limetorrents.cc]Malwarebytes.Anti-Malware.Premium.2.1.8.1057.Multilingual...KeyGen.by.FFF.torrent:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-09-12 23:18 - 2016-12-17 00:32 - 000000697 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 license.superantispyware.com
127.0.0.1 tonec.com
127.0.0.1 internetdownloadmanager.com
0.0.0.0 license.superantispyware.com
0.0.0.0 keystone.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DragonSvc => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart                                                                                                                                                                                                     
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe                                                                                                                                                                                                       
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot                                                                                                                                                                                                   
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "PowerDVD12DMREngine"
HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "GoogleDriveSync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{219A26F1-820B-49F7-B661-6C4E6944FC2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AAAA85EC-D718-47C9-879C-CDA8579CEFF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{705D0812-999F-4EF8-8025-FFA528D0E6D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{80E07C3D-27C6-47CF-8574-218C777634AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9848B36B-2273-4286-BF90-C2B5466218E2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{6F5EA031-9D3E-4CB9-8F7D-9A40E84582ED}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{87BC4FC3-2EB9-476F-9BB0-DE43EC4B3C67}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{9DAF9614-B9CF-4360-BDF7-6B2C919C1F08}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{5E34C749-0653-4A6F-A3E0-A49DEAA7974D}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{3754294B-8BC5-409F-B742-3D4DB2D82D78}] => (Allow) LPort=51001
FirewallRules: [{CE38EE3F-28BE-444A-A851-C14A7EEE0DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8A0746D9-2F0D-4D23-A0EB-85FB8C59C068}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B2529E6-9DCF-451A-B3F5-1A29AFC0D005}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2968D884-222C-4949-BA1D-5AE2871B37FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{717759C5-69C3-4E26-B94C-3195D192A090}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{79F7CDED-6AC6-4D56-A3FF-0993692193FC}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{7C74F8CF-3178-4E87-8461-C3E22F58B130}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{C5604AA7-992D-4CCB-8CEB-0F774590582D}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{85E81382-982E-4DC7-9488-F0B13DBE20CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{0022D6B1-7412-4FA2-B941-CC9CC80AF313}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{AAF0200E-A99F-484B-88DD-31680040AB7C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{AC0B44C7-FB73-499A-A74A-537201C64AA8}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{FD1E42B2-3866-4BC7-B7CC-2E4EFA78BBAB}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{A8C5307B-204A-4D37-AB9D-B92A42C31853}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FB183F9E-6CEC-4CBF-B482-D0647D4D7F83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9E6A5106-9A61-419D-8BD2-BC947901BB3D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{56C037E2-0A93-42E4-9547-FC027885C4A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6C1857C7-8DD9-4830-A921-AB9EFE6799DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F20B86A7-CAC9-4BF8-8B0C-FF956FA04AD7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{1794799F-581F-4D42-A2EA-8107C64E181E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [UDP Query User{1D2BD891-2C37-4825-9E90-86328CF4945E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D582C995-C7C4-45BC-80B6-D9EC290B85D2}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{5C2A35BE-D115-46D0-81DE-4FDC493A134C}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D3A755B2-C040-419E-BB8D-5A0E1A85A434}] => (Allow) LPort=8080
FirewallRules: [{02FFB931-CD4D-4B17-BDA6-D75E1BB10A7E}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{27D72650-BB1A-456A-B524-C7BEAED4FAF9}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{286DC3F0-C4B8-419E-9431-C1A34A1B4656}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{8339AEBF-2F6E-4822-A7D0-9CD7FD90361B}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{60BC5D15-6BDE-48CE-A1F3-220D15C2DFDD}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6A17B749-DC74-46E5-9372-143DA0658AF0}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{D1255087-7376-482A-9997-246634CE9C89}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{3288B3B5-C77A-4E44-8B9A-3380D4679FBF}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6E2601F2-02AB-4D75-BE72-ED4D258538E9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{FEE5923B-4360-48B6-8921-ADF4A4D7FF64}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{22A4CDB9-0712-421B-A4F5-47328E5673E2}] => (Allow) LPort=7935
FirewallRules: [{6FDEC213-17B7-449F-A107-AA36C0B3CB02}] => (Allow) C:\Windows\SysWOW64\router.exe
FirewallRules: [TCP Query User{B0CA7870-EE47-4CD0-AE1D-840F0019323E}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [UDP Query User{A35E3EB5-8AE3-4C09-A4DB-024B80BCD2A4}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [TCP Query User{7294E9ED-8FF7-43D3-B62D-640521C54937}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D1388B3A-DDC7-416E-BAB4-993690A1BF3A}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{D8368476-864A-4ECA-B099-C05D851CB68D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2621560F-4D18-498B-87A1-57AF8CE63EA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8C91258-814D-4C2C-93F4-84E16EFC64ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4FFFDBAD-5CAD-4679-B3B0-E93DC90FC6AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE2522F0-A7BC-429B-A14D-6ADF52657A8E}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CF44B602-D564-4384-B8C6-565D3BD0C9D6}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CC846382-CC29-4046-A8DB-D39D3375CC9D}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{60CB4EC5-7966-44CA-999C-4E623543290A}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{48B2E9D5-9083-4DAB-9A59-8CC242D86704}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{5E3F9622-3508-450F-9C87-5FF416430443}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{526BD3DF-653B-4ABD-93DA-0A65DCEBC387}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{11C51389-8697-4972-83E3-0DA53541B953}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{8C089F28-6842-444C-8022-39AC99CAE226}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{91A56486-9729-4326-9EFA-432BB85D8F21}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{0A90557A-DA7B-477D-B9A2-32ABC7026234}] => (Allow) LPort=17234
FirewallRules: [{F724E459-45E6-4AD0-98CB-50B4B5068122}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{0EA1ACAC-67E7-4B25-B10C-AB3D7AC8B4FB}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{291BBA65-4AB4-458E-B33B-0C37F2CF719B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{F791C0A0-D5CE-407D-BD89-D525C9CAEFA1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{90BA8D38-E7A8-4830-9CDB-DCF48A6894E3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{BCB8BD7E-2521-4551-96F6-3D99F8A624C5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{7D8BFB07-6AF2-4380-8E48-FD2B18D910F6}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{6418B01D-8DFA-4722-8942-AF673C661486}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{592A0725-5F25-40EF-9DB3-7C6E823657E0}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{7109E65B-E4A1-4B09-8A8C-C7A4D7C00EA1}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{02FE2634-D65F-4430-B855-A78C6BAE88FD}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{D8BE8888-629A-4AFA-B6E0-75E40B4E3F23}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{8AE424B6-BFB7-455B-AE17-5D821A455C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EC9EB48D-E841-4687-B421-45BCD07D0EC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3BF257-E86D-4A8D-945A-F475DAF09348}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{A519E786-F885-47A0-AC8C-2AA235288156}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{F6C97284-8D40-4FC7-BC40-75B818AA48DA}] => (Allow) LPort=8080
FirewallRules: [{D1D458A2-2D9D-4467-B5AD-6FBE36B636DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-05-2018 14:53:23 Buddy safe
04-05-2018 16:34:55 Windows Backup
07-05-2018 23:50:06 Removed Java SE Development Kit 7 Update 75 (64-bit)
08-05-2018 00:06:31 Removed Java 8 Update 171
08-05-2018 00:24:50 Removed Java 8 Update 171 (64-bit)
08-05-2018 00:26:05 Removed Microsoft Silverlight
 
==================== Faulty Device Manager Devices =============
 
Name: memudrv
Description: memudrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: memudrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/08/2018 05:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (05/08/2018 05:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (05/08/2018 05:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/08/2018 05:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error: (05/08/2018 05:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
 
Error: (05/08/2018 05:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/08/2018 05:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error: (05/08/2018 05:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
 
 
System errors:
=============
Error: (05/08/2018 01:08:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (05/08/2018 11:50:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (05/08/2018 11:50:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (05/08/2018 06:52:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (05/08/2018 06:42:00 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (05/08/2018 06:38:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (05/08/2018 06:38:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The memudrv service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (05/08/2018 06:35:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
 
Date: 2017-11-12 23:12:24.098
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-11-12 23:12:23.973
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-11-12 23:04:32.628
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-11-12 23:04:32.581
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-11-05 22:49:57.890
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-11-05 22:49:57.827
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-11-05 15:02:37.109
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-11-05 15:02:36.953
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 5812.5 MB
Available physical RAM: 2600.78 MB
Total Virtual: 11952.71 MB
Available Virtual: 8582.89 MB
 
==================== Drives ================================
 
Drive c: (Disk4) (Fixed) (Total:529.09 GB) (Free:232.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Disk2) (Fixed) (Total:402.32 GB) (Free:168.33 GB) NTFS
Drive m: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:357.14 GB) NTFS
 
\\?\Volume{05205e46-78e8-11e3-9a7e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 01C54DC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=402.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=529.1 GB) - (Type=0F Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C03BCFB4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Still waiting on Process Explorer and Speccy logs.

 

Also uninstall:

 

Bonjour (not working)

VMware Workstation (somewhat sick: If you need it you can reboot and reinstall it)

 

Copy the next line:

 

api-ms-win-core-synch-l1-2-0.dll

 

(highlight and Ctrl + c)

 

Then start FRST but do not hit SCAN.  Instead click on the Search Box and hit Ctrl + v which should paste the copied text into the box.  Hit Search Files.  You will get one log please copy and paste it.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if it doesn't do it for you.

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#8
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
AdAppMgrSvc.exe 3,560 K 9,684 K 1796 Autodesk Application Manager Autodesk Inc. (Verified) Autodesk
alg.exe 2,320 K 6,288 K 2168 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,672 K 5,132 K 2104 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
aspnet_state.exe 3,016 K 7,360 K 2216 Microsoft ASP.NET State Server Microsoft Corporation (Verified) Microsoft Corporation
BTTray.exe 7,340 K 12,744 K 3152 Bluetooth Tray Application Broadcom Corporation. (Verified) Broadcom Corporation
btwdins.exe 3,164 K 7,260 K 2360 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
BtwRSupportService.exe 3,452 K 8,992 K 2272 Bluetooth Radio Management Support Broadcom Corporation. (Verified) Broadcom Corporation
cavwp.exe 58,644 K 32,640 K 4308 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
chrome.exe 4,188 K 8,232 K 1476 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,992 K 7,584 K 1704 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 23,204 K 32,952 K 540 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,068 K 37,768 K 4460 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5,804 K 10,404 K 4788 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 49,836 K 64,056 K 5016 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,276 K 31,232 K 3472 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 160,592 K 173,100 K 4128 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,100 K 35,384 K 4020 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 113,384 K 110,164 K 6364 Google Chrome Google Inc. (Verified) Google Inc
cis.exe 6,956 K 7,556 K 4592 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
CLHNServiceForPowerDVD12.exe 1,720 K 5,220 K 5656 CLHNServiceForPowerDVD12 Module CyberLink Corp. (Verified) CyberLink
conhost.exe 1,696 K 4,200 K 1568 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 2,444 K 5,152 K 664 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
dgnsvc.exe 1,888 K 5,732 K 2456 Dragon NaturallySpeaking Service Nuance Communications, Inc. (Verified) Nuance Communications
dllhost.exe 2,996 K 7,256 K 6768 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
E_S50RPB.EXE 2,068 K 4,828 K 2532 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
E_S50STB.EXE 2,176 K 5,192 K 2480 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
FABS.exe 2,132 K 6,296 K 5752 Verzeichnisüberwachung und Hilfsaufgaben für die Medienbibliothek MAGIX AG (No signature was present in the subject) MAGIX AG
GoogleCrashHandler.exe 1,992 K 528 K 3776 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 2,184 K 572 K 3808 Google Crash Handler Google Inc. (Verified) Google Inc
loggerservice.exe 1,744 K 5,228 K 4984 Dragon NaturallySpeaking Logging Service Nuance Communications, Inc. (Verified) Nuance Communications
lsm.exe 3,396 K 6,104 K 872 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 3,408 K 7,636 K 2320 Bonjour Service Apple Inc. (Verified) Apple Inc.
NASvc.exe 2,584 K 7,376 K 6132 NeroUpdate Nero AG (Verified) Nero AG
NitroPDFDriverService9x64.exe 1,984 K 4,964 K 3592 Nitro PDF Spool Service Nitro PDF Software (Verified) Nitro PDF Software
NLSSRV32.EXE 1,448 K 4,444 K 3684 This service enables products that use the Nalpeiron Licensing System Nalpeiron Ltd. (Verified) Nitro PDF Software
procexp.exe 2,980 K 7,316 K 3480 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PuranDefragS.exe 2,028 K 4,636 K 3748 Puran Defrag Service Puran Software (Certificate expired) Puran Software
RAVCpl64.exe 9,088 K 12,068 K 2728 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
realsched.exe 3,436 K 372 K 3416 RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks
RegSrvc.exe 2,856 K 7,576 K 3832 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
rundll32.exe 1,924 K 6,012 K 3400 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 41,352 K 22,364 K 4796 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
services.exe 7,640 K 15,180 K 856 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 548 K 1,248 K 500 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,444 K 15,808 K 1648 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,704 K 8,300 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,468 K 12,096 K 2412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,336 K 5,476 K 3856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,184 K 7,480 K 3900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,216 K 9,544 K 3364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,644 K 6,692 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,360 K 5,936 K 2340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,908 K 16,904 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,792 K 12,936 K 548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 31,396 K 28,676 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 3,328 K 8,440 K 1456 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,404 K 6,248 K 4116 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe 1,644 K 5,060 K 2952 Updater Service Acer Incorporated (Verified) Acer Incorporated
vmware-authd.exe 5,884 K 10,952 K 3728 VMware Authorization Service VMware, Inc. (Verified) VMware
wininit.exe 1,804 K 4,880 K 752 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,348 K 7,840 K 800 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 2,744 K 6,636 K 1560 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
wmdc.exe 3,188 K 8,396 K 2740 Windows Mobile Device Center Microsoft Corporation (Verified) Microsoft Corporation
WmiPrvSE.exe 5,396 K 11,252 K 4384 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wweb32.exe 6,520 K 10,532 K 2816 WordWeb WordWeb Software (Verified) WordWeb Software
svchost.exe < 0.01 11,600 K 15,616 K 1688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
vmnat.exe < 0.01 2,340 K 6,248 K 3056 VMware NAT Service VMware, Inc. (Verified) VMware
vmware-usbarbitrator64.exe < 0.01 4,412 K 9,168 K 4740 VMware USB Arbitration Service VMware, Inc. (Verified) VMware
svchost.exe < 0.01 216,912 K 223,784 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
EvtEng.exe < 0.01 10,320 K 19,100 K 2564 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
svchost.exe < 0.01 17,360 K 20,468 K 1436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,392 K 11,968 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
fbserver.exe < 0.01 3,040 K 6,900 K 2688 Firebird SQL Server - MAGIX® Edition MAGIX® (No signature was present in the subject) MAGIX®
vmnetdhcp.exe < 0.01 8,116 K 11,572 K 3800 VMware VMnet DHCP service VMware, Inc. (Verified) VMware
taskhost.exe < 0.01 16,840 K 19,096 K 2032 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
vmware-hostd.exe < 0.01 32,456 K 45,048 K 5072 (Verified) VMware
chrome.exe 0.01 77,484 K 99,124 K 6344 Google Chrome Google Inc. (Verified) Google Inc
DfxSharedApp64.exe 0.01 2,612 K 5,748 K 3316 DFX (Verified) Power Technology
DfxSharedApp32.exe 0.01 1,696 K 5,420 K 3412 DFX (Verified) Power Technology
chrome.exe 0.01 39,840 K 51,200 K 5132 Google Chrome Google Inc. (Verified) Google Inc
TurboBoost.exe 0.01 2,800 K 7,232 K 4000 Turbo Boost Monitor Service Intel® Corporation (Verified) Intel® software
AvidAppManHelper.exe 0.01 241,664 K 165,924 K 1888 Avid Application Manager Helper Avid Technology, Inc. (No signature was present in the subject) Avid Technology, Inc.
lsass.exe 0.01 5,532 K 13,052 K 864 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 162,900 K 228,468 K 280 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.02 53,508 K 72,600 K 1820 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 141,852 K 149,304 K 3284 Google Chrome Google Inc. (Verified) Google Inc
cmdagent.exe 0.02 31,628 K 241,884 K 812 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
svchost.exe 0.03 26,876 K 43,524 K 1144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 159,856 K 190,556 K 5700 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.05 134,032 K 161,468 K 2396 Google Chrome Google Inc. (Verified) Google Inc
cistray.exe 0.06 9,476 K 5,796 K 1876 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
rpdsvc.exe 0.07 32,644 K 37,260 K 3784 RealTimes Desktop Service RealNetworks, Inc. (Verified) RealNetworks
audiodg.exe 0.11 23,424 K 23,364 K 1236 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.16 3,656 K 15,968 K 740 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.21 220 K 5,092 K 4
dwm.exe 0.36 127,692 K 65,936 K 1228 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
DFX.exe 0.36 20,208 K 22,392 K 932 (Verified) Power Technology
sidebar.exe 0.37 19,016 K 37,656 K 2992 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.47 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 1.97 34,932 K 56,484 K 2560 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 95.60 0 K 24 K 0
 
Sorry, I had to work.I'm still working on catching up with the fix.

  • 0

#9
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       500 N/A                                         
csrss.exe                      664 N/A                                         
csrss.exe                      740 N/A                                         
wininit.exe                    752 N/A                                         
winlogon.exe                   800 N/A                                         
services.exe                   856 N/A                                         
lsass.exe                      864 KeyIso, SamSs                               
lsm.exe                        872 N/A                                         
svchost.exe                    980 DcomLaunch, PlugPlay, Power                 
svchost.exe                    548 RpcEptMapper, RpcSs                         
cmdagent.exe                   812 CmdAgent                                    
svchost.exe                   1052 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                   1096 AudioEndpointBuilder, CscService, Netman,   
                                   PcaSvc, SysMain, TabletInputService, UxSms, 
                                   Wlansvc                                     
svchost.exe                   1120 EventSystem, FontCache, netprofm, nsi,      
                                   SstpSvc, WdiServiceHost                     
svchost.exe                   1144 Appinfo, BITS, Browser, EapHost, IKEEXT,    
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,     
                                   RasMan, Schedule, SENS, SharedAccess,       
                                   ShellHWDetection, Themes, Winmgmt           
audiodg.exe                   1236 N/A                                         
svchost.exe                   1272 gpsvc                                       
svchost.exe                   1436 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv                             
wlanext.exe                   1560 N/A                                         
conhost.exe                   1568 N/A                                         
spoolsv.exe                   1648 Spooler                                     
svchost.exe                   1688 BFE, DPS, MpsSvc                            
AdAppMgrSvc.exe               1796 AdAppMgrSvc                                 
taskhost.exe                  2032 N/A                                         
dwm.exe                       1228 N/A                                         
taskeng.exe                   1456 N/A                                         
explorer.exe                  1820 N/A                                         
cistray.exe                   1876 N/A                                         
armsvc.exe                    2104 AdobeARMservice                             
alg.exe                       2168 ALG                                         
aspnet_state.exe              2216 aspnet_state                                
BtwRSupportService.exe        2272 BcmBtRSupport                               
mDNSResponder.exe             2320 Bonjour Service                             
svchost.exe                   2340 bthserv                                     
btwdins.exe                   2360 btwdins                                     
svchost.exe                   2412 DiagTrack                                   
dgnsvc.exe                    2456 DragonSvc                                   
E_S50STB.EXE                  2480 EPSON_EB_RPCV4_04                           
E_S50RPB.EXE                  2532 EPSON_PM_RPCV4_04                           
EvtEng.exe                    2564 EvtEng                                      
fbserver.exe                  2688 FirebirdServerMAGIXInstance                 
RAVCpl64.exe                  2728 N/A                                         
wmdc.exe                      2740 N/A                                         
wweb32.exe                    2816 N/A                                         
UpdaterService.exe            2952 Live Updater Service                        
sidebar.exe                   2992 N/A                                         
DFX.exe                        932 N/A                                         
BTTray.exe                    3152 N/A                                         
rundll32.exe                  3400 N/A                                         
realsched.exe                 3416 N/A                                         
NitroPDFDriverService9x64     3592 NitroDriverReadSpool9                       
NLSSRV32.EXE                  3684 nlsX86cc                                    
PuranDefragS.exe              3748 PuranDefrag                                 
GoogleCrashHandler.exe        3776 N/A                                         
rpdsvc.exe                    3784 RealTimes Desktop Service                   
GoogleCrashHandler64.exe      3808 N/A                                         
RegSrvc.exe                   3832 RegSrvc                                     
svchost.exe                   3856 SDRSVC                                      
svchost.exe                   3900 stisvc                                      
TurboBoost.exe                4000 TurboBoost                                  
vmnat.exe                     3056 VMware NAT Service                          
DfxSharedApp32.exe            3412 N/A                                         
DfxSharedApp64.exe            3316 N/A                                         
vmnetdhcp.exe                 3800 VMnetDHCP                                   
vmware-authd.exe              3728 VMAuthdService                              
vmware-usbarbitrator64.ex     4740 VMUSBArbService                             
loggerservice.exe             4984 DragonLoggerService                         
vmware-hostd.exe              5072 VMwareHostd                                 
unsecapp.exe                  4116 N/A                                         
WmiPrvSE.exe                  4384 N/A                                         
SearchIndexer.exe             4796 WSearch                                     
svchost.exe                   3364 RapiMgr, WcesComm                           
svchost.exe                   1656 PolicyAgent                                 
AvidAppManHelper.exe          1888 N/A                                         
chrome.exe                     280 N/A                                         
chrome.exe                    1476 N/A                                         
chrome.exe                    1704 N/A                                         
chrome.exe                    3472 N/A                                         
chrome.exe                    4020 N/A                                         
chrome.exe                    5016 N/A                                         
chrome.exe                    4128 N/A                                         
chrome.exe                    4460 N/A                                         
chrome.exe                     540 N/A                                         
chrome.exe                    3284 N/A                                         
CLHNServiceForPowerDVD12.     5656 CLHNServiceForPowerDVD12                    
FABS.exe                      5752 Fabs                                        
NASvc.exe                     6132 NAUpdate                                    
cis.exe                       4592 N/A                                         
chrome.exe                    4788 N/A                                         
chrome.exe                    2396 N/A                                         
chrome.exe                    6364 N/A                                         
chrome.exe                    5700 N/A                                         
chrome.exe                    6344 N/A                                         
procexp.exe                   3480 N/A                                         
procexp64.exe                 2560 N/A                                         
cavwp.exe                     4308 N/A                                         
chrome.exe                    5132 N/A                                         
SearchProtocolHost.exe        6848 N/A                                         
SearchFilterHost.exe          5920 N/A                                         
cmd.exe                       6256 N/A                                         
conhost.exe                   5732 N/A                                         
tasklist.exe                  3696 N/A                                         
WmiPrvSE.exe                  6192 N/A                                         

  • 0

#10
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Specs scan text.

Attached Files


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Speccy is reporting higher than normal temps on the CPU and the Toshiba drive appears to  be sick.  The drive claims it has been dropped hard and also that it has an unbeliebeable number of bad sectors.  The Seagate drive is showing errors too but Seagates always show errors (and don't last very long). 

 

Speccy oftens reports temps that are higher than normal so let's get a second opinion:

 

Run Speedfan to monitor your temps in real time:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray. 

 

With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.

 

While in Speedfan we can ask it about your drive:

 

click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform an In-depth Online Analysis of this hard disk.  Your browser will open.

At the bottom of the new page will be a line:  

The link to get back and see a new report about this hard disk in the future is this.

Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).


Speedfan also has an Extended test but I'm not sure how good it is.  Worth trying  I guess.

There is an old program which supposedly works on all drives:
http://www.hgst.com/...pport/downloads

I would try it and see if it will run the extended or long test.


  • 0

#12
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

It says it got dropped? I had to replace the fan a few months ago. I gave it to my friend who is a service tech. The fan is working as far as I know. I am downloading the app to test it. But I haven't ever dropped my laptop. Now I'm worried.  Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01

Ran by Supermatt (09-05-2018 22:31:43)
Running from C:\Users\Supermatt\Desktop
Boot Mode: Normal
 
================== Search Files: "api-ms-win-core-synch-l1-2-0.dll" =============
 
C:\Windows\winsxs\x86_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.23175_none_4e12eb8b85dd5f41\api-ms-win-core-synch-l1-2-0.dll
[2016-02-01 21:57][2016-02-01 21:57] 000012128 _____ (Microsoft Corporation) FD9C6D2E90B3CF9C0D72F59B66EA1989 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.18972_none_4d8675c06cc24030\api-ms-win-core-synch-l1-2-0.dll
[2016-02-01 21:57][2016-02-01 21:57] 000012128 _____ (Microsoft Corporation) FD9C6D2E90B3CF9C0D72F59B66EA1989 [File is digitally signed]
 
C:\Windows\winsxs\x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8\api-ms-win-core-synch-l1-2-0.dll
[2018-01-29 22:13][2018-01-29 22:13] 000018736 _____ (Microsoft Corporation) ADABEAA966F32DA0740A4DC452CA5BD1 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.23175_none_aa31870f3e3ad077\api-ms-win-core-synch-l1-2-0.dll
[2016-02-01 21:57][2016-02-01 21:57] 000012128 _____ (Microsoft Corporation) 6B9E8A0DA794B28096305C1A081B5A97 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-u..rsalcrt-apifwd-win7_31bf3856ad364e35_6.1.7601.18972_none_a9a51144251fb166\api-ms-win-core-synch-l1-2-0.dll
[2016-02-01 21:57][2016-02-01 21:57] 000012128 _____ (Microsoft Corporation) 6B9E8A0DA794B28096305C1A081B5A97 [File is digitally signed]
 
C:\Windows\winsxs\amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2\api-ms-win-core-synch-l1-2-0.dll
[2018-01-29 22:12][2018-01-29 22:12] 000019248 _____ (Microsoft Corporation) 5AE5DF1CD8E8860B4D72B6EDA12BC204 [File is digitally signed]
 
C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
[2016-02-01 21:57][2016-02-01 21:57] 000012128 _____ (Microsoft Corporation) FD9C6D2E90B3CF9C0D72F59B66EA1989 [File is digitally signed]
 
C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
[2016-02-01 21:57][2016-02-01 21:57] 000012128 _____ (Microsoft Corporation) 6B9E8A0DA794B28096305C1A081B5A97 [File is digitally signed]
 
C:\Program Files (x86)\Calibre2\app\DLLs\api-ms-win-core-synch-l1-2-0.dll
[2017-06-09 10:56][2017-06-09 10:56] 000019136 ____R (Microsoft Corporation) 79C6C9048ACC2052959812DA2C20EEC3 [File is digitally signed]
 
C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll
[2017-11-18 19:05][2018-02-22 22:35] 000019256 _____ (Microsoft Corporation) 215C5909343C6EEF550C5BFB9859A542 [File is digitally signed]
 
 
====== End of Search ======

  • 0

#13
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Supermatt (10-05-2018 10:41:39) Run:1
Running from C:\Users\Supermatt\Desktop
Loaded Profiles: Supermatt (Available Profiles: Supermatt & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
Toolbar: HKLM-x32 - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} -  No File
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=cr&dcr=0&ei=2sKOWvWJNomi0QT0yb_oDw&fg=1","hxxps://duckduckgo.com/"
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2015-04-04] (Windows ® Win 7 DDK provider)
S2 memudrv; \??\C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
CMD: dir /a C:\Program Files (x86)\Br1S
2018-05-03 16:07 - 2018-05-03 16:07 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext1261804521494961108.dll
2018-05-08 06:43 - 2018-05-08 06:43 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext2009245552345696483.dll
2018-05-04 09:22 - 2018-05-04 09:22 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext2199720197495350632.dll
2018-05-03 16:47 - 2018-05-03 16:47 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext3019161824338952284.dll
2018-05-04 14:44 - 2018-05-04 14:44 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext4095260913454169706.dll
2018-05-03 15:12 - 2018-05-03 15:12 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5316181530305744407.dll
2018-04-20 08:14 - 2018-04-20 08:14 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5548591749658421109.dll
2018-05-03 20:29 - 2018-05-03 20:29 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext5805253463151181967.dll
2018-05-04 16:15 - 2018-05-04 16:15 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext6533485191856689063.dll
2018-05-03 21:58 - 2018-05-03 21:58 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext7179398710160451432.dll
2018-05-05 13:17 - 2018-05-05 13:17 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext8778474399459458408.dll
2018-05-07 23:11 - 2016-04-08 17:35 - 011441744 _____ (SurfRight B.V.) C:\Users\Supermatt\AppData\Local\Temp\HitmanPro.exe
2018-04-28 22:41 - 2018-04-28 22:41 - 001884616 _____ (Oracle Corporation) C:\Users\Supermatt\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-04-28 15:27 - 2013-02-21 06:17 - 000150600 _____ (Microsoft Corporation) C:\Users\Supermatt\AppData\Local\Temp\ose00000.exe
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers1: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers6: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
Task: {1A52B213-DA38-4CB7-BF83-8E1A4458448E} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {217CAB11-5A88-4B6B-8196-A4DB24ADE963} - System32\Tasks\{B81634CD-E33F-477E-BE2A-01BA37F57777} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {268EAEAA-A07B-4AA6-9162-C427C41DEB1D} - System32\Tasks\Update\ProxyUpdate => C:\Windows\Prefetch\AVG_PCTuneUp.exe <==== ATTENTION
Task: {2D159C88-B96E-48E4-87F6-84431EADC166} - System32\Tasks\{FDB7A662-A7D5-4A80-88F5-8A1C522277DD} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u65-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {62D1B557-2D88-412B-A8EE-670747BB8D9C} - \RealPlayer (32-bit)  -> No File <==== ATTENTION
Task: {9318C4DF-FB4C-4824-9DC9-A68C7E1F1356} - System32\Tasks\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microvirt\MEmu\uninstall\uninstall.exe" -c -u
Task: {A207CBFF-F373-4A2B-B8D7-218E07F1F27C} - System32\Tasks\{D7259A02-C46F-4BF8-AFFA-C68E495F17D5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {C9C4CB60-7785-4BFB-8AB1-7CEE5D431073} - System32\Tasks\{983DFDD9-AB89-45AD-8EFD-BAFE6774E08C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Security Task Manager\Setup.exe" -d "C:\Program Files (x86)\Security Task Manager"
Task: {E00DAAA3-C20A-4AAA-B36F-38F78DE05BA1} - System32\Tasks\{8902A5A3-54A0-4BBF-892E-12ED7A2F33E5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {E20FE766-DA34-4D12-92B8-EAA36B178DE7} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {F9A4D47A-3C11-494D-9AB2-342BFBEAC2BB} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
CMD: sc start BITS
CMD: sc config WMPNetworkSvc Start= disabled
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => removed successfully
HKLM\Software\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1DBAB667-A486-421e-AFE4-CF07DD0088E5}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{1DBAB667-A486-421e-AFE4-CF07DD0088E5} => not found
"Chrome StartupUrls" => removed successfully
"HKLM\System\CurrentControlSet\Services\WCMVCAM" => removed successfully
WCMVCAM => service removed successfully
"HKLM\System\CurrentControlSet\Services\memudrv" => removed successfully
memudrv => service removed successfully
"HKLM\System\CurrentControlSet\Services\VBoxNetFlt" => removed successfully
VBoxNetFlt => service removed successfully
 
========= dir /a C:\Program Files (x86)\Br1S =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
C:\Users\Supermatt\AppData\Local\Temp\ext1261804521494961108.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext2009245552345696483.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext2199720197495350632.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext3019161824338952284.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext4095260913454169706.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext5316181530305744407.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext5548591749658421109.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext5805253463151181967.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext6533485191856689063.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext7179398710160451432.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ext8778474399459458408.dll => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\HitmanPro.exe => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\jre-8u171-windows-au.exe => moved successfully
C:\Users\Supermatt\AppData\Local\Temp\ose00000.exe => moved successfully
"HKU\S-1-5-21-3797239318-1157007529-570800937-1000_Classes\ChromeHTML" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\B1ShellEx" => removed successfully
"HKLM\Software\Classes\CLSID\{76CF52AF-2B2D-4999-8CE8-495187BB11CD}" => removed successfully
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\B1ShellEx" => removed successfully
HKLM\Software\Classes\CLSID\{76CF52AF-2B2D-4999-8CE8-495187BB11CD} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A52B213-DA38-4CB7-BF83-8E1A4458448E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A52B213-DA38-4CB7-BF83-8E1A4458448E}" => removed successfully
C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{217CAB11-5A88-4B6B-8196-A4DB24ADE963}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{217CAB11-5A88-4B6B-8196-A4DB24ADE963}" => removed successfully
C:\Windows\System32\Tasks\{B81634CD-E33F-477E-BE2A-01BA37F57777} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B81634CD-E33F-477E-BE2A-01BA37F57777}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{268EAEAA-A07B-4AA6-9162-C427C41DEB1D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{268EAEAA-A07B-4AA6-9162-C427C41DEB1D}" => removed successfully
C:\Windows\System32\Tasks\Update\ProxyUpdate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\ProxyUpdate" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D159C88-B96E-48E4-87F6-84431EADC166}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D159C88-B96E-48E4-87F6-84431EADC166}" => removed successfully
C:\Windows\System32\Tasks\{FDB7A662-A7D5-4A80-88F5-8A1C522277DD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDB7A662-A7D5-4A80-88F5-8A1C522277DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62D1B557-2D88-412B-A8EE-670747BB8D9C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62D1B557-2D88-412B-A8EE-670747BB8D9C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayer (32-bit) " => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9318C4DF-FB4C-4824-9DC9-A68C7E1F1356}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9318C4DF-FB4C-4824-9DC9-A68C7E1F1356}" => removed successfully
C:\Windows\System32\Tasks\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A207CBFF-F373-4A2B-B8D7-218E07F1F27C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A207CBFF-F373-4A2B-B8D7-218E07F1F27C}" => removed successfully
C:\Windows\System32\Tasks\{D7259A02-C46F-4BF8-AFFA-C68E495F17D5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7259A02-C46F-4BF8-AFFA-C68E495F17D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9C4CB60-7785-4BFB-8AB1-7CEE5D431073}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9C4CB60-7785-4BFB-8AB1-7CEE5D431073}" => removed successfully
C:\Windows\System32\Tasks\{983DFDD9-AB89-45AD-8EFD-BAFE6774E08C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{983DFDD9-AB89-45AD-8EFD-BAFE6774E08C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E00DAAA3-C20A-4AAA-B36F-38F78DE05BA1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E00DAAA3-C20A-4AAA-B36F-38F78DE05BA1}" => removed successfully
C:\Windows\System32\Tasks\{8902A5A3-54A0-4BBF-892E-12ED7A2F33E5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8902A5A3-54A0-4BBF-892E-12ED7A2F33E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E20FE766-DA34-4D12-92B8-EAA36B178DE7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20FE766-DA34-4D12-92B8-EAA36B178DE7}" => removed successfully
C:\Windows\System32\Tasks\RealDownloader Update Check => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9A4D47A-3C11-494D-9AB2-342BFBEAC2BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9A4D47A-3C11-494D-9AB2-342BFBEAC2BB}" => removed successfully
C:\Windows\System32\Tasks\Java Platform SE Auto Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Platform SE Auto Updater" => removed successfully
 
========= sc start BITS =========
 
[SC] StartService FAILED 1056:
 
An instance of the service is already running.
 
 
========= End of CMD: =========
 
 
========= sc config WMPNetworkSvc Start= disabled =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
 
========= End of CMD: =========
 
 
==== End of Fixlog 10:48:32 ====

  • 0

#14
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Speed fan reports unloaded and loaded 

Attached Thumbnails

  • only speed fan load.JPG
  • Cpu under load (youtube in bg Chrome running).JPG

  • 0

#15
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by Supermatt (administrator) on SUPERMATT-PC (10-05-2018 13:34:33)
Running from C:\Users\Supermatt\Desktop
Loaded Profiles: Supermatt (Available Profiles: Supermatt & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Puran Software) C:\Windows\System32\PuranDefragS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
() C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
() C:\Program Files (x86)\SpeedFan\speedfan.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2015-01-10] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-14] (COMODO)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1328632 2015-12-25] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [353104 2017-09-16] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2015-01-11] (WordWeb Software)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [EPSON TX121 Series (Copy 4)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGI.EXE [224768 2016-05-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [GoogleChromeAutoLaunch_50818B30D6C98E2F19EF6E17C729E2E7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1586008 2018-04-26] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2017-08-25]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{99E377DB-D2D0-44A5-8533-AA8BE1381644}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-06-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-09-16]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.3.1
Tcpip\..\Interfaces\{4D667F57-0C7B-4433-8185-D6FCF6C28DC4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{91B9594E-1066-4CA0-B867-D2996DA72B2B}: [DhcpNameServer] 192.168.3.1 192.168.3.1
Tcpip\..\Interfaces\{E7FEDADC-9F33-43B5-A033-D31CF0FC7FBB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F0A0A4C6-46AF-48B0-962C-F8E4B085E072}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-08-17] (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-08-17] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF DefaultProfile: 9yuxk64l.default
FF ProfilePath: C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default [2018-05-09]
FF user.js: detected! => C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\user.js [2018-01-30]
FF Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF Extension: (AdBlock) - C:\Users\Supermatt\AppData\Roaming\Mozilla\Firefox\Profiles\9yuxk64l.default\Extensions\[email protected] [2018-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-01] [Legacy] [not signed]
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-09-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-09-16] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=cr&dcr=0&ei=2sKOWvWJNomi0QT0yb_oDw&fg=1","hxxps://duckduckgo.com/"
CHR Profile: C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default [2018-05-10]
CHR Extension: (Beatlab) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2018-01-13]
CHR Extension: (Docs) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-13]
CHR Extension: (Google Drive) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-13]
CHR Extension: (MEGA) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-05-05]
CHR Extension: (DuckDuckGo) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-05-05]
CHR Extension: (Audiotool) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2018-01-13]
CHR Extension: (YouTube) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-13]
CHR Extension: (Dragon Web Extension) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2018-02-03]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-13]
CHR Extension: (AdBlock) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-10]
CHR Extension: (Tab Cookies) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahecghojagkcoehfhfknajofkokndjm [2018-01-13]
CHR Extension: (Omnibox NCR) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohddgnpofoogkkjejnmcgleamcfbhhc [2018-02-22]
CHR Extension: (Flat - Music scores and guitar tabs editor) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg [2018-01-13]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-14] (COMODO)
S3 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)
S3 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2015-01-25] (MAGIX AG) [File not signed]
R2 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2015-01-25] (MAGIX®) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-04-16] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-04-16] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
R3 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-16] (RealNetworks, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2017-04-04] (Google Inc)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-10-16] (The OpenVPN Project)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2015-07-05] (CrystalIdea Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-02-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-02-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-02-01] (COMODO)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2016-03-29] (Wireless Data Device)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-05-05] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-12-25] (Windows ® Win 7 DDK provider)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-25] (Etron Technology Inc)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [32768 2017-04-04] (Google Inc)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2015-01-10] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-02-01] (COMODO)
S3 leusbser; C:\Windows\System32\DRIVERS\leusbser.sys [238080 2015-07-01] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-04-16] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2018-05-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-04-16] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
S3 plkusbser; C:\Windows\System32\DRIVERS\plkusbser.sys [113664 2008-01-23] (QUALCOMM Incorporated)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [49208 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2015-01-10] (Synaptics Incorporated)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-14] (The OpenVPN Project) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2015-05-17] (TOSHIBA Corporation) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2015-01-29] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-12-17] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-12-17] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-12-17] (Oracle Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
Error(1) reading file: "C:\Windows\System32\Tasks\RealPlayer (32-bit) "
2018-05-10 12:53 - 2018-05-10 13:01 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-05-10 12:53 - 2018-05-10 12:53 - 000001012 _____ C:\Users\Supermatt\Desktop\SpeedFan.lnk
2018-05-10 12:53 - 2018-05-10 12:53 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-05-10 12:35 - 2018-05-10 12:36 - 003086696 _____ C:\Users\Supermatt\Downloads\instspeedfan452 (1).exe
2018-05-10 10:41 - 2018-05-10 10:48 - 000014414 _____ C:\Users\Supermatt\Desktop\Fixlog.txt
2018-05-09 22:31 - 2018-05-10 10:41 - 000002776 _____ C:\Users\Supermatt\Desktop\Search.txt
2018-05-09 22:12 - 2018-05-09 22:30 - 000342012 _____ C:\Users\Supermatt\Desktop\SUPERMATT-PC.txt
2018-05-09 21:19 - 2018-05-09 21:19 - 000000801 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-05-09 21:19 - 2018-05-09 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-05-09 21:19 - 2018-05-09 21:19 - 000000000 ____D C:\Program Files\Speccy
2018-05-09 20:12 - 2018-05-09 20:14 - 006299336 _____ (Piriform Ltd) C:\Users\Supermatt\Downloads\spsetup131.exe
2018-05-09 06:36 - 2018-05-09 06:36 - 000009236 _____ C:\junk.txt
2018-05-09 06:35 - 2018-05-09 06:35 - 000011148 _____ C:\Users\Supermatt\Desktop\System Idle Process.txt
2018-05-08 19:46 - 2018-05-08 19:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Supermatt\Desktop\procexp.exe
2018-05-08 18:16 - 2018-05-08 18:18 - 000004085 _____ C:\VEW.txt
2018-05-08 14:12 - 2018-05-08 14:12 - 000042447 _____ C:\Users\Supermatt\Desktop\junk.txt
2018-05-08 06:49 - 2018-05-08 06:49 - 000061440 _____ ( ) C:\Users\Supermatt\Desktop\VEW.exe
2018-05-08 06:27 - 2018-05-08 06:27 - 020975616 _____ C:\Users\Supermatt\Documents\App log clear.evtx
2018-05-08 06:25 - 2018-05-08 06:25 - 020975616 _____ C:\Users\Supermatt\Documents\Event logs for system.evtx
2018-05-07 14:12 - 2018-05-08 19:15 - 000162686 _____ C:\Users\Supermatt\Desktop\Addition.txt
2018-05-07 14:03 - 2018-05-10 13:35 - 000026732 _____ C:\Users\Supermatt\Desktop\FRST.txt
2018-05-07 13:59 - 2018-05-07 13:59 - 000000000 ____D C:\Users\Supermatt\Desktop\FRST-OlderVersion
2018-05-06 10:26 - 2018-05-06 10:26 - 000000199 _____ C:\Users\Supermatt\Desktop\Windows P keys.txt
2018-05-05 16:42 - 2018-05-05 16:42 - 002125128 _____ C:\Users\Supermatt\Downloads\pxengine4_10_28a.zip
2018-05-05 16:38 - 2018-05-05 16:38 - 001593914 _____ C:\Users\Supermatt\Downloads\pxengine3_00_58a.zip
2018-05-05 16:02 - 2018-05-05 16:04 - 000079200 _____ C:\Users\Supermatt\Downloads\cdrom.inf_amd64_neutral_8363d00ecae4322d.zip
2018-05-05 13:22 - 2018-05-05 13:22 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2018-05-05 12:43 - 2018-05-05 17:40 - 000313962 _____ C:\Windows\ntbtlog.txt
2018-05-01 09:26 - 2018-05-01 09:26 - 000000000 ____D C:\RegBackup
2018-04-30 17:42 - 2018-04-30 17:42 - 000000000 ____D C:\Users\Supermatt\Desktop\revisi k 13 th 2016 dan 2017
2018-04-30 16:52 - 2018-05-03 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-04-30 16:50 - 2018-05-03 13:28 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-04-29 17:46 - 2018-04-29 17:46 - 000006460 _____ C:\Users\Supermatt\Documents\Going to the animal park.vpj
2018-04-29 17:46 - 2018-04-29 17:46 - 000000000 ____D C:\Users\Supermatt\Documents\VideoPad Projects
2018-04-28 14:49 - 2018-04-28 14:50 - 108967184 _____ (Microsoft Corporation) C:\Users\Supermatt\Downloads\OfficeLangPack2013_Indonesian_x86.exe
2018-04-23 13:36 - 2018-04-23 13:36 - 000001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2018-04-23 13:36 - 2018-04-23 13:36 - 000001139 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2018-04-23 13:36 - 2018-04-23 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2018-04-23 13:36 - 2018-04-23 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2018-04-22 13:22 - 2018-04-23 16:56 - 000000000 ____D C:\Users\Supermatt\Downloads\MEmu Download
2018-04-22 13:20 - 2018-04-23 19:36 - 000000000 ____D C:\Users\Supermatt\.MemuHyperv
2018-04-20 09:33 - 2018-04-21 11:35 - 000009872 _____ C:\Users\Supermatt\Documents\Elsha's Kitchen.xlsx
2018-04-19 10:59 - 2018-05-07 21:56 - 000000000 ____D C:\Users\Supermatt\AppData\Local\AvgSetupLog
2018-04-17 21:34 - 2018-04-19 10:44 - 000000000 ____D C:\AVG_Remover
2018-04-17 17:15 - 2018-01-06 01:50 - 000749664 _____ (Nitro Software, Inc.) C:\Windows\system32\NxPrinterMonitor11.dll
2018-04-16 18:24 - 2018-05-07 21:52 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-15 16:53 - 2018-04-15 16:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-15 16:43 - 2018-04-15 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-04-15 15:12 - 2018-04-15 15:12 - 000000000 ____D C:\Users\Supermatt\AppData\Local\ElevatedDiagnostics
2018-04-15 15:01 - 2018-04-15 15:01 - 000092993 _____ C:\Users\Supermatt\Downloads\o15-ctrremove.diagcab
2018-04-15 14:45 - 2018-04-15 17:51 - 000000000 ____D C:\Users\Supermatt\Desktop\temp ms office
2018-04-14 21:35 - 2018-04-15 04:44 - 524288000 _____ C:\Users\Supermatt\Downloads\sanet.cd_MS_Office_2016_Pro_Plus_VL_X64_MULTi-17_APRIL_2018_Gen2.zip.002
2018-04-13 16:35 - 2018-04-13 16:55 - 000000000 ____D C:\Games
2018-04-13 16:34 - 2018-04-15 13:36 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\.tlauncher
2018-04-11 18:51 - 2018-04-12 10:33 - 000000000 ____D C:\Program Files\Nitro
2018-04-11 18:00 - 2018-04-11 18:19 - 119860441 _____ C:\Users\Supermatt\Downloads\Nitro.Pro.Enterprise.10.5.9.9_x64.softarchive.la.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-10 13:34 - 2017-10-06 13:08 - 000000000 ____D C:\FRST
2018-05-10 13:28 - 2015-04-16 00:59 - 001474832 _____ C:\Windows\system32\Drivers\sfi.dat
2018-05-10 13:08 - 2009-07-14 11:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-10 13:08 - 2009-07-14 11:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-10 13:00 - 2014-01-12 19:27 - 000000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-05-10 12:59 - 2015-01-24 07:08 - 000000091 _____ C:\HaxLogs.txt
2018-05-10 12:58 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-10 12:57 - 2015-04-27 20:51 - 000088078 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-05-10 12:53 - 2015-02-18 15:47 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2018-05-10 10:46 - 2017-09-26 23:46 - 000000000 ____D C:\Windows\System32\Tasks\Update
2018-05-10 10:43 - 2015-05-17 02:48 - 000000000 ____D C:\Users\Supermatt\Documents\Bluetooth Exchange Folder
2018-05-09 21:19 - 2014-01-25 16:32 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\Nitro PDF
2018-05-09 19:47 - 2016-08-14 14:47 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\VMware
2018-05-09 19:47 - 2016-08-14 14:36 - 000000000 ____D C:\ProgramData\VMware
2018-05-09 19:47 - 2016-08-14 14:36 - 000000000 ____D C:\Program Files (x86)\VMware
2018-05-09 19:47 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-05-08 06:40 - 2015-09-14 17:03 - 000002976 _____ C:\Windows\System32\Tasks\Intel® GPA Monitor 13.3
2018-05-08 06:21 - 2016-03-16 00:20 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\WinPatrol
2018-05-08 06:21 - 2016-03-16 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-05-08 06:21 - 2016-03-16 00:18 - 000000000 ____D C:\ProgramData\InstallMate
2018-05-08 06:20 - 2016-05-08 23:33 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-08 00:25 - 2015-01-24 00:59 - 000000000 ____D C:\Program Files\Java
2018-05-08 00:07 - 2014-01-09 00:42 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-07 23:11 - 2016-01-31 03:35 - 000000000 ____D C:\Program Files\HitmanPro
2018-05-07 22:58 - 2014-09-01 21:31 - 000000000 ____D C:\Users\Supermatt\AppData\Local\Comodo
2018-05-07 22:35 - 2016-02-25 18:30 - 000001566 __RSH C:\ProgramData\ntuser.pol
2018-05-07 22:33 - 2018-01-29 22:11 - 000000000 ____D C:\ProgramData\Avg
2018-05-07 22:33 - 2015-03-01 14:27 - 000000000 ____D C:\Program Files (x86)\AVG
2018-05-07 21:54 - 2018-02-23 18:38 - 000004490 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-07 21:54 - 2014-06-23 22:59 - 000003014 _____ C:\Windows\System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73}
2018-05-07 21:54 - 2014-06-23 22:58 - 000003014 _____ C:\Windows\System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69}
2018-05-07 21:52 - 2017-12-19 21:07 - 000003236 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000
2018-05-07 21:52 - 2017-12-19 21:06 - 000003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000
2018-05-07 21:52 - 2014-12-06 13:06 - 000003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2018-05-07 21:51 - 2014-02-18 00:37 - 000003756 _____ C:\Windows\System32\Tasks\Real Player online update program
2018-05-07 17:09 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\vlc
2018-05-07 15:38 - 2017-10-04 19:15 - 000000000 ____D C:\Users\Supermatt\AppData\Local\CrashDumps
2018-05-07 13:59 - 2017-10-06 12:57 - 002406912 _____ (Farbar) C:\Users\Supermatt\Desktop\FRST64.exe
2018-05-07 13:53 - 2014-01-08 23:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-07 13:27 - 2014-01-10 22:23 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\tixati
2018-05-06 18:40 - 2009-07-14 12:13 - 000901690 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-06 18:29 - 2015-01-29 16:07 - 000003978 _____ C:\Windows\System32\Tasks\UALU notificatin
2018-05-06 18:01 - 2014-01-08 23:26 - 000000000 ____D C:\Users\Supermatt\AppData\Local\Apps\2.0
2018-05-06 13:23 - 2016-01-29 12:01 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-05-05 13:54 - 2014-01-08 23:27 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-05 13:54 - 2014-01-08 23:27 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-03 17:23 - 2018-01-01 11:47 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-03 17:23 - 2018-01-01 11:47 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-03 15:01 - 2014-01-08 20:52 - 000000000 ____D C:\Users\Supermatt
2018-05-03 15:00 - 2017-10-04 23:10 - 005300384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-03 14:57 - 2017-11-12 19:08 - 000000000 ____D C:\Windows\System32\Tasks\COMODO
2018-05-03 14:57 - 2016-02-08 14:12 - 000000000 ____D C:\Users\Administrator.Supermatt-PC
2018-05-03 14:57 - 2015-12-14 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-03 14:57 - 2015-12-14 00:01 - 000000000 ____D C:\Program Files\7-Zip
2018-05-03 14:57 - 2015-06-26 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-03 14:57 - 2014-01-12 13:55 - 000000000 ____D C:\Program Files\Common Files\Nitro
2018-05-03 14:57 - 2014-01-12 13:55 - 000000000 ____D C:\Program Files (x86)\Nitro
2018-05-03 14:57 - 2014-01-09 18:42 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-05-03 14:53 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\registration
2018-05-03 14:46 - 2014-02-17 10:33 - 000000000 ____D C:\ProgramData\Real
2018-05-01 08:17 - 2014-02-14 14:30 - 000000000 ____D C:\Users\Supermatt\Downloads\Compressed
2018-04-30 17:56 - 2015-05-05 23:41 - 000000000 ____D C:\Users\HomeGroupUser$
2018-04-30 17:56 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Guest
2018-04-30 17:55 - 2015-05-05 23:41 - 000000000 ____D C:\Users\Administrator
2018-04-30 06:16 - 2014-02-14 14:30 - 000000000 ____D C:\Users\Supermatt\Downloads\Video
2018-04-29 17:33 - 2014-02-21 18:50 - 000000000 ____D C:\ProgramData\Temp
2018-04-29 13:37 - 2014-01-12 14:54 - 000001915 _____ C:\Users\Supermatt\AppData\Roaming\SAS7_000.DAT
2018-04-28 22:21 - 2014-01-08 20:58 - 000180176 _____ C:\Users\Supermatt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-28 15:33 - 2014-01-09 18:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-28 15:33 - 2009-07-14 09:34 - 000000478 _____ C:\Windows\win.ini
2018-04-28 15:30 - 2011-04-12 15:28 - 000000000 ____D C:\Windows\ShellNew
2018-04-28 03:46 - 2016-03-10 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-04-23 19:38 - 2018-04-07 07:37 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-04-23 13:36 - 2018-04-07 07:36 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-04-22 13:19 - 2014-01-14 12:59 - 000000000 ____D C:\Users\Supermatt\.android
2018-04-19 17:47 - 2014-05-31 11:33 - 000000000 ____D C:\Users\Supermatt\Documents\Calibre Library
2018-04-17 16:55 - 2018-03-25 13:37 - 000001054 _____ C:\Users\Supermatt\Desktop\Puran Utilities.lnk
2018-04-17 15:48 - 2017-11-09 17:50 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-04-15 16:35 - 2014-01-09 18:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-15 16:25 - 2009-07-14 10:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-15 15:11 - 2014-01-09 18:41 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-15 13:37 - 2018-03-25 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Utilities
2018-04-15 13:37 - 2014-05-31 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2018-04-15 13:37 - 2014-01-09 18:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-04-15 13:36 - 2018-04-07 07:36 - 000000000 ____D C:\ProgramData\NCH Software
2018-04-15 13:24 - 2017-03-09 06:27 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\.minecraft
2018-04-15 13:12 - 2014-01-09 18:39 - 000000000 __RHD C:\MSOCache
2018-04-14 07:48 - 2018-04-07 07:37 - 000000000 ____D C:\Users\Supermatt\AppData\Roaming\NCH Software
 
==================== Files in the root of some directories =======
 
2015-01-03 00:20 - 2015-01-03 00:20 - 005404888 _____ (COMODO) C:\ProgramData\cis28B.exe
2016-02-27 11:20 - 2016-02-27 11:20 - 003429056 _____ (COMODO) C:\ProgramData\cis6DFC.exe
2017-11-12 09:05 - 2017-08-29 11:52 - 004784832 _____ (COMODO) C:\ProgramData\cisCB19.exe
2017-11-12 09:05 - 2017-08-29 11:56 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-08-17 14:59 - 2017-08-17 14:59 - 000000604 ____H () C:\Program Files (x86)\Br1S
2014-04-30 09:03 - 2014-04-30 09:03 - 002174976 ____N (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2017-08-21 23:48 - 2017-08-21 23:48 - 000000605 ____H () C:\Program Files (x86)\Common Files\Br4S
2016-08-02 21:33 - 2016-08-02 21:33 - 000000330 _____ () C:\Program Files (x86)\Common Files\eInstruction.ini
2017-08-17 23:20 - 2010-01-15 10:36 - 000075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2014-01-19 01:20 - 2014-06-18 00:57 - 004216840 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2017-08-16 18:01 - 2017-08-25 15:07 - 001562498 _____ () C:\Users\Supermatt\AppData\Roaming\AvidApplicationManager_Install.log
2016-08-03 13:58 - 2016-11-27 23:12 - 000001505 _____ () C:\Users\Supermatt\AppData\Roaming\evmanage.prf
2016-08-03 13:54 - 2016-11-27 22:55 - 000000074 _____ () C:\Users\Supermatt\AppData\Roaming\evplay.prf
2016-08-12 13:10 - 2018-03-26 17:47 - 000004086 _____ () C:\Users\Supermatt\AppData\Roaming\evpro32.prf
2014-01-12 14:54 - 2018-04-29 13:37 - 000001915 _____ () C:\Users\Supermatt\AppData\Roaming\SAS7_000.DAT
2015-05-02 23:29 - 2015-05-02 23:31 - 000047104 ___SH () C:\Users\Supermatt\AppData\Roaming\Thumbs.db
2016-02-09 17:39 - 2016-05-10 20:28 - 000000504 _____ () C:\Users\Supermatt\AppData\Roaming\Weather Monitor_Settings.ini
2016-05-29 16:30 - 2016-10-24 19:03 - 000019456 _____ () C:\Users\Supermatt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-17 23:37 - 2015-08-17 23:37 - 000000036 _____ () C:\Users\Supermatt\AppData\Local\housecall.guid.cache
2015-02-18 16:01 - 2015-07-31 10:02 - 000007603 _____ () C:\Users\Supermatt\AppData\Local\Resmon.ResmonCfg
2015-08-18 01:08 - 2015-08-18 01:08 - 000000010 _____ () C:\Users\Supermatt\AppData\Local\sponge.last.runtime.cache
2015-05-11 21:44 - 2015-05-11 21:46 - 000000000 _____ () C:\Users\Supermatt\AppData\Local\TaskMan.cmd.done
2014-07-16 20:27 - 2014-07-16 20:27 - 000000000 _____ () C:\Users\Supermatt\AppData\Local\{B6A17797-1312-4D71-B698-87AF7CAD21F9}
 
Some files in TEMP:
====================
2018-05-10 13:05 - 2018-05-10 13:05 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext3909189987930403250.dll
2018-05-10 12:54 - 2018-05-10 13:01 - 000192512 _____ () C:\Users\Supermatt\AppData\Local\Temp\sfamcc00001.dll
2018-05-10 13:01 - 2018-05-10 13:01 - 000158720 _____ () C:\Users\Supermatt\AppData\Local\Temp\sfareca00001.dll
2015-02-11 00:56 - 2015-02-11 00:56 - 000105984 _____ () C:\Users\Supermatt\AppData\Local\Temp\sfextra.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
 
LastRegBack: 2018-05-08 14:53
 
==================== End of FRST.txt ============================

  • 0






Similar Topics


Also tagged with one or more of these keywords: Slow system, Virus, Stressed, Help me please

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP